- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
The customer has one MTA configured for a domain on the TE2000X appliance. For MTA load balancing we have followed sk110369 and used the config script. Now we would like to configure a 2nd MTA for a new domain. Can we follow the same procedure for this ?
Are multiple MTA^s supported for Threat Emulation/Extraction on TE2000x?
can we add another domain on DNS loadbalancing
Yes you follow the same procedure on the second appliance also.
For multiple domains, you would configure rules as shown in the ATRG: ATRG: Mail Transfer Agent (MTA)
if customer having TLS for both domain , can we import 2 certificates. i can only see the option of importing one certificate
Hi Thomas,
multiple certificate support is on the roadmap. If it is a critical issue please contact your local SE and discuss opening a RFE. Workaround would be the setup of an additional MTA e.g. on a virtual machine or VSX.
Regards Thomas
I think it is possible, look at this sk110369.
Configure the relevant mail forwarding rules:
To configure a single mail forwarding rule:
[Expert@HostName:0]# ./dns_mail_forwarding.sh -d <Domain_Name> -n <NextHop_DNS_Name>
Example:
[Expert@HostName:0]# ./dns_mail_forwarding.sh -d "*" -n checkpoint.com
Note that for a single mail forwarding rule, double-quotes are required for using asterisk (*) as the domain.
To configure multiple mail forwarding rules:
Create a configuration file with the relevant mail forwarding rules:
[Expert@HostName:0]# touch /<path_to>/<name_of_file_with_mail_forwarding_rules>
It is recommended to place this file in the same directory with the dns_mail_forwarding.sh shell script.
Add the relevant mail forwarding rules into the configuration file:
[Expert@HostName:0]# vi /<path_to>/<name_of_file_with_mail_forwarding_rules>
Each line in this file represents a single mail forwarding rule using the following format:
<Domain_Name> <NextHop_DNS_Name>
Example:
* checkpoint.com
support.checkpoint.com supportcheckpoint.com
Note: A line "acme.com [192.168.80.80]" will cause all mails destined for "acme.com" to be forwarded to the mail server "192.168.80.80" without doing an MX lookup.
Load the mail forwarding rules from the configuration file:
[Expert@HostName:0]# ./dns_mail_forwarding.sh -f /<path_to>/<name_of_file_with_mail_forwarding_rules>
To revert to the original mail forwarding configuration:
[Expert@HostName:0]# ./dns_mail_forwarding.sh -r
Recently I applied this configuration on a customer, very good Edes, thank you!
With R80.20 you can even do this in the GUI with a domain object:
Now MTA will forward all emails with recipient domain "acme.com" via DNS MX resolution for acme.com.
So in DNS you could e.g. add to MX entries with similar weigth for acme.com to do load balancing.
Be sure to install latest MTA take as there was an issue in earlier versions.
Regards Thomas
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY