- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi,
I configured the MTA on a CP 5800 Cluster running on R80.10. The customer want to evaluate the Sandblast Feature and therefore asked me to implement the feature. I followed the Admin Guide and everything seems to work. Design looks like this:
Mail gateway (10.223.181.X) -> forwards Mails to MTA -> then forwards them to the Exchange DAG (10.223.181.X)
But when we tested the connection (telnet 10.223.181.X 25) between the Firewall Cluster and his Exchange DAG - we received the following error: "421 4.3.2 Service not available"
It seems that the current receive connector at the Exchange DAG did not accept connections from the Check Point MTA. But that didn’t made any sense to me since the Mail gateway, Check Point and the Exchange DAG are in the same subnet. So I thought the MTA would send out mails via the Gateway IP Address in that subnet. So we changed the receive connector policy to accept connections from any subnet. That worked and we could test send an mail from the MTA to the Exchange Server. Within the mail header information we found out that the IP Address that was used to send the mail was from a complete different subnet.
My question: Is there a way to define which interface has to be used by the MTA for forwarding mails?
Check if nothing being drop on the GW for this connectivity
Check if nothing being drop on the GW for this connectivity
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY