This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nagaraja_cs
Contributor
‎2018-10-23 11:30 PM

MTA with TLS inspection

Hi Everyone,

I have configured MTA on Check Point with TLS inspection.Mail flow is like this

Logix----> Load Balancer----> Checkpoint.

Logix is hosting the mails on cloud which is pointing on Load Balancer public IP which is NATed to Check Point Gateway external IP.

Mails are not delivering to End users,Mail queue on Check Point is empty.

No errors in /var/log/maillog

Able to see continuous traffic on port 587 towards Check Point and reply from Check Point as well.

We are not able to Telnet Check Point with Port 587.

When we enable MTA on Checkpoint with TLS inspection,on which port it will expect the mails.

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-10-24 01:35 AM

Did you already consult sk108553: Mail Transfer Agent (MTA) - FAQ  and sk109699: ATRG: Mail Transfer Agent (MTA) ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nagaraja_cs
Contributor
‎2018-10-24 02:30 AM
In response to G_W_Albrecht

Hi Gunther,

In sk109699,it is mentioned that port 25 is the only supported port to send mails.

But customer wants to send mails from Logix to Gateway on port 587.

Expecting Checkpoint Gateway to receive on port 587.

Communication between Checkpoint Gateway and Logix should be on port 587 , is there any work around for this ?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-10-24 03:59 AM
In response to nagaraja_cs

Open an SR# with TAC for the issue - they can help if anyone can...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nagaraja_cs
Contributor
‎2018-10-24 04:07 AM

One more query related to MTA:We have two domains for which we want to enable MTA.

Can we use two different SSL certificates since there are two different domains.

I have got the link to merge the two certificates,but will it work for MTA with TLS inspection  for both the domains ?

openssl - Can I combine multiple certs into one without the private key? - Stack Overflow 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-10-24 04:36 AM
In response to nagaraja_cs

Please look into the ATRG - it says:There is no option to use multiple certificates for different mail servers.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top