Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nagaraja_cs
Contributor

MTA with TLS inspection

Hi Everyone,

I have configured MTA on Check Point with TLS inspection.Mail flow is like this

Logix----> Load Balancer----> Checkpoint.

Logix is hosting the mails on cloud which is pointing on Load Balancer public IP which is NATed to Check Point Gateway external IP.

Mails are not delivering to End users,Mail queue on Check Point is empty.

No errors in /var/log/maillog

Able to see continuous traffic on port 587 towards Check Point and reply from Check Point as well.

We are not able to Telnet Check Point with Port 587.

When we enable MTA on Checkpoint with TLS inspection,on which port it will expect the mails.

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend

Did you already consult sk108553: Mail Transfer Agent (MTA) - FAQ  and sk109699: ATRG: Mail Transfer Agent (MTA) ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nagaraja_cs
Contributor

Hi Gunther,

In sk109699,it is mentioned that port 25 is the only supported port to send mails.

But customer wants to send mails from Logix to Gateway on port 587.

Expecting Checkpoint Gateway to receive on port 587.

Communication between Checkpoint Gateway and Logix should be on port 587 , is there any work around for this ?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Open an SR# with TAC for the issue - they can help if anyone can...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nagaraja_cs
Contributor

One more query related to MTA:We have two domains for which we want to enable MTA.

Can we use two different SSL certificates since there are two different domains.

I have got the link to merge the two certificates,but will it work for MTA with TLS inspection  for both the domains ?

openssl - Can I combine multiple certs into one without the private key? - Stack Overflow 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Please look into the ATRG - it says:There is no option to use multiple certificates for different mail servers.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events