[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Firewall log not consistant with rule base.
I have two rules that are referenced in the log file:
Number Source Destination Service
Action Track Install On Time
1 Any "mail server" smtp->SMTPscan (service
with resource) Accept Long Gateways Any
2 "mail server" Any SMTP smtp->SMTPscan
Accept Long Gateways Any
The resource is eSafe Protect Gateway configured as a CVP server.
There are entries in the log file that reference rule number 1. The
action is "Reject". The Info field contains: "Error notification:
originally orig_from <sender> orig_to <recipient> from <sender> to
<recipient>... The action for the rule is Accept, not Rject.
There are entries in the log file that reference rule number 2. The
action is also "Reject". the info field contains: "agent mail dequeuer
orig_from...
It is not clear to me how a rule that has as its action "accept" can
generate a "Reject" in the log file. Has any one else seen this? It is
also not clear to me how this can only affect a few sites. Most of my
E-mail is getting through, including this message.
Thanks,
David Hoobler
-----Original Message-----
From: Ilya Akinfiev [mailto:[email protected]]
Sent: Friday, September 01, 2000 10:19 PM
To: 'David E. Hoobler Jr.'
Subject: RE: [FW1] Firewall log not consistant with rule base.
what is in the 'info' field of the rejection msgs? is the esafe process
up
and running? are you using opsec authentication?
just a few things to look for
cheers
ilya
-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
David E. Hoobler Jr.
Sent: Friday, September 01, 2000 3:11 PM
To: [email protected]
Subject: [FW1] Firewall log not consistant with rule base.
I am getting SMTP rejections from a rule that has its action as
"Accept". I am scanning inbound and outbound messages for viruses with
E-safe. There are several sites that can not send to. All SMTP
packets are reported as rejected in the log.
Pulling my hair out in Houston,
David Hoobler
========================================================================
====
====
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
========================================================================
====
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================