General discussion

Locked

Firewall-1 and Outlook Web Access - Crea

By JP. ·
I have been given the honour of trying to allow access to our Exchange 5.5 server's Outlook Web Access through the Checkpoint Firewall-1...lucky me.

I found a document at the Checkpoint site but it only told me how to create objectsfor a HTTP connection through not a HTTPS connection and not the rules I should use.

My little old rules have failed and nothing good is coming from this. Does anyone know what I should be doing or can point me to a more instructive article?

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Firewall-1 and Outlook Web Access - Crea

by Philip Reay In reply to Firewall-1 and Outlook We ...

Hi JP

I'm not sure if this is what you looking for, but it should point you along the right road.

I'm not quite sure what you mean by creating an object for HTTPS connections, as this protocol is already defined within FW-1 services list. Allyou really have to do is select it from the list.

As for the actual rule, it shouldn't be that difficult and should look something like this:
Src Dest Proto Access Logging
ANY MXServername HTTPS ALLOW LOG

you may also what to add the following rule
MXservername ANY HTTPS ALLOW LOG

The other option is to allow all HTTPS and HTTP traffic to you MXserver (in a controlled environment- you do NOT want to do this on the internet) and select either full logging or account logging.

Once you have connected to the exchnange server a couple of times, you can review the logs, look what protocols and addresses are in use and formulate your rulebase like that.

Once again I repeat, do this from a controlled environment, you may want to give only your pc's ip permission to access the exchange server on any port and then review the logs. You do not want to leave this open to the Internet nor the people within you org.

Hope tha helps you out
Cheers
Philip

Collapse -

Firewall-1 and Outlook Web Access - Crea

by Shanghai Sam In reply to Firewall-1 and Outlook We ...

Poster rated this answer

Collapse -

Firewall-1 and Outlook Web Access - Crea

by Some Guy in Seattle In reply to Firewall-1 and Outlook We ...

If you have the OWA server on the same machine as Exchange, then it is a matter of defining a rule "any, mailserver, https, log". HTTPS should already be defined in the services database.

If your OWA server is on a different device AND on a different interface of the firewall (in a DMZ, for instance) this is much more complex so I will refer you to the following:

http://support.microsoft.com/support/kb/articles/q280/1/32.asp

http://support.microsoft.com/support/kb/articles/Q238/9/54.ASP

http://support.microsoft.com/support/kb/articles/Q259/2/40.ASP

Hope that helps,

Collapse -

Firewall-1 and Outlook Web Access - Crea

by Shanghai Sam In reply to Firewall-1 and Outlook We ...

Poster rated this answer

Collapse -

Firewall-1 and Outlook Web Access - Crea

by Tyrann In reply to Firewall-1 and Outlook We ...

The FAQ is here:
http://www.deathstar.ch/security/fw1/Services/FAQ0234.htm

Collapse -

Firewall-1 and Outlook Web Access - Crea

by Shanghai Sam In reply to Firewall-1 and Outlook We ...

Poster rated this answer

Collapse -

Firewall-1 and Outlook Web Access - Crea

by JP. In reply to Firewall-1 and Outlook We ...

This question was closed by the author

Back to Security Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums