Firewall Wizards mailing list archives
SMTP to Firewall
From: "Coleman,Clayton L." <lcoleman () foxboro com>
Date: Thu, 27 Apr 2000 15:27:20 -0400
Objective: ---------- Using current hardware, obtain a more SECURE, reliable method for delivery of inbound mail to our company's SMTP servers. We're looking to have failover capability for incoming mail to the company (i.e. a 10, 20 and 30 MX record). Equipment: ---------- Checkpoint FW-1 4.0 (Solaris Platform) Three SMTP Servers Current Setup: -------------- MX record for our domain points to the external address of our firewall. When incoming servers hit the firewall, it directs the servers to one of our internal servers, based on a FW-1 resource. The resource is configured with the IP address of one of our internal SMTP servers. ->> We've come up with two options we're pursuing and I'd like to get some other opinions on how this might be done: Option A: --------- 1. Create a single MX entry for our domain which points to the external address of our firewall. 2. Configure the firewall so that it can route traffic to mail servers in the same manner that DNS does with MX records. (we're not seeking load-balancing, just fail-over) I'm not even sure this can be done or what are the security implications in such. Option B: --------- 1. Create three MX records for our domain, pointing to three different external IP addresses for our SMTP servers. 2. Configure the firewall w/NAT to point any of the three external SMTP IP addresses to the proper internal servers. This would allow our three MX records to point to three separate servers internally (using their external IP). ->> I'm open for suggestions. At present we have no DMZ environment configured for SMTP, but it's a possibility if I can give a strong argument for one! Thanks, Clayton L. Coleman, Network Analyst The Foxboro Company, Invensys IA lcoleman () foxboro com
Current thread:
- SMTP to Firewall Coleman,Clayton L. (Apr 28)