Support Center > Search Results > SecureKnowledge Details
Possible connectivity problems on R75.47 Security Gateway caused by SMTP protocol parser
Symptoms
  • SMTP traffic is rejected when Anti-Virus, Anti-Bot or both blades are enabled.

  • SmartView Tracker shows the following reject logs for SMTP traffic:

    Product = Security Gateway/Management
    Service = smtp (25)
    Action = Reject
    Rule = number_of_the_rule_that_was_configured_to_accept_this_traffic
    Protocol = tcp
    Control = SMTP Policy Restrictions
    Information = information: Unexpected character
    Information = information: New line character is expected after carriage return
    Information = information: Queue size exceeded

  • IPS protection 'Non Compliant SMTP' that was configured in 'Prevent' mode may generate false positive drops for SMTP traffic.
Cause

R75.47 includes additional compliance checks for SMTP protocol. These checks might result in connectivity problems with some SMTP implementations.


Solution

This problem was fixed. The fix is included in:

Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade VSX / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).

 

For R75.47 version, Check Point can supply a Hotfix. Contact Check Point Support to get a Hotfix for this issue.
A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
For faster resolution and verification, please collect CPinfo files from the Security Management and Security Gateways involved in the case.

Table of Contents:

  • Hotfix
  • Workaround

 

Hotfix

Check Point offers a hotfix for this issue.

  • Show / Hide instructions - Gaia Portal

    Important Note for VSX mode: Gaia Portal is not supported on Security Gateway in VSX mode. Users must use the Clish.

    We recommend using CPUSE to install this hotfix.

    Note: Hotfix has to be installed on Security Gateway / each cluster member.

    1. Connect to the Gaia Portal on your machine.

    2. Obtain the lock over the configuration database (click on the lock icon at the top - near 'Sign Out').

    3. Navigate to the 'Software Updates' - 'Status and Actions' pane.

    4. Go to the 'Updates' tab to see the published hotfixes available for download.

    5. Select the Check_Point_HOTFIX_R75.47_017_SK94029.tgz package - right-click on it - click on 'Download' (this will download the hotfix to your machine).

    6. Right-click on the Check_Point_HOTFIX_R75.47_017_SK94029.tgz package - click on 'Install' (this will install the hotfix on the machine and display the installation status).

    7. When prompted for reboot (a pop up window appears), confirm to reboot the machine.


  • Show / Hide instructions - Gaia Clish

    Important Note for VSX mode: Gaia Portal is not supported on Security Gateway in VSX mode. Users must use the Clish.

    We recommend using CPUSE to install this hotfix.

    Note: Hotfix has to be installed on Security Gateway / each cluster member.

    1. Connect to Gaia command line (over SSH, or console).

    2. Log in to Clish shell.

    3. See the list of available packages for download:

      HostName> show installer available_packages

    4. Download this hotfix:

      HostName> installer download Check_Point_HOTFIX_R75.47_017_SK94029.tgz

    5. Check the download progress by repeatedly running this command:

      HostName> show installer package_status
      Outputs for example:
      Check_Point_HOTFIX_R75.47_017_SK94029.tgz - Downloading (2.95 MB/s)   - Progress: 6%
      Check_Point_HOTFIX_R75.47_017_SK94029.tgz - Available for install
      
    6. See the list of available packages for install:

      HostName> show installer available_local_packages

    7. Install this hotfix:

      HostName> installer install Check_Point_HOTFIX_R75.47_017_SK94029.tgz

    8. Check the installation progress by repeatedly running this command:

      HostName> show installer package_status
      Outputs for example:
      Check_Point_HOTFIX_R75.47_017_SK94029.tgz - Installing                - Progress: 3%
      Check_Point_HOTFIX_R75.47_017_SK94029.tgz - installed
      
    9. Machine will be rebooted automatically.


  • Show / Hide instructions - Gaia / SecurePlatform / Linux OS

     

    1. Hotfix has to be installed on Security Gateway / each cluster member.

    2. Download the relevant hotfix package:

      Platform R75.47
      Gaia / SecurePlatform / Linux OS (TGZ)


    3. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).

    4. Unpack the hotfix package:

      [Expert@HostName]# cd /some_path_to_fix/
      [Expert@HostName]# tar zxvf fw1_wrapper_HOTFIX_FOXX_HF_HA47_017.tgz

    5. Install the hotfix:

      [Expert@HostName]# ./fw1_wrapper_HOTFIX_NAME

      Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.

    6. Reboot the machine.


  • Show / Hide instructions - IPSO OS

    Contact Check Point Support for any assistance.

    1. Hotfix has to be installed on Security Gateway / each cluster member.

    2. Download the relevant hotfix package:

      Platform R75.47
      IPSO OS (TGZ)


    3. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).

    4. Unpack the hotfix package:

      [Expert@HostName]# cd /some_path_to_fix/
      [Expert@HostName]# tar zxvf fw1_wrapper_HOTFIX_FOXX_HF_HA47_017.tgz

    5. Install the hotfix:

      [Expert@HostName]# ./fw1_wrapper_HOTFIX_NAME

      Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.

    6. Reboot the machine.


  • Show / Hide instructions - Windows OS

    Contact Check Point Support for any assistance.

    1. Hotfix has to be installed on Security Gateway / each cluster member.

    2. Download the relevant hotfix package:

      Platform R75.47
      Windows OS (TGZ)


    3. Transfer the hotfix package to the machine (into some directory, e.g., C:\some_path_to_fix\).

    4. Use any application that works with archives to extract the contents of the TGZ file (e.g., WinRAR, WinZIP, 7-Zip, IZArc, TUGZip, etc.).

    5. Go into Disk_Images folder.

    6. Go into Disk1 folder.

    7. Right-click on the setup.exe file - click on 'Run as administrator'.

    8. Reboot the machine.

 

Workaround (both steps are required)

Show / Hide workaround instructions

  1. Modify the relevant Mail Security settings:

    1. Connect to command line on R75.47 Security Gateway (over SSH, or console).

    2. Backup the $FWDIR/conf/mail_security_config file:

      [Expert@HostName]# cp $FWDIR/conf/mail_security_config  $FWDIR/conf/mail_security_config_ORIGINAL

    3. Edit the $FWDIR/conf/mail_security_config file in Vi editor:

      [Expert@HostName]# vi $FWDIR/conf/mail_security_config

    4. Go to [mail_parser_config] section.

    5. Set the following values:

      • fail_close=0

      • track=0
        or
        track=-1


      Possible values and their meaning:

      Parameter Value Meaning
      fail_close 0 resume the connection
      1 reject the connection
      track -1 log
      0 no log
      1 alert


  2. Disable the IPS protection 'Non Compliant SMTP':

    If IPS Blade is enabled, then follow these steps:

    1. Connect with SmartDashboard to Security Management Server / Domain Management Server.

    2. Go to 'IPS' tab - expand 'Protections' - expand 'By Protocol' - expand 'IPS Software Blade' - expand 'Application Intelligence' - expand 'Mail' - expand 'SMTP'.

    3. Right-click on the 'Non Compliant SMTP' protection - click on 'Details...' - select the relevant IPS profile - click on 'Edit...' button.

    4. Select 'Override IPS Policy with:' - select either 'Inactive' or 'Detect'.

    5. Click 'OK' in all windows to apply the changes.

    6. Save the changes: go to 'File' menu - click on 'Save'.

    7. Install policy onto R75.47 Security Gateway.
Applies To:
  • 01202571 , 01203090 , 01205906 , 01228291 , 01419983 , 01438462

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment