How to push rule for Firewall itself

[Scrif]

We use dashboard to manage multiple Checkpoint/Nokia Firewall-1 firewalls. I want to enable email alerts (via global properties). I DO NOT have the implied rule enabled permitting the firewall to talk to anything it wants. My questions are:

1. Do I create a rule permitting the 'Firewall Manager' to talk to our Mail server?
2. As the rule is for the Firewall Manager, do I need to put this rule in each Firewall policy? Or is there a separate policy for the firewall manager?

Thanks

[dantro]

I assume you speak of SmartCenter Server (SCS) when writing 'Firewall Manager'. Place a rule that allows all E-mail communication between it and your internal mail server into all security policies that relate to policy installation targets where the traffic has to pass through.

Best regards,
Danny Trommer
CCSA/CCSE/CCSE+

[Scrif]

Thanks. Yes, I did mean SmartCenter Server - I guess maybe I dont understand the way it works. So is the SCS just a node on my network? ie: It doesnt have its own policy, but is permitted to talk to stuff via a firewall policy (and this policy could be on a firewall that it may even manage)?

Thanks again.

[dantro]

That depends on your configuration. The SCS can run on the same host where the enforcement module is installed. In this case it would be a firewall node. Otherwise it would just be a management host without any firewall functions. To check this out, run this command on your SCS: fw ver; fw stat
If it says that it's not a firewall, then it's just a management host.

Next if your SCS is in the same network where your internal mail server resides you don't require any additional rules. So you are almost done.

In the case that your SCS is localed in a different network you'll need to tell your firewall node to pass the mail traffic from it to your mail server. Therefore an additional rule is required that needs to be installed on the firewall node (enforcement module).

Best regards,
Danny Trommer
CCSA/CCSE/CCSE+