topic Re: Configuring DynamicID to use Internal SMTP server in Firewall and Security Management

Configuring DynamicID to use Internal SMTP server

chuka01 — Thu, 16 Apr 2026 09:16:40 GMT

We are currently configuring dynamicID on a remote access gateway. I have tested with cloud SMTP servers (Sendgrid and AWS SES), and the OTPs were delivering on the R80.40 gateway.

However, we have an internal SMTP relay, and we want to use that instead. We have tested, and the error says "dynamicId sending failure, press r to retry".

The logs show that SMTP traffic was sent to the Internal relay and we have whitelisted the IPs of the gateway, but no OTPs are being delivered. Our network topology is Checkpoint Security gateways on the perimeter, and Palo Alto firewalls to filter internal traffic.

No traffic logs show traffic from the checkpoint gateway to the SMTP relay on Palo Alto either. A major reason for using the internal SMTP relay is because our ISPs here block SMTP traffic over port 587, and so we cannot ideally use the cloud SMTP servers.

Thanks for reading through, and for your assistance. I can provide any more information as needed. Thanks.

Re: Configuring DynamicID to use Internal SMTP server

simonemantovani — Thu, 16 Apr 2026 09:36:57 GMT

To be honest I never tested id but you should configure the SMTP in the Dynamic ID Settings section within the VPN CLients -> Authentication.

See attached screenshots.

Re: Configuring DynamicID to use Internal SMTP server

chuka01 — Thu, 16 Apr 2026 09:43:37 GMT

Hello Simone, thanks for responding. I have done this and tested with some cloud SMTP servers (Sendgrid and AWS SES). However I am trying to integrate with our internal SMTP relay, is where i am getting the issue from. The traffic is leaving checkpoint on the eth2 interface (10.45.10.3) and is showing accepted in logs, but this traffic never gets to the SMTP relay, or shows up in our Palo Alto internal firewall logs.

Re: Configuring DynamicID to use Internal SMTP server

simonemantovani — Thu, 16 Apr 2026 09:46:18 GMT

Well, if the traffic leaves the Check Point, the issue is outside the firewall; 10.45.10.3 is the VIP address or the IP address of the physical interface?

If it's not the VIP, then you should check traffic coming from the VIP address on your SMTP server and PAN firewall.

Re: Configuring DynamicID to use Internal SMTP server

chuka01 — Thu, 16 Apr 2026 10:03:11 GMT

Thanks for your response. 10.45.10.3 is the physical IP address. I will check for traffic coming from the VIP and come back, thanks.'

Re: Configuring DynamicID to use Internal SMTP server

chuka01 — Thu, 16 Apr 2026 15:50:29 GMT

Hello @simonemantovani , 10.45.10.3 was the physical IP. searching by the VIP resolved the issue, so i created a rule allowing traffic from that IP. Now i just have to troubleshoot why the SMTP server is not sending the OTP, thank you.