Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

SMTP over 587

One of our server is trying to access the domain "smtp.office365.com" with port 587. We configured Domain object and could see there are some intermittent drop in the firewall by the CLEAN UP RULE.

In the port 587, protocol SMTP is selected and after that we couldn't see drop but the traffic being bypassed.

Please explain by  adding the protocol why the traffic is being bypassed.

 

 

 

0 Kudos
8 Replies
Highlighted
Sapphire

I would suggest that you should:

- Explain the first configuration including defined objects, their definition and the used rule(s)

- explain how you have changed what where for the second configuration

-. explain the differences in behavior of both configurations and what you mean with bypassed traffic ?

0 Kudos
Highlighted
Nickel

Hi,

PLz see the attachment

In the attachment,  server  needs to reach Domain Objects  with port 587 and there were drops in the logs.

As the port 587 is SMTP, we added the protocol SMTP in the corresponding port.

After that the traffic is bypassed in the logs its showing.

 

In the attachment you can understand whats going on.

 

 
 
 
0 Kudos
Highlighted
Sapphire

As i do not see the drop logs i can not assume a reason for the drops - but what is meant with bypass ? I only know bypass behavior from TP, an access rule can only accept, reject or drop...

0 Kudos
Highlighted
Gold

I think the bypass action comes from applicationcontrol. SMTP on Port 587 is Encrypted SMTP. And I think the firewall is smart enough to detect the first connection on standard port 25 and then after seeing a StartTLS command moving to port 587.But doing a bypass because the connection is encrypted and can‘t be inspected without MTA on the gateway.

If you could show us more from the log we can see more needed details.

Wolfgang

0 Kudos
Highlighted
Nickel

The  drop is happening in the Final Clean UP RULE and in "fw ctl zdebug drop"it show only the clean up rule block.

Removing the Domain Object  in the rule and when giving the resolvable IP in the destination there is no drop.

So is something happening with the the Domain Object or the port 587.

0 Kudos
Highlighted
Admin
Admin

@sajin Much more likely, your domain object cannot be resolved on your FW. Did you check if it is there?

0 Kudos
Highlighted
Nickel

The drop is not happening regularly its intermittent. Among 7-10 accept packet we getting two drop packets.

Tried "fw up_execute" command and the IP is matching with the corresponding rule.

nslookup  is working from the firewall.

0 Kudos
Highlighted
Admin
Admin

The drops with Domain Objects points to intermittent DNS lookup failures, as we do look it up periodically.
Recommend opening up a TAC case.
0 Kudos