AnsweredAssumed Answered

Why does it take 8-10 minutes to get through after protect(inline) mode is enabled

Question asked by Kim Moberg on Jan 12, 2019
Latest reply on Jan 20, 2019 by Abigael Saal Levy

Hi CheckMates

Since last week I have been running CloudGuard SaaS for Office 365 in policy mode “Monitoring”.

 

I have been preparing to setup Protect (inline) accordingly CloudGuard SaaS manual.

This mean that I have to create a group and add a limited users (3-5 users) which are affected by the Protect (inline) rule.

I have on the example below disabled the protect(inline) policy rule because of delivery time of 8-10 minutes. But when testing it is running.

 

Next I have in Exchange Online Control Panel under Mailflow added a traffic rule again accordingly to CloudGuard SaaS for Office 365 manual. Instead of using recipient is “inside organisation” for all uses, I have used my newly created group.

 

When I enable Exchange Online transport rule “Check Point - Protect” and in CloudGuard SaaS policy enable Protect (inline) and set flag to manually Control Ip exempt to hinder mail loops.

 

As a test I am e-mailing from Gmail to my business e-mail. It talkes forever to arrive. After multiple tests it tales exactly 9 minuts to arrive. I have read in the manual that fail-close ends after 10 minutes.

Before Check Point Protect mailflow traffic rule and Protect (inline) policy being enabled it tolk less than 30-60 seconds to arrive in my business e-mail mailbox.

As soon I disable setup everything works as before.

 

Note! I am in a transition of moving from Sandblast for O365 to CloudGuard SaaS. So I am actually having two systems running. As soon as CloudGuard SaaS delivery of e-mails gets normalized I will remove Sandblast for O365.

I have checked the e-mail headers and I can see delivery time from Check Point Protect mailflow delivers to check Point Amazon AWS instans it takes 8 minutes.

 

This is a screenshot of e-mail header analyzer from mxtoolbox.com

Here you see it takes 8 minutes to delivery e-mail from ip-10-155-236-16.ec2.internal 10.10.6.28

 

Why does it take 8-10 minuts to get through after protect(inline) mode is enabled. Is this normal behaviour?

 

Do I have a conflict between Sandblast for O365 and CloudGuard SaaS? Can anyone help? 

 

Thanks

Kim

Outcomes