Since last week I have been running CloudGuard SaaS for Office 365 in policy mode “Monitoring”.
I have been preparing to setup Protect (inline) accordingly CloudGuard SaaS manual.
This mean that I have to create a group and add a limited users (3-5 users) which are affected by the Protect (inline) rule.
I have on the example below disabled the protect(inline) policy rule because of delivery time of 8-10 minutes. But when testing it is running.
Next I have in Exchange Online Control Panel under Mailflow added a traffic rule again accordingly to CloudGuard SaaS for Office 365 manual. Instead of using recipient is “inside organisation” for all uses, I have used my newly created group.
When I enable Exchange Online transport rule “Check Point - Protect” and in CloudGuard SaaS policy enable Protect (inline) and set flag to manually Control Ip exempt to hinder mail loops.
As a test I am e-mailing from Gmail to my business e-mail. It talkes forever to arrive. After multiple tests it tales exactly 9 minuts to arrive. I have read in the manual that fail-close ends after 10 minutes.
Before Check Point Protect mailflow traffic rule and Protect (inline) policy being enabled it tolk less than 30-60 seconds to arrive in my business e-mail mailbox.
As soon I disable setup everything works as before.
Note! I am in a transition of moving from Sandblast for O365 to CloudGuard SaaS. So I am actually having two systems running. As soon as CloudGuard SaaS delivery of e-mails gets normalized I will remove Sandblast for O365.
I have checked the e-mail headers and I can see delivery time from Check Point Protect mailflow delivers to check Point Amazon AWS instans it takes 8 minutes.
This is a screenshot of e-mail header analyzer from mxtoolbox.com
Here you see it takes 8 minutes to delivery e-mail from ip-10-155-236-16.ec2.internal 10.10.6.28
Why does it take 8-10 minuts to get through after protect(inline) mode is enabled. Is this normal behaviour?
Do I have a conflict between Sandblast for O365 and CloudGuard SaaS? Can anyone help?