https://live.paloaltonetworks.com/t5/general-topics/nat-rules-for-email-exchange-email-gateway/m-p/330715#M83818 <P>Ok, so after lot of checking.</P><P>turned out to be ARP on the Router was keeping the exchange IP address with the old Firewall MAC address which caused the traffic from the exchange to be dropped.</P><P>&nbsp;</P><P>all I had to do is to change ARP age out time to 30 seconds.</P><P>&nbsp;</P><P>all is good and the rules were correct.</P> Sun, 31 May 2020 10:48:01 GMT Samerrafidsaleem 2020-05-31T10:48:01Z https://live.paloaltonetworks.com/t5/general-topics/nat-rules-for-email-exchange-email-gateway/m-p/329600#M83658 <P>Hi Everyone,</P><P>&nbsp;</P><P>I have two IP addresses used for inbound/outbound emails on our email gateway.</P><P>I have created the attached rules NAT and Security and I wanted to get opinions if its correct because I tested it and it seems something wrong that prevent emails from in/outbounding and even the web mail access did not work...your advice please.</P><P>thanks</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="NAT Rules.JPG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/25810i046921754A50410E/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="NAT Rules.JPG" alt="NAT Rules.JPG" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Security policy.JPG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/25809i4F6C1EAB072029EB/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Security policy.JPG" alt="Security policy.JPG" /></span></P> Sat, 23 May 2020 10:02:48 GMT https://live.paloaltonetworks.com/t5/general-topics/nat-rules-for-email-exchange-email-gateway/m-p/329600#M83658 Samerrafidsaleem 2020-05-23T10:02:48Z https://live.paloaltonetworks.com/t5/general-topics/nat-rules-for-email-exchange-email-gateway/m-p/329644#M83667 <P>Hello,</P><P>I'm sure there is a reason you have two external IP's for this? But it can be accomplished with one. Check out this article on NAT.</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllzCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllzCAC</A></P><P>Hope it helps.</P> Sat, 23 May 2020 16:51:39 GMT https://live.paloaltonetworks.com/t5/general-topics/nat-rules-for-email-exchange-email-gateway/m-p/329644#M83667 OtakarKlier 2020-05-23T16:51:39Z https://live.paloaltonetworks.com/t5/general-topics/nat-rules-for-email-exchange-email-gateway/m-p/329646#M83668 <P>Hi</P><P>I have one external IP, but two private ip addresses for the email gateway&nbsp;</P><P>first ip for outbound 172.16.16.22</P><P>second for inbound 172.16.16.23</P><P>these in dmz</P><P>and for web mail access for the exchange I have 10.211.0.30 which is on the inside interface.</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 23 May 2020 18:01:12 GMT https://live.paloaltonetworks.com/t5/general-topics/nat-rules-for-email-exchange-email-gateway/m-p/329646#M83668 Samerrafidsaleem 2020-05-23T18:01:12Z https://live.paloaltonetworks.com/t5/general-topics/nat-rules-for-email-exchange-email-gateway/m-p/330715#M83818 <P>Ok, so after lot of checking.</P><P>turned out to be ARP on the Router was keeping the exchange IP address with the old Firewall MAC address which caused the traffic from the exchange to be dropped.</P><P>&nbsp;</P><P>all I had to do is to change ARP age out time to 30 seconds.</P><P>&nbsp;</P><P>all is good and the rules were correct.</P> Sun, 31 May 2020 10:48:01 GMT https://live.paloaltonetworks.com/t5/general-topics/nat-rules-for-email-exchange-email-gateway/m-p/330715#M83818 Samerrafidsaleem 2020-05-31T10:48:01Z