Exchange emails stopped working due to zone protection profile

L3 Networker

Exchange emails stopped working due to zone protection profile

 Hi All 

 

Emails from inhouse exchange server is not getting delivered to target email ID or either getting delayed . 

I have configured the secuirty policy with no security profile attached and the traffic is showing as allowed was suspecting that it might be getting blocked or dropped due to some security profile .

once i remove zone protection profile the issue is getting resolved and the email are getting delivered properly to the target email id.

As the zone protection profile has multiple options , please advise if there is any specific option which i can disable to resolve this issue , as of now there is no profile mapped to the zone . 

 

one of the suspected option is asymetric path if it is set to drop then fw might be droping the connection but this shoule happen with all the email user and as per the senario it is only happening with certain user and certain domain . 

Community Manager

Re: Exchange emails stopped working due to zone protection profile

hi @Rameshwar

 

the zone protection settings would not 'just' block exchange unless there is something 'wrong' with the connections or there is an unerlying different issue

 

asymmetric path is also a system wide setting that is in place unless you choose to disactivate it globally or via a zone protection profile. there should however be indicators of what went wrong, did you enable filters and did you verify global counters? were there any 'odd' system logs or threat logs?

how did you configure your zone protection ?

 

please check out this article: https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Packet-Capture/ta-p/72069 it can help you get on your way to analyze the issue


Help the community: Like helpful comments and mark solutions
Reaper out
L7 Applicator

Re: Exchange emails stopped working due to zone protection profile

@Rameshwar,

Zone Protection by itself really doesn't cause issues if properly configured, it can however bring issues already present into light. As @reaper already pointed out knowing how you actually have your zone protection configured would be helpful, but it could easily be a wider configuration issue that zone protection is simply bringing to the surface. 

If you can identify and provide any system or threat logs that were associated with this event, and provide the configuration of your zone protection profile, it would go a long way in helping to identify the possible issue. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!