I am currently running the Traps ESM v4.1.2 console and core on a single Windows Server 2016 environment. I have been unable to get email notifications to send. When I send a test message within Settings > ESM > Email, I receive the error "Failed to send test message." My organization is using Google Apps / G-Suite, and I have ensured that our smtp-relay rule allows for all addresses to send through SMTP without requiring SMTP authentication or TLS encryption. Within the email settings on the ESM, I have provided a valid user account and password. I tried using smtp-relay.gmail.com and smtp.gmail.com on ports 25, 465, and 587.
Palo Alto Support has asked that I provide logs from Google's servers, which is not possible. Google support has assured me that nothing on their end should block smtp relays with my rule enabled. I am able to see the smtp traffic leave my network when I attempt to test notifications on the ESM. I also have several other services running on my network that use SMTP relay through Gmail and have no problems.
I would appriciate any advise on this issue. Thank you.
Got this to finally work by SMTP-Relay
Go to your Admin Console (admin.google.com) > Apps > G Suite > Gmail.
Then go to Advanced settings > Routing > SMTP relay services.
Next to the setting named "Internal Servers" > Click Edit.
Add the external IP address that will send the email and a range if it more then one
please check "Require TLS" and Save the setting
After you save the changes, please go to the application's setup and for Host server use: smtp-relay.gmail.com
And for port try again 587.
Make sure your user name is password is correct...
We are trying to enable Email Reporting on ESM server.
Filled all the required fields with correct information. Using the account which has accessibility to the SMTP Server.
Tried configuring with SSL Enabled and Disabled, but no luck. getting error - Failed to Send Test Message.
Attaching the error screen shot.
Kindly help getting this issue resolved..
I would recommend to reach out to Palo Alto support. Any of the support engineers would be more than happy to validate the settings for you, and answer any other questions you may have.
Just to inform the community about the solution of problem faced by "Sandeep_R":
I had a (long) case open with paloalto networks. They confirmed that they have changed the whole eMail Framework with ESM Update V4.2.3 to V4.2.4 (I could not find this in the release notes...). With that change they have a now confirmed bug with smtp servers without certificate AND without user authentication (before we used no certificate, no user auth). They promised to fix in upcoming V4.2.5. To workaround the problem I installed a valid certificate on my smtp receiver first. In addition I was not able to add user authentication in our prod environment and that is why paloalto networks support provided a engineering fix where I had to replace two dll's. For the momment it works - I will check after upgrdaing to V4.2.5 again...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!