- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-18-2014 04:39 PM
We are brand new to Palo Alto and are configuring our first device, a PA-3020. We've been trying to configure a NAT policy that will direct inbound email to our Exchange server. Outbound email seems to work fine. Inbound email doesn't seem to be even hitting the firewall since there are no log entries. We have a Sonicwall firewall in place now and email works fine. When we move the cables from the Sonicwall to the PA-3020, inbound emails stop flowing. Any thoughts?
07-21-2014 07:56 AM
Thanks to everyone for your suggestions. Turns out we had it configured properly in the first place. The problem turned out to be the ARP table in the switch. The public facing IP had a MAC address pointing to the Sonicwall. When we moved the cables to the PA-3020, the switch was still trying to send the traffic to the Sonicwall. When we cleared the ARP table in the switch, traffic started flowing.
07-18-2014 04:42 PM
Hi Oliver,
Is it a Static NAT or just Destination NAT? Can you provide us snapshot of NAT configuration.
Regards,
Hardik Shah
07-19-2014 11:30 AM
Hello
If You are new to PAN please read Understanding PAN-OS NAT first, and next search this community for u-turn problems that could hit you
With regards
Slawek
07-19-2014 05:17 PM
Sonicwall nat and policy organization is basically the same as you have in PanOS. They are separate and require two rules.
Look at your Sonicwall nat rule for the inbound address to the exchange server.
Create this same rule in the nat section on the PA
In the security policy add a rule on the PA to permit the inbound smtp application to the exchange server.
Once you have both the nat rule and security policy the inbound traffic should flow.
07-21-2014 07:56 AM
Thanks to everyone for your suggestions. Turns out we had it configured properly in the first place. The problem turned out to be the ARP table in the switch. The public facing IP had a MAC address pointing to the Sonicwall. When we moved the cables to the PA-3020, the switch was still trying to send the traffic to the Sonicwall. When we cleared the ARP table in the switch, traffic started flowing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!