This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Configure NAT Policy for Exchange Server

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Configure NAT Policy for Exchange Server

Go to solution
OliveIT
Not applicable

‎07-18-2014 04:39 PM

We are brand new to Palo Alto and are configuring our first device, a PA-3020. We've been trying to configure a NAT policy that will direct inbound email to our Exchange server. Outbound email seems to work fine. Inbound email doesn't seem to be even hitting the firewall since there are no log entries. We have a Sonicwall firewall in place now and email works fine. When we move the cables from the Sonicwall to the PA-3020, inbound emails stop flowing. Any thoughts?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
OliveIT
Not applicable

‎07-21-2014 07:56 AM

Thanks to everyone for your suggestions. Turns out we had it configured properly in the first place. The problem turned out to be the ARP table in the switch. The public facing IP had a MAC address pointing to the Sonicwall. When we moved the cables to the PA-3020, the switch was still trying to send the traffic to the Sonicwall. When we cleared the ARP table in the switch, traffic started flowing.

View solution in original post

0 Likes Likes
5 REPLIES 5

Go to solution
hshah
L6 Presenter

‎07-18-2014 04:42 PM

Hi Oliver,

Is it a Static NAT or just Destination NAT? Can you provide us snapshot of NAT configuration.

Regards,

Hardik Shah

0 Likes Likes

Go to solution
hshah
L6 Presenter

‎07-18-2014 05:05 PM

Hi Oliver,

You can refer bellow mentioned video for DNAT.

Video Link : 1550

Regards,

Hardik Shah

0 Likes Likes

Go to solution
_slv_
L4 Transporter

‎07-19-2014 11:30 AM

Hello

If You are new to PAN please read Understanding PAN-OS NAT first, and next  search this community for u-turn problems that could hit you Smiley Wink

With regards

Slawek

0 Likes Likes

Go to solution
pulukas
L7 Applicator

‎07-19-2014 05:17 PM

Sonicwall nat and policy organization is basically the same as you have in PanOS.  They are separate and require two rules.

Look at your Sonicwall nat rule for the inbound address to the exchange server.

Create this same rule in the nat section on the PA

In the security policy add a rule on the PA to permit the inbound smtp application to the exchange server.

Once you have both the nat rule and security policy the inbound traffic should flow.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

Go to solution
OliveIT
Not applicable

‎07-21-2014 07:56 AM

Thanks to everyone for your suggestions. Turns out we had it configured properly in the first place. The problem turned out to be the ARP table in the switch. The public facing IP had a MAC address pointing to the Sonicwall. When we moved the cables to the PA-3020, the switch was still trying to send the traffic to the Sonicwall. When we cleared the ARP table in the switch, traffic started flowing.

0 Likes Likes
  • 1 accepted solution
  • 5251 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks