This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

emails stop working

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

emails stop working

ElieChallita
L1 Bithead

‎02-06-2024 06:47 AM

hi all, i recently replace my palo alto 820 with new model 440, all is working fine however my emails from inside to outside stop working. my emails are on seperate zone on the dmz and i have barracuda. there is a nat policy.

however when i set back the old one everything works properly.

Does anyone have an idea about what is causing the issue

 

0 Likes Likes
7 REPLIES 7

Claw4609
Cyber Elite
Cyber Elite

‎02-06-2024 07:09 AM

Is this for emails coming from the Palo itself or from clients that is no longer working? Assuming we're referring to the Palo, are both models running the same PAN-OS versions? Also verify that the service route for email is still the same from the old one to the new one. If you use a relay of some kind you may need to add the specific IP address so may be easier to have the same mgmt IP on the new one.

 

Assuming you're referring to emails from users, are you using the same device groups and templates (assuming managed by Panorama) on the new device as you were the old? 

0 Likes Likes

ElieChallita
L1 Bithead
In response to Claw4609

‎02-06-2024 07:12 AM

i am talking to the emails from users, and concerning the configuration it is the same one i have imported the same configuration to the new palo alto. i didn't change anything

0 Likes Likes

Claw4609
Cyber Elite
Cyber Elite

‎02-06-2024 07:13 AM

Do you see the traffic in the monitor logs? Whether allowed or denied. 

0 Likes Likes

ElieChallita
L1 Bithead
In response to Claw4609

‎02-06-2024 07:14 AM

yes it is allowed, but the reason of end is incomplete or aged out

0 Likes Likes

Claw4609
Cyber Elite
Cyber Elite

‎02-06-2024 07:20 AM

You may need to do some additional testing live and check the global counters to see if any specific reason is thrown. How to check global counters for a specific source and destinat... - Knowledge Base - Palo Alto Netw...

 

I would also verify that the NAT rules and routing (whether dynamic or static) are still identical between the two as you may not be sending it to the right place or translating it to the correct IP.  

OtakarKlier
Cyber Elite
Cyber Elite

‎02-06-2024 10:41 AM

Hello,

My guess is that there is a missing or misconfiguration in one of the following: Virtual router, security policy, NAT policy.

 

Regards,

0 Likes Likes

Jacek_Loszewski
L1 Bithead

‎03-07-2024 11:55 PM

I would still check the App ID versions - there have been some changes in the exchange traffic (of course, if these App IDs are different on the older and newer PN).

Greetings
0 Likes Likes
  • 2231 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks