Issues with sending Email Updates from Palo Alto Firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Issues with sending Email Updates from Palo Alto Firewall

L1 Bithead
 
A few months ago, I staged two pairs of PA3220s in our Lab at our US HQ Office. These firewalls were staged to support our new Australia and India Offices. I configured Log Email Updates on these boxes so that critical threat/system logs can be sent to our internal email relay server hosted back in the US. Before shipping the Firewalls out, the email alert service was successfully tested, as test emails could be sent just fine when still connected to our HQ Lab via the mgmt interfaces. However, once the firewalls were shipped out and connected back to our internal WAN at these two sites, they began to fail to send email alerts to our relay server.... When running an Email test, I get the following error when running a test email to our SMTP gateway " Connection to (SMTP GW IPv4 Address):25 failed. Failure when receiving data from the peer. " I know that the SMTP Mail relay server is working still as our Panorama hosted in our US Datacenter can still send local email alerts to our mail relay server just fine with no issues.
What has changed from when this last worked:
  • Firewall Source IP Address. (Confirmed reachability from new Mgmt source IP to US SMTP gateway IP).
  • Latency from FW to SMTP relay server ( Jumped from 30-45ms to 180-220ms) due to change in the physical location.
Troubleshooting Steps Completed:
  • I Confirmed reachability from Email Source Interface from these two pairs of Firewalls in Australia and India to our US-hosted SMTP Relay server.
  • I Confirmed Security Rules to allow SMTP traffic.
  • I Confirmed TCP 3-way handshake when running packet captures on the Firewall.
What further troubleshooting can I perform to determine why or how this has stopped working?
1 REPLY 1

Community Team Member

Hi @Carson1998 ,

 

Were you able to get more information taking tcpdumps or checking the ms-log while testing this ?

Have you tried restarting the mgmt-server process ?

What's the PAN-OS version you're currently running ? I'd make sure you're running a recommended PAN-OS version to rule out any old PAN-OS bugs you might be running into.

 

Kind regards,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 1564 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!