This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

SMTP Relay failing after PA update

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SMTP Relay failing after PA update

Go to solution
iiidmaxer
L0 Member

‎04-11-2018 10:05 AM

Hi,

 

I just upgraded to 7.1.16 and since that point my Windows server can no longer make a SMTP connection to a mail relay service (outbound.mailhop.org) on port 2525.  When I look at the Traffic log, I see the action as reset-both and the threat is "Fragroute Evasion Attack For Unknown-tcp Traffic".

 

Presuming this is a false positive, what is the best way to create a rule that allows this traffic to pass?

Thanks
-Bob

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-11-2018 01:20 PM

@iiidmaxer,

As @OtakarKlier mentioned this is almost certaintly due to the fact that you are using 2525 as an SMTP port. I would create a rule that looks like below.

 

# set rulebase security rules "SMTP to MailHop" from trust source any to untrust destination MailHop application smtp service tcp-2525 log-end yes action allow description "Allows SMTP traffic to MailHop on 2525"  profile-setting group SMTP-Protection-Profile 

 

This assumes that you've set an FQDN address object for MailHop, and that you've setup a service as tcp-2525 and that you modify the profile group to one that you actually utilize. 

 

# set address MailHop description "Used to resolve outbound.mailhop.org" fqdn outbound.mailhop.org

# set service tcp-2525 protocol tcp port 2525

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite

‎04-11-2018 11:00 AM

Hello,

This could be because you are using smtp over port 2525 which is a non standard port. Create a rule that allows the traffic for the application smtp over port 25 and 2525 and see how that goes.

 

Regards,

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-11-2018 01:20 PM

@iiidmaxer,

As @OtakarKlier mentioned this is almost certaintly due to the fact that you are using 2525 as an SMTP port. I would create a rule that looks like below.

 

# set rulebase security rules "SMTP to MailHop" from trust source any to untrust destination MailHop application smtp service tcp-2525 log-end yes action allow description "Allows SMTP traffic to MailHop on 2525"  profile-setting group SMTP-Protection-Profile 

 

This assumes that you've set an FQDN address object for MailHop, and that you've setup a service as tcp-2525 and that you modify the profile group to one that you actually utilize. 

 

# set address MailHop description "Used to resolve outbound.mailhop.org" fqdn outbound.mailhop.org

# set service tcp-2525 protocol tcp port 2525

0 Likes Likes

Go to solution
iiidmaxer
L0 Member
In response to BPry

‎04-11-2018 02:56 PM

BPry - That worked - thanks for the fast response!

 

-Bob

0 Likes Likes
  • 1 accepted solution
  • 4300 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks