SSL inbound inspection not working for SMTP

Reply
Highlighted
L0 Member

SSL inbound inspection not working for SMTP

I'm running PANOS 10.0.2

SSL inbound inspection for a web server is working but for a seperate SMTP server it is not.

Both use the same certificate.

Both use the same cipher suites.

Two seperate decryption rules wihich are clones of each other, only the public destination IP-adress is different.

Both use the same decryption profile.

The SMTP server receives email just fine and from it's logs I can tell that the TLS handshake is succesfull plus it shows details of the cipher suite that has been used.

Also I notice that the traffic logs only show smtp-base, the never show smtp-starttls. In the security policy rule for mail server I have chosen smtp as application which should be good enough for smtp-base and smtp-starttls.

Furthermore this setup has worked with earlier PANOS release, which one I forgot.

 

Highlighted
Cyber Elite

@Han.Valk,

PAN-OS 10 is not currently recommended and you could very well be running into a bug. I'd reach out to TAC and see if they can verify the configuration and then investigate if it's a bug or not. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!