Showing results for 
Show  only  | Search instead for 
Did you mean: 


L0 Member



L0 Member

To ensure that incoming email traffic can flow through the backup line as well, you'll need to configure your PA (Palo Alto) devices accordingly. Here are the steps you can take:


  1. Verify ISP Configuration: Confirm that both ISP lines are properly configured and active on your PA devices. Check the interface configurations, IP addressing, routing tables, and any firewall policies related to these interfaces.

  2. Verify NAT Policies: Ensure that Network Address Translation (NAT) policies are correctly configured to handle incoming email traffic from both ISP lines. This includes inbound NAT policies (Destination NAT) that map external IP addresses to internal addresses for your email servers.

  3. Load Balancing or Failover Configuration: If you're using Active-Backup setup for ISP lines, check the load balancing or failover configuration on your PA devices. Ensure that email traffic is allowed to use both ISP lines for inbound connections and that failover mechanisms are functioning correctly.

  4. Check Security Policies: Review your security policies to ensure that email traffic is allowed through both ISP interfaces. Create or modify security policies as needed to permit SMTP (email) traffic from external sources to your internal email servers.

  5. Monitoring and Troubleshooting: Use monitoring tools on your PA devices to track incoming traffic on both ISP lines. Check logs, traffic statistics, and packet captures to identify any issues or anomalies with incoming email traffic on the backup line.

  6. Consult PA Documentation or Support: Refer to the Palo Alto documentation for specific configuration guidance related to email traffic and ISP failover/load balancing. If you're unable to resolve the issue, consider reaching out to Palo Alto Networks support for assistance.

  7. Consider Redundancy and Resilience: As a best practice, ensure that your email infrastructure has redundancy and resilience measures in place. This includes redundant email servers, backup MX records, and a thorough disaster recovery plan for email services.

By following these steps and ensuring proper configuration, you should be able to permit email traffic to flow through the backup line in your Active-Backup setup with Palo Alto devices.




  • 1 replies
  • 38 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!