10-07-2021 07:00 AM
I have a Linux VM trying to send traffic over port 25 smtp and I am getting an incomplete message on the PAN-VM. I have done a few tests with port 587 and works fine, I have gone through the rules in focus detail to verify the rule should allow it but still no go. Any ideas where else I can look or tools to use to narrow down this issue? Thanks
10-07-2021 02:59 PM - edited 10-07-2021 03:15 PM
Thank you for the post @razzitpca
Could you navigate to: Monitor > Logs > Traffic, then search logs to confirm what rule is getting hit? To filter logs, you can use for example: ( port.dst eq 25). If you are seeing: "incomplete" message in the Detailed Log View, this indicates that TCP 3 way hand shake has not completed: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
In order to drill down more into details of the traffic, I would recommend to take packet capture on data plane interface with the filter for this traffic, then export it and check it in Wireshark: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTJCA0
In my experience, it has usually been a routing issue. Check all of your routing as well as policy base forwarding.
Could also be that the other side is blocking your traffic over port 25.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!