Solved

Inbound SMTP Traffic through PIX515

Posted on 2008-10-06
14
423 Views
Last Modified: 2011-10-03
I am having a very odd intermittent problem with my PIX515 firewall.  The architecture is as follows.  

I have a fullt T1 connection that's protected by a PIX 515 firewall.  This firewall has 3 interfaces (Inside, Outside, DMZ).  On the inside interface the firewall is plugged into a Cisco CAT4507 switch.  Also on that switch is a Sonicwall Email Security 200 appliance for SPAM filtering.  The sonicwall is on the "internal" corporate network (no separate VLANs or other Firewalls involved).  The Sonicwall scans the email, and then forwards on to a corporate exchange server again, on the same internal network.

Almost on a daily basis, but not at definable intervals, we are unable to recieve inbound SMTP traffic through the firewall.  A telnet from the outside to the NAT mail interface on port 25 fails (when mail is flowing the SMTP Telnet is normal, no fixup/mailguard is enabled).  HOWEVER, when mail is not flowing, a Telnet to port 25 of the Email Security Appliance INSIDE the firewall is fine, as is all outbound SMTP traffic, and the http/https management utilites on the device.  Inbound is the only thing affected.  A hard reboot of the Email Security Device usually gets things up and running again.  

I'm getting a lot of finger pointing back and forth but haven't had much luck...

Any ideas?
0
Comment
Question by:jaysin144
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 4

Expert Comment

by:ckozloski
ID: 22649865
Have you checked for an IOS upgrade for that PIX? It almost sounds like your xlates are getting trashed. I would check that first.
0
 

Author Comment

by:jaysin144
ID: 22649983
I think that 8.0(3) is one of the newest releases.  
0
 
LVL 4

Expert Comment

by:ckozloski
ID: 22650015
What kind of traffic volume are you pushing through your T-1? Does this seem to be happening during peak work times throughout the day?
It could be a bandwidth issue. I had an issue similar to that that caused severe service issues because We were overrunning our T1.  
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jaysin144
ID: 22650030
It happens in the middle of the night, during the day, on weekends.  Sometimes during high utilization periords, but more often than not during times where there is NO utilization.  
0
 
LVL 4

Expert Comment

by:ckozloski
ID: 22650074
The one thing that doesn't make sense to me is that if this is a firewall problem, then rebooting the email device wouldn't correct the problem.
Are there any log entries in the email device when this happens?
0
 

Author Comment

by:jaysin144
ID: 22650115
That's what I thought, but sure enough it happens every time.  I thing there might be something to your xlate comment though.  When we bring that device back up, it's going to re-establish the xlates right?  Next time it happens I'm going to try clearing the xlates to see if that brings the connection back up.  

Logging on both sides really does not show anything.  As far as the sonicwall is concerned everything is just fine.  
0
 
LVL 4

Expert Comment

by:ckozloski
ID: 22650173
Yes, it should reset all your xlates when you reset the device.
0
 

Author Comment

by:jaysin144
ID: 22677239
Well, clearing the XLATE's didn't do anything.  Anyone else have any other ideas on this issue.  I'm at a loss.  We had normal mail flow for almost 36 hours, but it bailed at 5AM this morning.
0
 
LVL 4

Expert Comment

by:ckozloski
ID: 22678055
How do you have NAT configured on the PIX? Are you using a 1-to-1 translation for that mail device?
Is there anything in the PIX logs for traffic to that IP when it goes down like that?
0
 

Author Comment

by:jaysin144
ID: 22678111

I attached a snip of code from the PIX.  

I don't see anything out of the ordinary in the LOGs during the time when the mail stops.  It just does, and as far as the firewall is concerned we get nothing...


object-group service DM_INLINE_TCP_4 tcp
 port-object eq https
 port-object eq smtp
 port-object eq www
access-list outside_access_in extended permit tcp any host x.x.x.x object-group DM_INLINE_TCP_4 

Open in new window

0
 
LVL 4

Expert Comment

by:ckozloski
ID: 22678233
Ok. Well that's your ACL and object group for those services you created to allow the traffic inbound. But my question is actually about the NAT translation that is happening.
Based on your question, you are using a private IP for the Sonicwall Email device. So I am assuming that you are NAT'ing a public IP to that private address via the PIX. Correct?
If that is the way it is configured, you should have a static NAT rule set up to point the public IP to the private IP. Check out this article:
http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_static_NAT_/_static_PAT_command_in_the_PIX%2C_ASA_and_FWSM
How are you accomplishing this in the PIX? You should have a config line in there somewhere that shows your NAT / PAT rules.
0
 

Author Comment

by:jaysin144
ID: 22678324
My bad, I just forgot to paste the NAT rule...We have a 1 to 1 static NAT mapping so it really is pretty simple on that end...

name x.x.x.x Internal-Emailsecurity
name p.p.p.p Public-EmailSecurity
static (inside,outside) Public-EmailSecurity Internal-Emailsecurity netmask 255.255.255.255

Open in new window

0
 
LVL 4

Expert Comment

by:ckozloski
ID: 22678359
Honestly, I'd start checking the simple stuff like the ports and the cables to make sure you don't have a bad or loose cable that could be causing the problem.
0
 

Accepted Solution

by:
jaysin144 earned 0 total points
ID: 25260453
Manufacturer made some changes to the device to devrease CPU load.  Appears to have been causing the issues since they have not returned since.  First level support pointed fingers, senior support admitted, yeah it's a CPU load issue that hands the SMTP Daemon they use...
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 84
Asymmetric Routing (Firewall) 3 89
network error 8 61
Expanding Subnet Mask 20 209
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question