laz01
asked on
Bypass Zone Based Firewall
Hello all,
We have recently replaced our premise router with an ASR. We established a Zone Based Firewall since reflexive ACLs are no longer supported. The problem we are having now is that SMTP traffic is SLOW. External mail coming in with no attachments seems o.k. but when adding an attachment it can take hours. In fact the last test took 13 hours to make it through. At first we thought it was the Ironport but when talking with Cisco they said that it looks fine and normally the symptoms present themselves when there is packet inspection before the mail hits the Ironport. Is there a way for SMTP to bypass the inspection policy but still be allowed through?
We have recently replaced our premise router with an ASR. We established a Zone Based Firewall since reflexive ACLs are no longer supported. The problem we are having now is that SMTP traffic is SLOW. External mail coming in with no attachments seems o.k. but when adding an attachment it can take hours. In fact the last test took 13 hours to make it through. At first we thought it was the Ironport but when talking with Cisco they said that it looks fine and normally the symptoms present themselves when there is packet inspection before the mail hits the Ironport. Is there a way for SMTP to bypass the inspection policy but still be allowed through?
ASKER
Negative. It is not enabled.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. So that's what I ended up having to do. I created an access-list for all smtp traffic, the appropriate class-maps and "pass" for the action.
If it is, turn it off and let Ironmail do the inspection.