topic ZBF - SMTP issue in Network Security https://community.cisco.com/t5/network-security/zbf-smtp-issue/m-p/1713901#M561577 <P>Hi,</P><P></P><P><SPAN class="long_text" id="result_box"><SPAN style="background-color: #ffffff;" title="o ZBF está dropping pacotes, mesmo eles estando liberados">My ZBF is dropping some SMTP packets, and allowing others...even though they're </SPAN></SPAN><SPAN class="long_text short_text" id="result_box" lang="en"><SPAN class="hps" title="Clique para mostrar traduções alternativas">allowed. </SPAN></SPAN></P><P></P><P>My ZBF (SMTP) configuration:</P><P></P><P>class-map type inspect match-all c_servidoressmtp<BR /> description Class Map allowing SMTP Access<BR /> match access-group name ACL_SMTP<BR /> match protocol smtp</P><P></P><P>policy-map type inspect p_EXTtoSRV<BR /><SPAN class="long_text short_text" id="result_box" lang="en"><SPAN class="hps" title="Clique para mostrar traduções alternativas"></SPAN></SPAN> class type inspect c_servidoressmtp<BR />&nbsp; inspect</P><P></P><P>ip access-list extended ACL_SMTP<BR /> remark ACL SMTP SERVERS<BR /> permit ip any host 200.19.105.193</P><P></P><P></P><P><BR />Log's:</P><P>May 30 13:59:18 udesc-servidores/udesc-servidores 2809973: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 63 tcp packets were dropped from 209.85.216.45:46013 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)<BR />May 30 13:59:18 udesc-servidores/udesc-servidores 2809974: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 63 tcp packets were dropped from 209.85.216.45:61800 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)<BR />May 30 13:59:18 udesc-servidores/udesc-servidores 2809976: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 46 tcp packets were dropped from 74.125.82.45:44331 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)<BR />May 30 13:59:18 udesc-servidores/udesc-servidores 2809980: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 4 tcp packets were dropped from 201.23.81.230:44768 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)<BR />May 30 13:59:18 udesc-servidores/udesc-servidores 2809989: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 1 tcp packet were dropped from 209.85.213.185:38750 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)</P><P></P><P>#<SPAN class="long_text short_text" id="result_box" lang="en"><SPAN class="hps" title="Clique para mostrar traduções alternativas">sh policy-map type inspect zone-pair zp_EXTtoSRV</SPAN></SPAN></P><P></P><P> Class-map: c_servidoressmtp (match-all)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Match: access-group name ACL_SMTP<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Match: protocol smtp<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp; Inspect<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Packet inspection statistics [process switch:fast switch]<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tcp packets: [111655:55981644]<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Session creations since subsystem startup or last reset 1142351<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Current session counts (estab/half-open/terminating) [20:0:0]<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Maxever session counts (estab/half-open/terminating) [181:52:50]<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Last session created 00:00:04<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Last statistic reset never<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Last session creation rate 28<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Maxever session creation rate 610<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Last half-open session total 0<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; TCP reassembly statistics<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; received 0 packets out-of-order; dropped 0<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; peak memory usage 0 KB; current usage: 0 KB<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; peak queue length 0</P><P></P><P></P><P>Anyone <SPAN class="long_text short_text" id="result_box" lang="en"><SPAN class="hps" title="Clique para mostrar traduções alternativas">have any idea</SPAN><SPAN title="Clique para mostrar traduções alternativas"></SPAN></SPAN>?</P><P></P><P>Thanks,</P><P>Fernando</P> Mon, 11 Mar 2019 20:40:07 GMT fernandoseidler 2019-03-11T20:40:07Z ZBF - SMTP issue https://community.cisco.com/t5/network-security/zbf-smtp-issue/m-p/1713901#M561577 <P>Hi,</P><P></P><P><SPAN class="long_text" id="result_box"><SPAN style="background-color: #ffffff;" title="o ZBF está dropping pacotes, mesmo eles estando liberados">My ZBF is dropping some SMTP packets, and allowing others...even though they're </SPAN></SPAN><SPAN class="long_text short_text" id="result_box" lang="en"><SPAN class="hps" title="Clique para mostrar traduções alternativas">allowed. </SPAN></SPAN></P><P></P><P>My ZBF (SMTP) configuration:</P><P></P><P>class-map type inspect match-all c_servidoressmtp<BR /> description Class Map allowing SMTP Access<BR /> match access-group name ACL_SMTP<BR /> match protocol smtp</P><P></P><P>policy-map type inspect p_EXTtoSRV<BR /><SPAN class="long_text short_text" id="result_box" lang="en"><SPAN class="hps" title="Clique para mostrar traduções alternativas"></SPAN></SPAN> class type inspect c_servidoressmtp<BR />&nbsp; inspect</P><P></P><P>ip access-list extended ACL_SMTP<BR /> remark ACL SMTP SERVERS<BR /> permit ip any host 200.19.105.193</P><P></P><P></P><P><BR />Log's:</P><P>May 30 13:59:18 udesc-servidores/udesc-servidores 2809973: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 63 tcp packets were dropped from 209.85.216.45:46013 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)<BR />May 30 13:59:18 udesc-servidores/udesc-servidores 2809974: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 63 tcp packets were dropped from 209.85.216.45:61800 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)<BR />May 30 13:59:18 udesc-servidores/udesc-servidores 2809976: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 46 tcp packets were dropped from 74.125.82.45:44331 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)<BR />May 30 13:59:18 udesc-servidores/udesc-servidores 2809980: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 4 tcp packets were dropped from 201.23.81.230:44768 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)<BR />May 30 13:59:18 udesc-servidores/udesc-servidores 2809989: *May 30 13:59:32: %FW-6-LOG_SUMMARY: 1 tcp packet were dropped from 209.85.213.185:38750 =&gt; 200.19.105.193:25 (target:class)-(zp_EXTtoSRV:c_servidoressmtp)</P><P></P><P>#<SPAN class="long_text short_text" id="result_box" lang="en"><SPAN class="hps" title="Clique para mostrar traduções alternativas">sh policy-map type inspect zone-pair zp_EXTtoSRV</SPAN></SPAN></P><P></P><P> Class-map: c_servidoressmtp (match-all)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Match: access-group name ACL_SMTP<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Match: protocol smtp<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp; Inspect<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Packet inspection statistics [process switch:fast switch]<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tcp packets: [111655:55981644]<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Session creations since subsystem startup or last reset 1142351<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Current session counts (estab/half-open/terminating) [20:0:0]<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Maxever session counts (estab/half-open/terminating) [181:52:50]<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Last session created 00:00:04<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Last statistic reset never<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Last session creation rate 28<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Maxever session creation rate 610<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Last half-open session total 0<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; TCP reassembly statistics<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; received 0 packets out-of-order; dropped 0<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; peak memory usage 0 KB; current usage: 0 KB<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; peak queue length 0</P><P></P><P></P><P>Anyone <SPAN class="long_text short_text" id="result_box" lang="en"><SPAN class="hps" title="Clique para mostrar traduções alternativas">have any idea</SPAN><SPAN title="Clique para mostrar traduções alternativas"></SPAN></SPAN>?</P><P></P><P>Thanks,</P><P>Fernando</P> Mon, 11 Mar 2019 20:40:07 GMT https://community.cisco.com/t5/network-security/zbf-smtp-issue/m-p/1713901#M561577 fernandoseidler 2019-03-11T20:40:07Z Re: ZBF - SMTP issue https://community.cisco.com/t5/network-security/zbf-smtp-issue/m-p/1713902#M561578 <HTML><HEAD></HEAD><BODY><P>The public smtp server might be using ESMTP rather than SMTP. If so, use "match protocol smtp extended" instead. If that's not it, you might want to open a TAC case to investigate further. </P></BODY></HTML> Tue, 14 Jun 2011 19:16:41 GMT https://community.cisco.com/t5/network-security/zbf-smtp-issue/m-p/1713902#M561578 Ronaldo Renato Punzalan 2011-06-14T19:16:41Z