cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1294
Views
5
Helpful
7
Replies
Beginner

Disable SMTP inspection via FMC

I have an ASA-5508x, adminstered by a vFMC. Both are running 6.2.2.1. Note that this is FTD, not the older ASA software.

I have a server behind the 5508, in a DMZ, that I want to have send email via an SMTP connection to Office 365. The problem I am seeing is with the FTD perfoming "SMTP inspection" mangling the SMTP session. This can be seen when I telnet to port25, and see a heap of asterixes.  ie 220 ***************************************************************************************. This, unfortunatly, prevents my application from being able to start a TLS session, authenticate and relay.  

I am trying to figure out how to turn this off. I have checked the rule that is allowing traffic on port 25, configuring NO intrusion policy and NO file policy, but SMTP inspection still seems to be occuring.

 

How do I disable this, and have SMTP traffic pass unmolested?

It would be preferable if I can do this in a rule, or in some other way make it apply to just a single host, but if it has to be implemted globally that is workable.



 

 

Everyone's tags (2)
7 REPLIES 7
VIP Advisor

Re: Disable SMTP inspection via FMC

Go to FTD CLI and apply this command

configure inspection esmtp disable
Beginner

Re: Disable SMTP inspection via FMC

Being an FMC, there is no CLI.

VIP Advisor

Re: Disable SMTP inspection via FMC

I thought I said FTD not FMC. You need to put the command on FTD
Highlighted
Beginner

Re: Disable SMTP inspection via FMC

That is not how the vFMC/FTD software works. Configuration cannot be done using a CLI.


@Mohammed al Baqari wrote:
I thought I said FTD not FMC. You need to put the command on FTD

 

VIP Advisor

Re: Disable SMTP inspection via FMC

You asked a question and I gave you an answer. I am not sure whats the
pointing of asking question and then negating the answer.

This is the answer either take it or leave it. But you need to learn about
FTD before responding
Hall of Fame Guru

Re: Disable SMTP inspection via FMC

For MOST (but not all) features you are right.

 

A few things - such as default inspections - are configurable locally via cli. That applies even when the FTD device is managed by FMC.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_3.html#wp2136048707

 

As noted in the above reference, you should consider using a Flexconfig object in FMC to make this change persistent across policy deployments (if you have version 6.2.3 or later).

Beginner

Re: Disable SMTP inspection via FMC

OK for anyone else following, I eventually figured this out:

1. Create a Flexconfig policy, apply the Default_Inspection_Protocol_Disable, System defined object.

2. Go to Objects, Flexconfig, Text Object. Edit the disableInspecProtocolList to include ESMPT.

More than a little counterintuitive and convoluted, but works.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here