08-08-2018 09:21 PM - edited 03-12-2019 04:08 AM
I have an ASA-5508x, adminstered by a vFMC. Both are running 6.2.2.1. Note that this is FTD, not the older ASA software.
I have a server behind the 5508, in a DMZ, that I want to have send email via an SMTP connection to Office 365. The problem I am seeing is with the FTD perfoming "SMTP inspection" mangling the SMTP session. This can be seen when I telnet to port25, and see a heap of asterixes. ie 220 ***************************************************************************************. This, unfortunatly, prevents my application from being able to start a TLS session, authenticate and relay.
I am trying to figure out how to turn this off. I have checked the rule that is allowing traffic on port 25, configuring NO intrusion policy and NO file policy, but SMTP inspection still seems to be occuring.
How do I disable this, and have SMTP traffic pass unmolested?
It would be preferable if I can do this in a rule, or in some other way make it apply to just a single host, but if it has to be implemted globally that is workable.
08-09-2018 02:01 AM
08-09-2018 07:24 PM
Being an FMC, there is no CLI.
08-09-2018 07:27 PM
08-09-2018 08:49 PM
That is not how the vFMC/FTD software works. Configuration cannot be done using a CLI.
@Mohammed al Baqari wrote:
I thought I said FTD not FMC. You need to put the command on FTD
08-10-2018 02:19 AM
08-10-2018 04:15 AM
For MOST (but not all) features you are right.
A few things - such as default inspections - are configurable locally via cli. That applies even when the FTD device is managed by FMC.
As noted in the above reference, you should consider using a Flexconfig object in FMC to make this change persistent across policy deployments (if you have version 6.2.3 or later).
08-13-2018 11:29 PM
OK for anyone else following, I eventually figured this out:
1. Create a Flexconfig policy, apply the Default_Inspection_Protocol_Disable, System defined object.
2. Go to Objects, Flexconfig, Text Object. Edit the disableInspecProtocolList to include ESMPT.
More than a little counterintuitive and convoluted, but works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide