Today we faced one issue with ironport Web adding NTLM authentication with AD. In our scenario, WSA is inDMZ interface. and the data traffic is passed via DMZ interface to internet.
In deployement method, we used in Network -> DNS -.> root dns server (public) and interface as Data.
When we try to integrate our WSA box with AD via NTLM, the DNS is not getting resolved for our wsa hostname, AD servers. We can see the AD hostname in the error. So, how we are getting the AD hostname in the error eventhough it is not resolve by DNS???