I'll help you out, so feel free to post some information.
However I'm going to take a stab at the problem. The biggest mistake that people make when adding a domain to the HAT White List is they put the domain name in without a period, example "example.com". From an IronPort perspective this would only match one host...the host with a PTR record for example.com and the A record that points back to the IP address.
What you want to do is insure that you have a period in front of the domain name, new example ".example.com". This entry basically says we'll take any FQDN with the domain of example.com so this would match mail1.example.com, www.example.com, outbound example.com, etc. etc.
The second mistake that people make with the HAT is that they are under the impression that they can put the domain name that will be utilized in the MAIL FROM in the conversation. So going back to the example.com domain, let's say that example.com has a business unit called abc.com but all the mail goes through mail1.example.com. What some users do is put abc.com into the HAT but the problem is the IronPort compares data in the HAT to the DNS information of the sending server.
So in the above problem the HAT will never see anything for abc.com because all the mail comes from mail1.example.com which would be the proper entry for the HAT file.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...