Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Zone-Based Firewall filtering SMTP(and showing Internal Error)

We have a customer site with a 2801 functioning as the LAN router. The ZBFW configuration seems to be filtering all outbound SMTP traffic and giving the following log error:

%APPFW-4-SMTP_INTERNAL_ERROR: Error encountered - Internal error in SMTP parsing. Closing SMTP session

All email-based traffic is solely sourced from Outlook 2007 client applications and there doesn't seem to be any viruses or other irregular traffic to cause this error. In fact, I have been unsuccessful in locating this error message using either the Output Interpreter or the Error Message Decoder tools.

The following is an abbreviated configlet from that router(the portion which pertains to SMTP traffic):

!

class-map type inspect smtp match-all smtp_dpi_class

description match SMTP application payload size

match data-length gt 75000000

!

!

policy-map type inspect smtp smtp_dpi_policy

description log SMTP information based on Payload Size

class type inspect smtp smtp_dpi_class

log

!

!

class-map type inspect match-all smtp_class

description match SMTP application

match protocol smtp extended

!

!

policy-map type inspect inside_to_outside

description Inside to Outside traffic policy

class type inspect smtp_class

inspect

service-policy smtp smtp_dpi_policy

All other ZBFW configuration is per best-practice, and this is the only traffic that seems to be causing issues.

All help is greatly appreciated and thanks so much for your time.

412
Views
0
Helpful
0
Replies
CreatePlease to create content