keithr suggested verify proper dns configuration
Additionally, here is a suggestion
The solution will depend on the config. Is the DNS server located internally also?
Unless you have disabled DNS ALG, it should already be enabled by default if you running some version 11.x or greater
try to connect to the owa url from and internal host then
>show security flow session
>show security alg status | match dns
post the output of this session and look where the response is coming from, that will tell you why the internal host cannot access it
1-Try this:
#set security nat destination pool owa-acess-in-2-out address <ip_owa_server>
#set security nat destination rule-set int-owa-access from zone trust <your internal trust zone>
#set security nat destination rule-set int-owa-access rule 1 match source-address <int_network/24>
#set security nat destination rule-set int-owa-access rule 1 match destination-address <ext_owa/32>
#set security nat destination rule-set int-owa-access rule 1 match destination-port 443
#set security nat destination rule-set int-owa-access rule 1 then destination-nat pool owa-acess-in-2-out
2-The solution may well be a source-nat rule for the local host to create a reverse NAT from the destination host (double NAT)