We'd love to hear about it! Click here to go to the product suggestion community
Can anyone tell me requirements and tasks required to implement bi-directional Email encryption on appliance ES4000
this is what we would like to do on the email appliance is that possible or only on UTM?
this is the instructions for the Sophos Email Appliance
Are you referring to TLS (transport of emails) or SPX encrypted email pdf's? The most secure way to send email is to configure both SPX and TLS.. See below.
Configuration / Policy / Encryption
ensure TLS is enabled.
under the advanced section at the bottom..
Enter the domain, select sub domains if required.. change the incoming and outgoing messages require encryption OR require and validate
**** NOTE: if encryption fails or the certificate fails to be validated mail will pile up in the mail queues. Ensure the domain is properly set up before setting this up.
You will require configuration in the UI and Some rules to ensure it works correctly.
UI: under the same encryption menu click on the spx tab.
Note: the portal port number .. this must be accessible from the internet to the appliance.
create your template and password settings.
once that is all done:
on exchange, ensure there is a "send" connector sending all outbound mail through the appliance
then in the appliance create the following rule:
This example will encrypt all mail that is either flagged as "company-confidential" (you can use the outlook plugin, or manually set the sensitivity in the email properties) OR mail with the word *encrypt* in the subject line.
Add SPX rule
under configuration \ policy \ data control or additional policy \ outbound
addrule type:messages matching specific words or phrasesenable advanced policynextrule config:click on the regular expressions tab.* (period star, no spaces etc)addnextmessage attributes : (2 rules)#1select headerName Subject (note the capital S is important)check off "is (exact match)"value : *encrypt* (or what ever keyword you like) you can also use the contains sub string if you want to look for *encrypt encrypt [encrypt] etc)apply
#2HeaderName Sensitivity (note the capital again)check off "is exact match"value company-confidential (all lower case)apply
you will now see a check box at the bottom of the rule.. make sure you click "One of the message attributes must be present"
so the rule in the window should read..
Header is:'Subject: *encrypt*'OR Header is: Sensitivity: company-confidential
nextselect usersnextmain actionencrypt using spx, select your template and you will probably want to check off all 3 boxes.. additional actionsnextrule description name it save it.
once your dropped back to the list of policies use the arrows ^ to move it to the top and click save order.
In reply to Red_Warrior:
Perfect many thanks for your help