Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 1723 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to email encrypt directly through the UTM 9 instead of having the mail redirected from the internet back to the utm?

Arnold Fischer

I have a xg105 setup and doing encryption via the outlook plug in, works great. Now I have a sg210 and want to do an inline encryption (client includes keywords in body ie social security number etc.) where the client hits send and as long as the traffic flows through the UTM the encryption happens.

Support thinks I need to redirect the outside web hosts email back into the utm to do the encryption..

The client uses an online web/email host imap. No hosted email. There is NO mail server on premises, let alone an exchange server.

 

I would be happy with an outlook plug in as a last resort if the inline triggering doesn't work. 

 

The xg105 doesn't need this round robin it just works out of the box, can't the SG210 at least work the same way?



This thread was automatically locked due to age.
  • 0

    This is certainly an unintended use of the encryption system.

    The encryption logic is part of the SMTP gateway, so it might work if all of the above apply:

    • Outlook clients use IMAP or POP, so they are connecting to the mail server using SMTP for outbound mail.
    • SMTP gateway is in transparent mode, so clients do not need to be reconfigured.
    • SMTP gateway is configured for filtering mail for the sender mail domain.

    Most mail systems offer a webmail interface.   Since the mail system is external, it will bypass UTM and therefore bypass any automatic encryption configured on UTM.

    Test it at a non-critical part of their day.  We will be curious to hear if it works.

  • 0 in reply to DouglasFoster

    DouglasFoster said:

    This is certainly an unintended use of the encryption system.

    The encryption logic is part of the SMTP gateway, so it might work if all of the above apply:

    • Outlook clients use IMAP or POP, so they are connecting to the mail server using SMTP for outbound mail.
    • SMTP gateway is in transparent mode, so clients do not need to be reconfigured.
    • SMTP gateway is configured for filtering mail for the sender mail domain.

    Most mail systems offer a webmail interface.   Since the mail system is external, it will bypass UTM and therefore bypass any automatic encryption configured on UTM.

    Test it at a non-critical part of their day.  We will be curious to hear if it works.

     

     

    This is STILL in my office for testing so I can make any changes necessary and not worry about stopping workflow.... Can you elaborate a little on your recommendations? If I don't get your ideas perfectly it will not work. SMTP gateway is in transparent mode ports 25, 465, and 587 are checked (ver 7.6 of UTM 9.)

     

    Thank you..

  • 0

    I'm confused by this thread.  There is zero difference in the functionality of UTM running on a 105 and a 210.  There is a radical difference between XG Firewall and UTM running on a 105 or a 210.

    In any case, the Outlook plugin functions identically with both.  I believe that the encryption happens in the UTM/XG, not in the client, so that if outbound emails don't transit the Sophos device, they won't be encrypted.

    Unless the email provider for your client can use the client's Sophos device as a smart host, I don't think you can solve the client's problem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML