We'd love to hear about it! Click here to go to the product suggestion community
The TLS SSL encryption isn't operating too well. I've found 2 hosts I have to skip in opportunistic TLS. How can I either a) turn opportunistic TLS off in MTA Mode, or b) add an "Any" host into the Skip TLS encryption list? I can't add 0.0.0.0/0 as a host in Hosts and Services - and unlike in UTM9, the XG doesn't have predefined hosts for Internet IPv4 or Internet IPv6.
I can't spend my time digging through email logs wondering what host the opportunistic TLS is going to crash on next.
even if i do not recommend this it can be done this way:
In reply to lna:
Ina, thanks for the clarification. However the netmask on that nearly any definition only defines 2 IPs. 0.0.0.0 and 0.0.0.1 - is that going to do the trick, like is that the way I need to input since it covers 0.0.0.0, and thus it will then be the 0.0.0.0/0 I'm looking for, even if the subnet is /31?
You're right, I'd much rather not have to do this as well. Opportunistic TLS is awesome. And when I use it in UTM9, it's great. In XG Firewall, not so much. I'm trying to get a bug I found with it defined in where if there are multiple recipients in a message, and the TLS encryption engine encounters an error, it freezes the message and only delivers to some (or no) recipients.
In reply to Chris Shipley:
please take a closer look at the screenshot - it says IP Range not Network ;)
you are not allowed to configure 0.0.0.0 (undefined IP) to 255.255.255.255 (broadcast) as a range therefore go plus one / minus one
and use 0.0.0.1 to 255.255.255.254 --> "nearly any"
aha... yep. right. Thanks :)