Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 2689 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XGS send EMail Quarantine Digest to all mailboxes

TechnikBingo

Hello,

I have set up an XGS136 SFOS 20.0.0 at an customer with an OnPrem Exchange 2016, of course set it up with MTA Mode / Reverse Proxy (Thanks for the 1MB Size Limit that is forbidden to edit...) and I am facing issues to set up Quarantine Digests correctly. The previous SG UTM just simply delivered Digests to the mailbox the mail was supposed to go to, easy and did exactly what it is supposed to do. I do understand that with XGS this is not that simple anymore, but still a joke in my opinion since I have to do it via Users that have to exist on the XGS and enable Quarantine Digests via Users/Groups.

Currently only the VPN Users have logged in to User/VPN Portal and because of that the mailboxes of those users get the Digests, the other 220 mailboxes dont since the users are not imported into the XGS.

What I found out but I am unhappy with that to say the least:

1. Imported AD Domain User Group to XGS and only allowed quarantine digests,regardless I cannot import all users from AD group into XGS regardless, users have to actively log into user portal of XGS (will not work in practice with the customers and it is bs to have 230 users on xgs that I dont want on there just to send some quarantine digests...)

2. STAS wont help since it is bs to set up (RPC calls / remote registry) and I dont want to set up user based rules, also some users will never log into a Windows PC only have ActiveSync etc. so STAS wont see those users afaik, also shared mailboxes wont get digests so I cannot guarantee to the customer that all users will get a digest in case of quarantined mails

In general this is a big issue cause senders wont get a notice in all cases and of course there are important mails that can just "vanish from existance" without anyone noticing it.

This is just a joke (I hope I missed a way to set this up), I hope someone has a tip. I know that LuCarToni just said use Central Mail Protection instead and OnPrem cause it is legacy stuff but that is just a joke.

The guys from Astaro with UTM did a better job than those from Cyberoam with SFOS. Those from Astaro knew what Admins want and how things will be implemented and used in the real world, cannot say the same about SFOS. XStream is nice, ACL, modern Protocols, SSL/TLS real time decryption is great, but some parts are just bad.

Thanks in advance for any help and tipps.



This thread was automatically locked due to age.
  • +1

    Why did you purchase the Email Protection on the firewall (standalone and not part of the firewall bundle) and not the Central Email Product? There is a Promo to migrate UTM to SFOS and get Central Email Protection.

    In CEMA you can send the digest to all users as well as you can rethink the approach towards quarantine - For example you could strip content and give the Email without the attachment to the user. If the user wants the content, you can release it as an Admin. Or you can inform admin and user about emails in the quarantine to move certain tasks to users instead. 

    Generally speaking, CEMA does a way better job than UTM ever did and gives you more tools as a Admin to work though the modern Email Security. So as someone, who talks to customers and partners on a daily basis, my advice is always to not go with Email Protection on the firewall (UTM or SFOS) and take a look into CEMA. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Sorry for my tone, that doesnt help. Had some more issues with Sophos, the active license got deleted whilst the XGS was already productive at the customer, stuff like that.

    Still I dont get at all why it is not an option to send Quarantine Digests to the mailbox the quarantined mail was addressed to. Way simpler and better than via users/groups. Imo thats a basic thing I just expect for a MTA that supports quarantine at all. Expectation and reality are not the same. Just not thought out at all, but it is what it is and obviously no intention of changing it from Sophos, rather pushing customers into cloud as it is the general trend right now..

    Is it still an option to migrate the already activated XGS136 Email Protection AddOn to CEMA? I guess not and in that case it is probably not an option for that customer.

    Is there no other option, like at least being able to import all users belonging to an AD group into the XGS via WebAdmin to at least solve the issue that every user has to login into XGS manually? Even via some CSV stuff?

    Thanks anyways.

  • +1 in reply to TechnikBingo

    You could use the Import tool like this one:  Sophos Firewall: Importing User definitions into Sophos Firewall after v18.0 MR3 and v17.5 MR14 

     --> You can do a migration SFOS Email to CEMA - But it is a Sales Process. You can ping your local Sales Rep for options. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    The issues are now resolved as far as it is possible for me in this scenario and we will look into migrating to Central Mail Protection (or some alternative product for OnPrem) in time when the XGS EMail Protection runs out and we would need a renewal. If the custome ris happy with how it is, I will keep it this way, lets see how it goes from here.

    I already stated what I think of Sophos approach (maybe a little too harsh) so I will just write how it went. Maybe this helps someone facing the same issues.

    I went down the route to finally set up STAS since static CSV imports will only lead to new / edited mailboxes missing down the line. I disabled anything possible in STAS (like block traffic and track logoff stuff) and did not care about the WMI stuff to the clients, as it turned out not to be neccessary to just get the live users into the XGS Open Group to finally enable Quarantine Digests.

    STAS works fine so far and it is nice that STAS created users will stay in XGS, I simply set quarantine digests to hourly and the digest also lists every mail that went to quarantine since the XGS is running at the customer so nothing is missing there. Login to UserPortal is working fine and users can do self service if they manage to do so by themselves.

    I had to create 25 additional shared mailboxes by hand, I created another Shared-User group to kinda keep some sort of overview, that works as well and that of course is something the customer and I have to keep track of, but that is manageable. they have about 2 new users with mailbox a week on average but not a lot of rotation with shared mailboxes.

    Thanks a lot LuCar Toni to clearly state my options and to state where the limitations of XGS Email Protection are and what the alternative is (CEMA). Great help as always in this forum and sorry for directly mentioning your name in the beginning, you just wrote how Sophos does it, was wrong to mentioning your name, wasnt meant personal. Dont shoot the messenger..

    Have a nice day.

Unfiltered HTML