This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPX Encryption

Hello,

 

 I've read through many posts on this topic so I apologize if I'm simply overlooking something...

 

 I'm trying to enable SPX encryption on our UTM 9 firmware 9.503-4 and I've performed the following steps : 

 

  1. I've added our exchange server as the upstream host
  2. Our internal network for Host-Based Relay
  3. Enabled SPX Encryption Status to Enabled
  4. I've enabled a DLP phrase to trigger the encryption
  5. I've set up a send connector in our Exchange Server

 

The tried to send an e-mail using the trigger and I got an email back from the firewall : "a potentially confidential email has been blackholed and not delivered."

What am I missing in the configuration that's prompting this reply?

 

  Thanks. 



This thread was automatically locked due to age.
  • Hi,

     

    I think I know whats wrong:

     

    Try to go to "email protection" -> "smtp" -> "data protection". The policy should say "blackhole" right now.

    Simply change it to "encrypt with spx" and there you go!

     

    Regards,

     

    Ole

  • Thank you, Ole... that did indeed change the message.  It now says that it has been encrypted, but when I view the log, I see "SPX Failure (password_not_presented)."

     

    I'm able to get it to work with One-Time Password but "Specified by recipient" fails with the above message.  Also, if I to use the reply portal; what do I need to do use for my hostname?  I have listen as my WAN, default port and allowed networks ANY.

     

      Thanks. 

     

  • Can anyone help elaborate on what's necessary for the "reply portal" to be usable to the public?

     

      Thanks. 

  • The Exchange server should not be in 'Upstream Hosts', rather, it should be in 'Host-based Relay'.  Does that resolve your issue?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for the reply.  That did not change the result. 

     

    What *should* be the address for the hostname?  

  • In the SPX configuration, the Hostname should be an FQDN that resolves to your public IP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks, Bob... when I put a FQDN in as the hostname, I am able to set a password and open it.  However, the site shows as unsecure... even though I have a wildcard certificate uploaded; what am I missing?

     

      Thanks!

  • Show a picture of the warning you get, tell us what FQDN you're browsing to and tell us the 'Hostname' defined in 'Management >> System Settings'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It's not so much an error as a warning : 

     

     

    The hostname is the 'Management-->System Settings' is NOT resolvable to public DNS and doesn't match the FQDN hostname I used for the SPX settings.  

  • A screenshot of the body of the browser with the cause of the warning would be more suitable for us to help you. Have you uploaded a certificate signed by a public CA in Webserver Protection > Certificate Management and selected this certificate to be used for HTTPS communication in Management > WebAdmin Settings >HTTPS Certificate? SPX portal will use the same certificate as WebAdmin/User Portal, and that certificate CN needs to match the FQDN you provided in "SPX Portal Settings". You said you are using a wildcard certificate, so as long as the domain matches and the certificate is publicly trusted, you should not see a warning anymore. 

    Regards,

    Giovani