Hello, I've read through many posts on this topic so I apologize if I'm simply overlooking something... I'm trying to enable SPX encryption on our UTM 9 firmware 9.503-4 and I've performed the following steps : I've added our exchange server as the upstream host Our internal network for Host-Based Relay Enabled SPX Encryption Status to Enabled I've enabled a DLP phrase to trigger the encryption I've set up a send connector in our Exchange Server The tried to send an e-mail using the trigger and I got an email back from the firewall : "a potentially confidential email has been blackholed and not delivered." What am I missing in the configuration that's prompting this reply? Thanks.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPX Encryption

Empty Set over 6 years ago

Hello,

I've read through many posts on this topic so I apologize if I'm simply overlooking something...

I'm trying to enable SPX encryption on our UTM 9 firmware 9.503-4 and I've performed the following steps :

I've added our exchange server as the upstream host
Our internal network for Host-Based Relay
Enabled SPX Encryption Status to Enabled
I've enabled a DLP phrase to trigger the encryption
I've set up a send connector in our Exchange Server

The tried to send an e-mail using the trigger and I got an email back from the firewall : "a potentially confidential email has been blackholed and not delivered."

What am I missing in the configuration that's prompting this reply?

Thanks.

This thread was automatically locked due to age.

Parents

0 BAlfson over 6 years ago

The Exchange server should not be in 'Upstream Hosts', rather, it should be in 'Host-based Relay'. Does that resolve your issue?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Empty Set over 6 years ago in reply to BAlfson

Thanks for the reply. That did not change the result.

What *should* be the address for the hostname?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to Empty Set

In the SPX configuration, the Hostname should be an FQDN that resolves to your public IP.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Empty Set over 6 years ago in reply to BAlfson

Thanks, Bob... when I put a FQDN in as the hostname, I am able to set a password and open it. However, the site shows as unsecure... even though I have a wildcard certificate uploaded; what am I missing?

Thanks!
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to Empty Set

Show a picture of the warning you get, tell us what FQDN you're browsing to and tell us the 'Hostname' defined in 'Management >> System Settings'.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Empty Set over 6 years ago in reply to BAlfson

It's not so much an error as a warning :

The hostname is the 'Management-->System Settings' is NOT resolvable to public DNS and doesn't match the FQDN hostname I used for the SPX settings.
Cancel
Vote Up 0 Vote Down

Cancel
0 giomoda over 6 years ago in reply to Empty Set

A screenshot of the body of the browser with the cause of the warning would be more suitable for us to help you. Have you uploaded a certificate signed by a public CA in Webserver Protection > Certificate Management and selected this certificate to be used for HTTPS communication in Management > WebAdmin Settings >HTTPS Certificate? SPX portal will use the same certificate as WebAdmin/User Portal, and that certificate CN needs to match the FQDN you provided in "SPX Portal Settings". You said you are using a wildcard certificate, so as long as the domain matches and the certificate is publicly trusted, you should not see a warning anymore.

Regards,

Giovani
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to Empty Set

"The hostname is the 'Management-->System Settings' is NOT resolvable to public DNS and doesn't match the FQDN hostname I used for the SPX settings."

I would urge you to correct that. See The Zeroeth Rule in Rulz for a trick to do this easily and almost painlessly. Be sure to get a good backup or two before you start so that you can go back quickly.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 6 years ago in reply to Empty Set

"The hostname is the 'Management-->System Settings' is NOT resolvable to public DNS and doesn't match the FQDN hostname I used for the SPX settings."

I would urge you to correct that. See The Zeroeth Rule in Rulz for a trick to do this easily and almost painlessly. Be sure to get a good backup or two before you start so that you can go back quickly.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data