Cisco IronPort ESA

Cisco IronPort Email Security Appliance (ESA)

Cisco IronPort ESA: Assign https certificate for quarantine and admin web pages

One of the critical steps in utilizing a new third-party certificate on the Cisco IronPort ESA is to assign the certificate to the IP Interface so it is used in HTTPS communications.  This will enable the Cisco IronPort ESA to utilize your certificate for the administration and quarantine web pages.  Note: These steps assume you have already completed the steps to install an SSL cert on your Cisco IronPort ESA. Step 1) Click Network > IP Interfaces > Select Internal or desired interface Step Read more [...]

How to Setup Ironport LDAP with Active Directory

One of the first things that should be done on a new IronPort Email Security Appliance (ESA) is configuring LDAP authentication to Active Directory. 0) create an AD account to be used for LDAP authentication (think of it like a service account, it needs to special rights) 1) Open your Cisco IronPort ESA web management and click System Administration > LDAP 2) Check 'Using Active Directory Wizard' and click 'Add LDAP Server Profile' 3) -Enter a name for the profile you can call Read more [...]

how to verify IronPort TLS is working

Issue: You have already setup IronPort TLS encryption and need to check whether TLS encryption is occurring on inbound or outbound email communication. 1) Click Monitor > TLS Connections   2) Change the time range to 90 days and review the Incoming TLS Connection statistics to see if there are any TLS connections showing up (Successful or Failed).  If you have a high number of Failed TLS connections you may want to verify your IronPort certificate is setup correctly. 3) Read more [...]

Setup TLS on inbound email from specific domains – IronPort

Issue: You would like to require (or attempt) TLS encryption on inbound email communications from specific partner email domains. Solution Snippet: In this walkthrough we will be creating a partner Sender Group and Mail a Flow Policy that prefers or requires TLS encrypted communication. Solution Walkthrough Create a new Mail Flow Policy called "TLS_Required_Policy" click Mail Policies > Mail Flow Policies click the Add Policy button put TLS_Required_Policy in the Name field Scroll down Read more [...]

assign new SSL cert on Cisco IronPort ESA

Issue: After completing the steps to install a new SSL certificate on your Cisco IronPort ESA you need to assign the certificate to the various Cisco IronPort functions that require encryption (email communications, TLS, Quarantine and admin web pages). Activating the new SSL Certificate: To assign the new certificate for inbound SMTP email communication, open Network > Listeners and select the new certificate Assign the certificate for use in Outbound TLS based email communications: Mail Read more [...]