One of the critical steps in utilizing a new third-party certificate on the Cisco IronPort ESA is to assign the certificate to the IP Interface so it is used in HTTPS communications. This will enable the Cisco IronPort ESA to utilize your certificate for the administration and quarantine web pages. Note: These steps assume you have already completed the steps to install an SSL cert on your Cisco IronPort ESA.
Step 1) Click Network > IP Interfaces > Select Internal or desired interface
Step Read more [...]
One of the first things that should be done on a new IronPort Email Security Appliance (ESA) is configuring LDAP authentication to Active Directory.
0) create an AD account to be used for LDAP authentication (think of it like a service account, it needs to special rights)
1) Open your Cisco IronPort ESA web management and click System Administration > LDAP
2) Check 'Using Active Directory Wizard' and click 'Add LDAP Server Profile'
-Enter a name for the profile you can call Read more [...]
Issue: You have already setup IronPort TLS encryption and need to check whether TLS encryption is occurring on inbound or outbound email communication.
1) Click Monitor > TLS Connections
2) Change the time range to 90 days and review the Incoming TLS Connection statistics to see if there are any TLS connections showing up (Successful or Failed). If you have a high number of Failed TLS connections you may want to verify your IronPort certificate is setup correctly.
3) Read more [...]
Issue: You would like to require (or attempt) TLS encryption on inbound email communications from specific partner email domains.
Solution Snippet: In this walkthrough we will be creating a partner Sender Group and Mail a Flow Policy that prefers or requires TLS encrypted communication.
Create a new Mail Flow Policy called "TLS_Required_Policy"
click Mail Policies > Mail Flow Policies
click the Add Policy button
put TLS_Required_Policy in the Name field
Scroll down Read more [...]
Issue: After completing the steps to install a new SSL certificate on your Cisco IronPort ESA you need to assign the certificate to the various Cisco IronPort functions that require encryption (email communications, TLS, Quarantine and admin web pages).
Activating the new SSL Certificate:
To assign the new certificate for inbound SMTP email communication, open Network > Listeners and select the new certificate
Assign the certificate for use in Outbound TLS based email communications:
Mail Read more [...]