Tag Archives: TLS

how to verify IronPort TLS is working

Issue: You have already setup IronPort TLS encryption and need to check whether TLS encryption is occurring on inbound or outbound email communication. 1) Click Monitor > TLS Connections   2) Change the time range to 90 days and review the Incoming TLS Connection statistics to see if there are any TLS connections showing up (Successful or Failed).  If you have a high number of Failed TLS connections you may want to verify your IronPort certificate is setup correctly. 3) Read more [...]

Setup TLS on inbound email from specific domains – IronPort

Issue: You would like to require (or attempt) TLS encryption on inbound email communications from specific partner email domains. Solution Snippet: In this walkthrough we will be creating a partner Sender Group and Mail a Flow Policy that prefers or requires TLS encrypted communication. Solution Walkthrough Create a new Mail Flow Policy called "TLS_Required_Policy" click Mail Policies > Mail Flow Policies click the Add Policy button put TLS_Required_Policy in the Name field Scroll down Read more [...]

assign new SSL cert on Cisco IronPort ESA

Issue: After completing the steps to install a new SSL certificate on your Cisco IronPort ESA you need to assign the certificate to the various Cisco IronPort functions that require encryption (email communications, TLS, Quarantine and admin web pages). Activating the new SSL Certificate: To assign the new certificate for inbound SMTP email communication, open Network > Listeners and select the new certificate Assign the certificate for use in Outbound TLS based email communications: Mail Read more [...]

How to setup TLS on IronPort

These steps walk you through configuring TLS encryption on email communication with specific partner domains or configuring TLS for all Outbound and Inbound email. TLS for Incoming Mail Receiving mail is controlled by the HAT Overview/Mail Flow Policies.  In other words, when hosts attempting to send mail to your organization connect to your Ironport appliance. setup TLS encryption for all inbound email I chose to set TLS Preferred across the board by enabling TLS on my ‘Accepted’ and Read more [...]

How to Setup SSL Cert on IronPort

Issue: You would like to setup a third-party SSL certificate on your Ironport Email Security Appliance to facilitate IronPort TLS encryption of messages and HTTPS encryption for IronPort quarantine and admin pages. Background: The IronPort does include a self-signed certificate, however a self-signed cert is not generated by a Certificate Authority recognized by mail servers and web browsers. You will need to buy an SSL certificate from a recognized third party certificate authority like GoDaddy(25%OFF), or Read more [...]