Ability to deliver e-mails from CRES encrypted or dedicated TLS based on recipient?
We currently have 7500 internal users authorized to do e-mail encryption via our on-premise IronPort appliances and CRES. All is working great except for responses from external recipients. I have about 4000 users that do not want those e-mails encrypted, and want them delivered via a required TLS connection, mostly because they do not want to decrypt all of the e-mails. Well, I also have about 3500 users who want the e-mails encrypted for security reasons.
My understanding is I can either setup CRES to deliver all e-mails to my organization encrypted or all e-mails to my organization via required TLS connection. Still correct? If so, how do I resolve the above problem?
My work around is I could possibly encrypt the e-mails after they arrive at my organization for the 3500 users, but this doesn't make much sense to me as they have already traversed the internet (albeit via a TLS connection) to get to me.
Your analysis is correct, and I think your workaround (encrypting incoming replies) is the only option. Whether that is worth doing depends on why the 3500 users want the replies encrypting to their desktop. Is there some regulatory reason? Do the senders want to authenticate? Do they not trust the internal network? You will need to find the business reason behind this or convince them that is is secure enough with TLS to your gateway.
I was helping some friends and they were trying to solve a scalable VPN issues, specially these days with the pandemic situation.
I recommended to implement ASA VPN Load-Balancing.
This will allow to keep 1 FQDN for all RA-VPN users an...
Purpose of this article is to share our experience during that Covid-19 period where we were able to successfully setup a VPN configuration for remote worker using Alcatel 8068S phones with FTD 2110 running 126.96.36.199.I would like to thank all of my colleagu...
If you have ever configured central web authentication with ISE you understand that it requires one to configure ACL that dictates what traffic is to be redirected vs. let through without redirection. You also understand that this ACL needs to be config...
Cisco Defense Orchestrator (CDO) is a cloud-based multi-device manager that can manage security products like the Adaptive Security Appliance (ASA), the Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.&nb...