1. Do I apply these policies on the incoming mail policies or outgoing? Taking into consideration I have a 2-data port topology where data-1 is configured to face the internet (public) and data-2 is facing the LAN (private)
the decision if a connection is inbound or outbound is made based on the type of listener or mail flow policy. Basically, if a message comes trough a private listener, or a sendergroup with a RELAY mail flow policy, that connection is considered outbound, in all other cases it will be inbound.
About your policies, not sure if they will work as I am unsure how you configured:
“deny from email@example.com to firstname.lastname@example.org ”, could you be more specific on that? Also, why not set those rules up directly on the mail servers instead on the email security appliance? Would make configuration less complex.
Because I want to block email@example.com to send email to firstname.lastname@example.org only, I will have to define specific policies that drops email@example.com to firstname.lastname@example.org, then allow email@example.com to every other email. Something like firewall rules performing specific deny and allow any any at the last line.
I performed some internal testings and I realize that in order to specifically block from firstname.lastname@example.org to email@example.com, I have to define sender = firstname.lastname@example.org in the outgoing mail policy and email@example.com in the outgoing mail filter under filter = envelope recipient; action = drop (or vice versa). Otherwise, if I place sender = firstname.lastname@example.org and recipient = email@example.com in the mail policy, any email from firstname.lastname@example.org OR to email@example.com will hit the policy.
I feel that this is kind of brainless to do such thing and will add operational complexity. Unfortunately, my customer has a very strict security environment. I did say the same thing to him. "Why don't control on the server end?". He replied "what if my servers get compromised?"
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n...
Question. Our legal folks have asked if it is possible to add a footer to outbound email if it went out via TLS. So if it successfully negotiates TLS, can we add a footer that says "Sent successfully via TLS 1.2". Is this possible? ...
Segmentation Strategy - An ISE Prescriptive Guide
For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document ...
We have the Endpoint purge to delete any thing over 365 days, but this wasn't working as standard since in was installedSo disabled and enabled again and this seem to fix it, as had just under 200k endpoints captured. But it removed all clients that ...
When we unregister FTD from FMC and re-register, all the static routes are lost on it. Sometimes device has database corruption, if re-image is the only solution then upon re-image, FTD comes up fresh and we need to configure everything from scra...