Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1259
Views
0
Helpful
4
Replies

DLP inside the organiztion

chmeehan0421
Level 1
Level 1

‎01-28-2011 06:42 AM

I'm curious as to what other email admins are doing today with DLP inside the organization. I mean, the Ironport is meant to monitor traffic in and out of the org and apply DLP policies, but what about internal mail traffic going from dept to dept that might viloate as well? Any crafty transport rules if using Exchange out there? Any add-on third party software that I don't know about? Modify internal routing so that all messages pass through ironport for dlp processing.

What are you doing today? And also if this is not allowed discussion on the board, please let me know and I will post on a blog.

Chris

Labels:
0 Helpful
4 Replies 4

viahmed
Cisco Employee
Cisco Employee

‎01-31-2011 10:43 PM

Hi Chris,

I am not aware of any third party softwares but you can diffinitely route your internal traffic through IronPort. Customers normally route internal traffic through IronPort for virus scanning, can go for DLP too.

Regards,

Viquar

Customer Support Engineer Cisco IronPort

0 Helpful

chmeehan0421
Level 1
Level 1
In response to viahmed

‎02-08-2011 06:29 AM

Viquar -

Thanks for the response. Do you have any customers that are currently routing internal exchange 2007 / 2010 messages through the ironport for processing?

I ask because the way the hub transport role works, I'm not sure how one would achieve this, even if they configure all connectors to route through a smart host.

Chris

0 Helpful

viahmed
Cisco Employee
Cisco Employee
In response to chmeehan0421

‎02-08-2011 12:41 PM

Hi Chris,

Routing internal traffic through IronPort is not recommended but it is configurable. Your internal traffic is still going to match the sender group 'RelayList' but instead of sending traffic to internet, IronPort will deliver back to internal servers. IronPort check the destination host once recieved the message and based on destination it routes the traffic. If the destination host is your internal server, it will check the RAT table for the destination domain entry and via SMTP routes it will deliver to the destination server. If the message is going to internet, DNS servers will decide the destination server based on domain MX record.

Hope answered the question.

Viquar

Customer Support Engineer

0 Helpful

chmeehan0421
Level 1
Level 1
In response to viahmed

‎02-09-2011 05:11 AM

Thanks Viquar, I'm following you with the IronPort routing. However, I'm not following how I could route my internal exchange traffic through the ironport.

The hub transport server introduced with Exchange 2007 handles all message routing for intra-org and inter-org messages. Intra-org messages however will not be routed through to my smarthost (ironport) for processing, only delivered to proper destination mailbox server and eventually my email client.

So my question is still this.. Specific to Exchange 2007 and Exchange 2010, if it's possible and has been done, how would one configure the hub transport role

to route ALL mail traffic to the IronPort device for processing?

Thanks again for the help,

Chris

0 Helpful
Customers Also Viewed These Support Documents