Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2147
Views
5
Helpful
5
Replies

ESA + CRES on TLS failed connections

Go to solution
daro
Level 1
Level 1

‎11-20-2019 07:33 AM

Hi,

is it possible to have either content/message filter or some other solution to have a failover on TLS failed connections for a CRES envelope?

 

best case scenario would to have CRES configured to be used when a TLS connection fails.

 

any ideas?

thanks
daniel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎11-25-2019 03:54 PM

Hey Daniel,

 

On the ESA (outgoing rules only) you can  configure emails to be sent with encryption profile configured and to use TLS and only fail-over to CRES when TLS fails.

 

However as shared, it's restricted to outbound traffic only - requires the encryption profile and CRES account and trusted TLS domains (cannot be applied globally, only via the list on CRES portal under your account).

 

Regards,

Mathew

View solution in original post

5 Replies 5

Go to solution
marc.luescherFRE
Spotlight
Spotlight

‎11-20-2019 07:54 AM

Is the idea for failed connection which can not be sent via TLS or for messages which did not come in via TLS ?

0 Helpful

Go to solution
daro
Level 1
Level 1
In response to marc.luescherFRE

‎12-02-2019 04:00 AM

the current requirement is for outbound messages only.
What I would like to see is a setting in the default entry of destination control to setup TLS support to something like - required, use encryption profile XY if TLS fails.
0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎11-25-2019 03:54 PM

Hey Daniel,

 

On the ESA (outgoing rules only) you can  configure emails to be sent with encryption profile configured and to use TLS and only fail-over to CRES when TLS fails.

 

However as shared, it's restricted to outbound traffic only - requires the encryption profile and CRES account and trusted TLS domains (cannot be applied globally, only via the list on CRES portal under your account).

 

Regards,

Mathew

Go to solution
daro
Level 1
Level 1
In response to Mathew Huynh

‎12-02-2019 03:54 AM

Hi Mathew,


outgoing is good enough for my use case.


I have configured CRES a few times before, but only as an on-demand encryption service with outgoing content filters to match for *secure* or other subject triggers.

 

Can you point me to the correct chapter in the CRES admin guide? seems like I am only finding the TLS domain settings for secure replies.

 

thanks

daniel

0 Helpful

Go to solution
daro
Level 1
Level 1
In response to Mathew Huynh

‎12-02-2019 04:17 AM

never mind, I found it :-)

image.png

thanks
Daniel

 

 

0 Helpful
Customers Also Viewed These Support Documents