cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.2-020
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-239
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1430
Views
5
Helpful
5
Replies
daro
Beginner

ESA + CRES on TLS failed connections

Hi,

is it possible to have either content/message filter or some other solution to have a failover on TLS failed connections for a CRES envelope?

 

best case scenario would to have CRES configured to be used when a TLS connection fails.

 

any ideas?

thanks
daniel

1 ACCEPTED SOLUTION

Accepted Solutions
Mathew Huynh
Cisco Employee

Hey Daniel,

 

On the ESA (outgoing rules only) you can  configure emails to be sent with encryption profile configured and to use TLS and only fail-over to CRES when TLS fails.

 

However as shared, it's restricted to outbound traffic only - requires the encryption profile and CRES account and trusted TLS domains (cannot be applied globally, only via the list on CRES portal under your account).

 

Regards,

Mathew

View solution in original post

5 REPLIES 5
marc.luescherFRE
Enthusiast

Is the idea for failed connection which can not be sent via TLS or for messages which did not come in via TLS ?

the current requirement is for outbound messages only.
What I would like to see is a setting in the default entry of destination control to setup TLS support to something like - required, use encryption profile XY if TLS fails.
Mathew Huynh
Cisco Employee

Hey Daniel,

 

On the ESA (outgoing rules only) you can  configure emails to be sent with encryption profile configured and to use TLS and only fail-over to CRES when TLS fails.

 

However as shared, it's restricted to outbound traffic only - requires the encryption profile and CRES account and trusted TLS domains (cannot be applied globally, only via the list on CRES portal under your account).

 

Regards,

Mathew

Hi Mathew,


outgoing is good enough for my use case.


I have configured CRES a few times before, but only as an on-demand encryption service with outgoing content filters to match for *secure* or other subject triggers.

 

Can you point me to the correct chapter in the CRES admin guide? seems like I am only finding the TLS domain settings for secure replies.

 

thanks

daniel

never mind, I found it :-)

image.png

thanks
Daniel

 

 

Create
Recognize Your Peers
Content for Community-Ad