cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
399
Views
0
Helpful
7
Replies
Highlighted
Beginner

How to configure ESAv C100V for on demand outbound email encytpion only?

I want to setup a outbound configuration only on a ESAv C100V. But rather than have all outbound traffic flow through the C100V, can I just setup a policy that when triggered (via #secure# added to the subject line) routes the outbound email to be encrypted through the C100V? All other non-encrypted outbound emails would continue to go through our front end Exchange Server.

 

Is this possible?

7 REPLIES 7
Highlighted
Engager

Re: How to configure ESAv C100V for on demand outbound email encytpion only?

That's really an Exchange question.

I suspect that you can do it with a transport rule.

We send all outbound to the ESA and use an outbound content rule to select what to encrypt. The ESA makes DKIM/DMARC easy too...



Highlighted
Beginner

Re: How to configure ESAv C100V for on demand outbound email encytpion only?

Okay. So essentially all outbound non-encrypted emails would simply pass through the ESAv. What is the throughput of the C100V? can it handle a large volume of emails that are simply passing through?

Highlighted
Engager

Re: How to configure ESAv C100V for on demand outbound email encytpion only?

I pushed a C100V to a couple thousand messages an hour, but I don't have numbers on what they should be able to handle.
They're intended to support 1000 users based on whatever stats they have.

https://www.cisco.com/c/en/us/products/collateral/security/email-security-appliance/data-sheet-c78-729751.html




Highlighted
Beginner

Re: How to configure ESAv C100V for on demand outbound email encytpion only?

Thanks for the replies. Can anyone point me towards some instructions for setting up the C100V for outbound mail only? It's weird, but a lot of the info I'm finding is not very detailed--either that or the setup is very simple.

Highlighted
Cisco Employee

Re: How to configure ESAv C100V for on demand outbound email encytpion only?

Hello,

 

It's quite simple but can probably be daunting if it's your first time setting it up

 

The general requirements are: Interface -> Routing -> DNS -> Listener (Private) -> Recipient Access Table (RAT) -> Host Access Table (HAT) -> SMTP Routes. The private listener is what you will want to use for outgoing. If you plan to use the same IF/listener in the future for both incoming AND outgoing traffic, then you'll want to set it as public. The primary distinction between incoming vs. outgoing (excluding the listener) is the connection behavior that's set on the mail flow policy. When it's set to accept it's considered incoming and when set to relay considered outgoing. 

 

Thanks!

-Dennis M.

Highlighted
Beginner

Re: How to configure ESAv C100V for on demand outbound email encytpion only?

Thanks. Would I need to configure an additional connector on the exchange 2016 front end side to point towards the C100V? Also, replies to the secure/encrypted emails would go directly to the exchange server front end or would I need to configure the C100V for inbound mail as well?

________________________________

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. Email messages to clients of Bestcare, Inc may contain information that is confidential and legally privileged. Please do not read, copy, forward or store this message unless you are the intended recipient of it. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Bestcare, Inc accepts no liability for any damage caused by any virus transmitted by this email.
Highlighted
Cisco Employee

Re: How to configure ESAv C100V for on demand outbound email encytpion only?

Hello,

 

If only outbound then you should only need to modify the send connector on the Exchange side to route through the new vESA. The vESA would not need to process/re-process any incoming email that is encrypted and can go directly back to Exchange. 

 

Thanks!

-Dennis M.