05-30-2017 05:48 PM
Hi
I am confused about the best and secured approach to configuring the LDAP settings after migrating ESA from On-premises to the cloud?
Regards
Sakun
05-30-2017 07:36 PM
Hello Sakun,
The Cloud Email Security (CES) appliances use the same software, so the LDAP setup would be the same. The only thing you would need to take into consideration is any firewall holes you may need to make in order to allow the LDAP traffic from CES into your environment. I would also highly recommend performing LDAP over SSL with our CES appliances for enhanced security.
Thanks!
-Dennis M.
05-30-2017 08:10 PM
That is what I am worried about allowing LDAP from external to the internal. Can we use Azure AD with CES?
Kind regards
Sakun
05-30-2017 08:23 PM
Hello,
Yes, you can use Azure, but keep in mind the firewall ports will still need to be opened.
Thanks!
-Dennis M.
09-16-2017 07:21 PM
Curious on this, as we are about to set this up for quarantine work.
1) what firewalls need to be opened in cloud(CESA) to cloud (AzureAD)? Is there a FW set up on Cloude appliance?
2) can we use ADFS instead (is there SAML or OAUTH2 integration)
3) for administrators, can we force 2 Factor Authentication on LDAP CESA. We consider 2 Factors a minimum requirement for cloud Server administration.
We use on prem ADFS at the moment for our AzureAD with AzureMFA enabled for most cloud integrations, and would like to configure C-ESA with it as well.
Thanks
Geoff
07-11-2018 12:09 PM
Did you ever get a response on this? We are facing the same situation. We would like to connect our CES clusters to AzureAd for ldap lookups and could find little guidance from Cisco on how to do this.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: