cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1929
Views
0
Helpful
5
Replies
Sakun Sharma
Beginner

LDAP configuration after migrating from On-premises to Cloud ESA

Hi

I am confused about the best and secured approach to configuring the LDAP settings after migrating ESA from On-premises to the cloud?

Regards

Sakun

5 REPLIES 5
dmccabej
Cisco Employee

Hello Sakun,

The Cloud Email Security (CES) appliances use the same software, so the LDAP setup would be the same. The only thing you would need to take into consideration is any firewall holes you may need to make in order to allow the LDAP traffic from CES into your environment. I would also highly recommend performing LDAP over SSL with our CES appliances for enhanced security. 

Thanks!

-Dennis M.

Thanks Dennis.

That is what I am worried about allowing LDAP from external to the internal. Can we use Azure AD with CES?

Kind regards

Sakun

Hello,

Yes, you can use Azure, but keep in mind the firewall ports will still need to be opened.

Thanks!

-Dennis M.

Curious on this, as we are about to set this up for quarantine work.

 

1) what firewalls need to be opened in cloud(CESA) to  cloud (AzureAD)?  Is there a FW set up on  Cloude appliance?

 

2) can we use ADFS instead (is there SAML or OAUTH2 integration)

 

3) for administrators, can we force 2 Factor Authentication on LDAP CESA.  We consider 2 Factors a minimum requirement for cloud Server administration.

 

We use on prem ADFS at the moment for our AzureAD with AzureMFA enabled for most cloud integrations, and would like to configure C-ESA with it as well.

 

Thanks

Geoff 

Did you ever get a response on this?   We are facing the same situation.  We would like to connect our CES clusters to AzureAd for ldap lookups and could find little guidance from Cisco on how to do this.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE- Guest and Posture Troubleshooting (37%)

Content for Community-Ad