07-25-2022 11:01 AM
Hello,
We are in the process of migrating from Forcepoint Email Gateway to Cloud ESA. Forcepoint has a blacklist which contains around 12200 IP addresses, which can be exported. When we move to the cloud ESA we are planning to quarantine these emails for Forensics purposes. I believe the option here is to use either a content filter or a message filter. HAT option is not applicable since the requirement is to quarantine the email. In the Cloud ESA is there any option to upload them as bulk?. Adding them one by one will be a real pain.
Thanks
07-25-2022 11:37 AM
07-25-2022 11:56 AM
Hi Ken,
Thanks a lot for your response. In the dictionary is it possible to add IP addresses?.
If it does then I will add the entries to the dictionary and then create a content filter with "other header" condition and select the header=received and point it to the dictionary I created right.
Thanks
Thanks
07-25-2022 01:44 PM
07-27-2022 05:35 AM
Hi Ken,
Actually the customer later decided to use only the IPs added in the last few months, which is around 200 IPs. But they need to block emails coming from these IPs and Emails going to these IPs. In the incoming content filter I saw an option called "Remote-IP" which I am planning to use for incoming emails. For outgoing emails I cannot use the "Remote-IP" option since the description says "Was the message sent from a remote host that matches a specified IP address or Hostname?". What would be best option here?.
Thanks
07-27-2022 06:47 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: