|Product Support||Talos Support||Cisco Support||Reference +||Current Release|
|Gateway||Reputation Lookup||Open a support case||Secure Email Guided Setup|
|Cloud Gateway||Email Status Portal||Support & Downloads||docs.ces.cisco.com|
|Email and Web Manager||Web & Email Reputation||Worldwide Contacts||Product Naming Quick Reference|
|Cloud Mailbox||Notification Service|
Before I log a feature request, I was wondering if anyone else has a better suggestion in realtion to Forced Outbound TLS connections.
We currently have Preferred TLS turned on for all Inbound and Outbound conenctions. However for specific 3rd parties we have defined via the Destination controls that TLS must be used.
We are now in the situation that we are getting more and more requests to setup forced TLS conenctiosn to 3rd parties. This means that each time we have to add a new domain into the destination controls list, using the default settings, except for the "Forced" TLS option.
I have been looking for a better way to do this, but I can see anything. It would be nice to have something like the HAT with specific Outbound MFP's that we can just add domains to the Sender Group.
I suppose this is one of those nice to have things, but I am just trying to find a way to make the management of the Forced TLS connections a bit easier from our end.
Has anyone asked this previously, or got a better option?
There is an existing feature request # 50836, ability to import/export destination control list which can be edited off the box for bulk upload.
Please contact your sales rep or Cisco IronPort Support to have your request added to the FR.
We have been using Prefferred TLS for all Inbound and Outbound messages for the last year.
We have had no issues with it to date, and there was no performance hit on the appliances that we were aware of.
It also helps us to identify conpamies that our users are emailing that could be candidates for then moving to a forced TLS connection.
We also have set TLS to preferred since at least a year. No problem so far. The change was completely transparent to all users ! Like Wargot, we had no performance impact.
What we've done, specifically, is to set TLS to preferred for all HAT entries except for the THROTTLED and BLOCKED policies.
Make sure to use publicly trusted certificates (we use Wildcard certificates from Comodo), it will save you a lot of troubles !
Why would going from a forced TLS setting to a preferred TLS setting increase load?
I have some big banks requiring me to go from preferred to forced for hundreds of their domains. Has anyone done this? My concerns are basically load and syntax errors.
It increases load simply because encryption/decryption requires CPU time. It's not much for an individual message, but it adds up when you're processing many simultaneously.