10-15-2009 11:48 AM
Guys
Before I log a feature request, I was wondering if anyone else has a better suggestion in realtion to Forced Outbound TLS connections.
We currently have Preferred TLS turned on for all Inbound and Outbound conenctions. However for specific 3rd parties we have defined via the Destination controls that TLS must be used.
We are now in the situation that we are getting more and more requests to setup forced TLS conenctiosn to 3rd parties. This means that each time we have to add a new domain into the destination controls list, using the default settings, except for the "Forced" TLS option.
I have been looking for a better way to do this, but I can see anything. It would be nice to have something like the HAT with specific Outbound MFP's that we can just add domains to the Sender Group.
I suppose this is one of those nice to have things, but I am just trying to find a way to make the management of the Forced TLS connections a bit easier from our end.
Has anyone asked this previously, or got a better option?
10-16-2009 07:51 AM
There is an existing feature request # 50836, ability to import/export destination control list which can be edited off the box for bulk upload.
Please contact your sales rep or Cisco IronPort Support to have your request added to the FR.
Best,
Kishore
10-20-2009 04:06 PM
I am getting ready to switch our IronPort appliances to use Preferred TLS for all incoming/outgoing connections. Anyone else doing this? Good results?
10-21-2009 08:47 AM
Jason
We have been using Prefferred TLS for all Inbound and Outbound messages for the last year.
We have had no issues with it to date, and there was no performance hit on the appliances that we were aware of.
It also helps us to identify conpamies that our users are emailing that could be candidates for then moving to a forced TLS connection.
10-22-2009 04:50 PM
Thanks Wargot, it's on my list of changes to make.
10-30-2009 11:45 PM
Hello,
I can assure you that turning "prefered TLS" on has had no impact on our production traffic at all.
Steven
11-04-2009 10:37 AM
Dear all,
We also have set TLS to preferred since at least a year. No problem so far. The change was completely transparent to all users ! Like Wargot, we had no performance impact.
What we've done, specifically, is to set TLS to preferred for all HAT entries except for the THROTTLED and BLOCKED policies.
Make sure to use publicly trusted certificates (we use Wildcard certificates from Comodo), it will save you a lot of troubles !
Cheers,
Fred
11-04-2009 04:20 PM
Thanks for the input Fred.
06-28-2010 10:54 AM
Why would going from a forced TLS setting to a preferred TLS setting increase load?
I have some big banks requiring me to go from preferred to forced for hundreds of their domains. Has anyone done this? My concerns are basically load and syntax errors.
07-12-2010 07:10 AM
It increases load simply because encryption/decryption requires CPU time. It's not much for an individual message, but it adds up when you're processing many simultaneously.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide