[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 796
  • Last Modified:

FOPE outbound encryption policy

I have created an outboud policy in fope to encrypt messages being sent to internal addresses on the company domain. It is not working.

A) Can FOPE encrypt messages for internal addresses?
B) Please provide an example policy if this is possible.

Thanks in advance.
0
UnitedPres
Asked:
UnitedPres
  • 2
  • 2
1 Solution
 
Dave HoweCommented:
Not sure what you are asking. FOPE is a cloud/web hosted service similar to mimecast and mailcontrol, that sits between your exchange server and the internet allowing (amongst other things) Exchange Hosted Encryption (which while named confusingly isn't hosted in your Exchange, but in the FOPE instance, and more closely resembles the cisco CRES and zixmail services)

So the solution looks like:

[your exchange] == TLS encrypted tunnel == [FOPE] == OppTLS smtp == [The Internet]

internal mail never leaves exchange, never passes though FOPE, so never has any FOPE policies applied.
0
 
UnitedPresAuthor Commented:
Thanks for your response Mr. Howe,

This confirms that we can not create a policy in FOPE as the internal mail does not leave our exchange box.

Is there a way procedure to send an encyrted message internally?
0
 
Dave HoweCommented:
@UnitedPres:
  You *could* do such a thing, but not sure why you would want to.  All traffic between outlook and exchange (or the browser and webaccess) should be encrypted; FOPE does edge-router encryption (in that, mail leaving FOPE for the internet is encrypted, and arriving from the internet is decrypted) and once it is in exchange isn't encrypted at all.

  You *can* enforce use of s/mime via group policy; that will require that your users *and* everyone else they talk to all have s/mime digital certificates, and isn't compatible with FOPE encryption (in that all messages will already be required to be s/mime encrypted).

You could also use a datasink/transport agent to enforce use of s/mime internally, but that would just cause non-encrypted mails to fail (and not force-encrypt them) which would inconvenience your internal users for no good effect.
0
 
UnitedPresAuthor Commented:
Mr. Howe,

Thank you for responding. I feel you have answered my questions and appreciate your time.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now