Solved

FOPE outbound encryption policy

Posted on 2013-01-08
4
737 Views
Last Modified: 2013-02-11
I have created an outboud policy in fope to encrypt messages being sent to internal addresses on the company domain. It is not working.

A) Can FOPE encrypt messages for internal addresses?
B) Please provide an example policy if this is possible.

Thanks in advance.
0
Comment
Question by:UnitedPres
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 38758109
Not sure what you are asking. FOPE is a cloud/web hosted service similar to mimecast and mailcontrol, that sits between your exchange server and the internet allowing (amongst other things) Exchange Hosted Encryption (which while named confusingly isn't hosted in your Exchange, but in the FOPE instance, and more closely resembles the cisco CRES and zixmail services)

So the solution looks like:

[your exchange] == TLS encrypted tunnel == [FOPE] == OppTLS smtp == [The Internet]

internal mail never leaves exchange, never passes though FOPE, so never has any FOPE policies applied.
0
 

Author Comment

by:UnitedPres
ID: 38758924
Thanks for your response Mr. Howe,

This confirms that we can not create a policy in FOPE as the internal mail does not leave our exchange box.

Is there a way procedure to send an encyrted message internally?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 38759270
@UnitedPres:
  You *could* do such a thing, but not sure why you would want to.  All traffic between outlook and exchange (or the browser and webaccess) should be encrypted; FOPE does edge-router encryption (in that, mail leaving FOPE for the internet is encrypted, and arriving from the internet is decrypted) and once it is in exchange isn't encrypted at all.

  You *can* enforce use of s/mime via group policy; that will require that your users *and* everyone else they talk to all have s/mime digital certificates, and isn't compatible with FOPE encryption (in that all messages will already be required to be s/mime encrypted).

You could also use a datasink/transport agent to enforce use of s/mime internally, but that would just cause non-encrypted mails to fail (and not force-encrypt them) which would inconvenience your internal users for no good effect.
0
 

Author Closing Comment

by:UnitedPres
ID: 38759372
Mr. Howe,

Thank you for responding. I feel you have answered my questions and appreciate your time.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now