Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

TLS implementation question

Posted on 2014-12-31
8
Medium Priority
?
444 Views
Last Modified: 2015-01-05
Hello Experts,

I have a client who wants to setup TLS to allow email between 2 companies. My client has an Exchange 2010 hybrid environment with office 365, and he wants to secure email communication with a lawyer firm

Please see request below


It is CompanyB's policy to "enforce" TLS. We will deliver email to domain(s) you specify only when we are able to establish a TLS connection to your server(s) which ensures that our email communications to any of your domains are sent securely.  We strongly recommend that you enforce your TLS connection(s) to all the Company's B domains for similar secure TLS email transmission of your data to any and all Aon recipients.

Company A:
Client has a Exchange hybrid 2010 environment with office 365, Symantec BrightMail spam gateway. internal email flow goes to Symantec Spam Gateway --> to Internet [Internet send connector[, they also have a Office 365 send connector and another internal Send connector for applications.

Company B; unknown , but I guess they have either Exchange 2010 or 2013

Can someone please summarize high level steps to setup TLS across companies? Please, consider the fact that we have Symantec Bright Mail servers spam gateways and office 365 hybrid environment

Can someone please attach a link, blog, technet, article with tons of screenshots step-by-step to deploy TLS across organizations?

Should we restart Exchange servers or spam gateways after deploying TLS?

Do we need some sort of certificates to allow emails tthrough TLS? IF SO, where this certificates should be deployed? at server level, at spam gateways? should we exchange certificates across companies?
if so , which certificate should be exchanged?

Your feedback is highly appreciated
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 8

Accepted Solution

by:
Jessie Gill, CISSP earned 2000 total points
ID: 40526078
If your mail flows out through a smart host, like the Symantec gateway then configure TLS on that (I am presuming the spam gateway is an appliance or another box with your external IP attached to it for mail.  I.E if Company A sends email to Company B and it routes through a smart host to the Symantec gateway then configure TLS on Symantec mail gateway. because the Symantec bright mail gateway is the one opening the connection to the other mail server/gateway.  On the receiving end they will need to configure TLS and enforce for your domain, no need to exchange certificates, once the TLS session opens that will auto happen.

A lot of the time the most gateway appliances/software allow self signed certificates that work most of the time, other wise you will have to get a signed certificate and import that into your software/appliance.

What version of the symatenc messaging gateway do you have?

I found an instruction manual that has all the steps needed to setup TLS if you have what I think you have. www.symantec.com/business/support/.../smg_administration_guide.pdf
0
 
LVL 44

Expert Comment

by:Amit
ID: 40526611
0
 

Author Comment

by:Jerry Seinfield
ID: 40527831
The client has Symantec 10.0.2

With that being said, nothing has to be done from the exchange servers? All emails is routed to the spam gateway [inbound/outbound], my only concern is the Office 365 component

Is that guide applicable to version 10.0.2?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Jerry Seinfield
ID: 40527843
Amit, the symantec link is broken.

Can you please send the correct one, and respond my last question?
0
 

Author Comment

by:Jerry Seinfield
ID: 40527920
Any updates?
0
 
LVL 44

Expert Comment

by:Amit
ID: 40527980
I gave you MS one. Not Symantec.
0
 

Author Comment

by:Jerry Seinfield
ID: 40527984
Ok, Jessie and all

Since all email is routed through Symantec spam gateway 10.0.2, and I need to implement TLS for a single company, can someone please summarize all steps to be performed from the Spam gateway [Symantec BrightMail 10.0.2] and from the exchange server

Like I mentioned earlier, the client has an Exchange 2010 Hybrid deployment with office 365, one internet send connector [all email goes to Symantec BrightMail host], and another send connector to Office 365

Will the TLS implementation be done at Symantec BrightMail and/or EXCHANGE SERVERS?

Can someone please attach official Symantec BrightMail guide 10.0.2 to implement TLS across 2 companies?
0
 

Author Comment

by:Jerry Seinfield
ID: 40528478
Anyone?
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft has changed the look and feel of Azure AD and Microsoft account sign-in pages so that you will have a more unified look and feel when moving between the two interfaces.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question