Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Messages > Enforced TLS connections
Enforced TLS connections
Administrator Help | Forcepoint Email Security | Version 8.5.x
The page Settings > Inbound/Outbound > Enforced TLS Connections is used to specify that connections to or from a specific IP or domain group use mandatory Transport Layer Security (TLS) and determine the security level used by that connection.
Functionality is used to define connection directions relative to the email SMTP server. Incoming connections are those from a protected or external domain or IP address group to the email protection system. Outgoing connections are those from the email system to a protected or external domain or IP address group.
After you define a group, you can change its order in the incoming or outgoing direction list. Select the group by marking its associated check box and use the Move Up or Move Down button to modify list order.
Delete a group by marking the check box and clicking Delete.
You may configure up to 32 incoming or outgoing connections.
Add an incoming or outgoing connection for which to use TLS
1.
Navigate to the page Settings > Inbound/Outbound > Enforced TLS Connections.
2.
Click Add.
The Add Incoming Connection page displays.
3.
In the text field Name, enter a name for your enforced TLS connection.
4.
From the pull-down menu Priority order, select a priority order for the connection.
5.
Specify the security level for the connection.
Security level options include the following:
*
Encrypt, the minimum enforcement level, used in all security levels
This security level is the only option available for incoming connections.
*
Encrypt and check CN, validation of a certificate's common name
*
Verify, validation that the certificate is from a trusted CA
*
Verify and check CN, validation of the certificate's common name and that the certificate is from a trusted CA
 
* 
Important 
To use the two "verify" options, you must have imported a trusted CA certificate. See Managing Transport Layer Security (TLS) certificates.
6.
Select one of the following connection encryption strength options:
*
Medium, which involves the use of cipher suites that use 128-bit encryption
*
High, which includes most cipher suites with key lengths larger than 128 bits
7.
Define the IP address or domain group subject to forced TLS connection; select one of the following options:
*
Any (for all connections)
This option applies to any connection, regardless of IP or domain address.
*
IP address group
Select an existing IP address group in the pull-down menu or create a new group using Add New IP Group.
*
Domain address group
Select an existing domain address group in the pull-down menu or create a new group using Add New Domain Group.
8.
Click OK.
The settings are saved.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Messages > Enforced TLS connections
Copyright 2022 Forcepoint. All rights reserved.