Configure Encryption Service on SonicWall Email Security
Description
The Encryption Service is Software-as-a-Service (SaaS) which provides secure delivery of your e-mail. E-mails which have [SECURE] as a tag at the beginning of the subject line will be encrypted and delivered to the recipient(s). Additionally, the administrator can create a policy with some condition and an action of ‘Route to Encryption Service’. E-mails which satisfy the set condition(s) will be encrypted. Please enable outbound policy to send secure mails.
Once receiver receives a secure email, this email will contain an URL which will prompt receiver to register (create an account) with secure server, once the account is created receiver can view his/her account and can see the secure email.
Resolution
Step 1:
License the Encryption service on mysonicwall.com.
In Classic Mode, enter the key in the Quick Register section and click Next.
In Contemporary Mode, click the + the product icon
Enter the activation key in the pop up & click Confirm
Select the appliance to which the Encryption subscription will be applied, and click Activate
Step 2:
Complete activation
Select the Data Center location and provide the information requested.
Click Activate
A Success banner will display at the top of the page when the service has been successfully activated.
Step 3:
Go to My Products and click to expand the Services list
Click the link to Activate the Encryption Service Account **Make sure that pop-up blocker is disabled**
In Classic Mode, click the link to the ES appliance
Then click the Activate Encryption Service Account link in the upper right corner.
Select the Data Center Location and re-enter the Domain information then click Submit
Step 3:
Configure the Encryption service on the ES appliance
Log into the Email Security appliance and go to the Encryption Service page
On firmware versions 9.0.x and older, click the link on the left menu
On firmware versions 9.1.x and newer, click the Manage button on the top menu, then Encryption Service on the left menu
Add any additional domains from which mail will be sent to the Encryption service and Apply Changes
Add the Public IP(s) from which email will be sent to the Encryption Service. Also add the IP(s) responsible for receiving from the Encryption Service, if necessary. Apply Changes
NOTE: It can take up to one hour for the Account Management Settings to thoroughly replicate
Once the Account settings are saved, go to Policy & Compliance > Filters and click the Outbound button
The Email Security Appliance comes pre-configured with a filter to route mail to the Encryption Service. The filter is disabled by default and will have to be enabled. To do that, click Edit next to the filter name.
Place a check in the box next to Enable this filter: then click Save This Filter.
NOTE: It is recommended to update the Matching condition from ‘starts with’ to ‘contains’. This will ensure email will be routed to the Encryption service as long as the subject line contains the Search Value.
Additional conditions can be added as long as the filter is configured to trigger if Any of the conditions are met.
NOTE: Any search value can be used and the values are not case sensitive; however, all other conditions must be met in order to trigger the filter and properly route the message. For instance, using the above conditions, a sender can prepend/append the subject line of an email with [secure] and the filter will be triggered. However, if the sender prepends/appends the subject with (secure), the filter will not trigger because use of parenthesis is not an accepted Search Value.
After the filter is enabled, all mail that meets the conditions of the filter will be routed to the Encryption service.
If the domain has an SPF record, include _spf.sonicsecuremail.com in the SPF record to ensure email routed through the Encryption Service is not flagged as spoofed.