Using Trustwave SEG Cloud with Cloud-Based Solutions

Similar documents
Using Trustwave SEG Cloud with Exchange Online

How to Configure Office 365 for Inbound and Outbound Mail

Office 365 Standalone Security

Office 365 Inbound and Outbound SMX configuration. 4 th January 2018

Marshal Reporting Console Version 2.6 Installation Guide

Trustwave SEG Cloud BEC Fraud Detection Basics

How to Configure Esva for Office365

To create a few test accounts during the evaluation period, use the Manually Add Users steps.

Step 1 - Set Up Essentials for Office 365

Configuring Gmail (G Suite) with Cisco Cloud Security

Integrating Trend Micro Hosted Security with Google Gmail

Step 1 - Set Up Essentials for Office 365

Step 2 - Deploy Advanced Security for Exchange Server

Step 4 - Choose Your Deployment

Workshare Protect Server 3.9 on Microsoft Azure. Admin Guide

Setting up Microsoft Office 365

Trustwave SEG Cloud Customer Guide

Mail Assure. Quick Start Guide

Important Information

Mail Assure Quick Start Guide

Microsoft Exam

CAS Quick Deployment Guide January 2018

Competitive Matrix - IRONSCALES vs Alternatives

Microsoft PRO- Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010

Office 365 Integration Guide Software Version 6.7

SOLUTION MANAGEMENT GROUP

Mobile MOUSe EXCHANGE SERVER 2010 CONFIGURATION ONLINE COURSE OUTLINE

GLBA Compliance. with O365 Manager Plus.

Microsoft Exchange Server 2013 Hybrid Deployments Documentation Help

Introduction. The Safe-T Solution

How to configure Sophos for all other clients

TrendMicro Hosted Security. Best Practice Guide

Office 365: Secure configuration

Postini Message Security Using Postini with Google Apps Education Edition

SMTP Settings for Magento 2

GSX 365 Usage Usage & Compliance Reporting Collect, Analyze & Anticipate

Important Information

Sophos Appliance Configuration Guide. Product Version 4.3 Sophos Limited 2017

Connecting to Mimecast

WHITEPAPER Rewrite Services. Power365 Integration Pro

Integrate Microsoft Office 365. EventTracker v8.x and above

Mail Assure. User Guide - Admin, Domain and Level

Microsoft. Designing and Deploying Microsoft Exchange Server 2016 (beta)

XG Firewall. What s New in v17. Setup, Control Center and Navigation. Initial Setup Wizard. Synchronized App Control Widget.

HIPAA Compliance. with O365 Manager Plus.


Microsoft Office 365 TM & Zix Encryption

Welcome to ContentCatcher 3.0! If this is your first time using ContentCatcher 3.0, here s a great way to start. We ll walk you through the essential

Sophos Mobile. super administrator guide. Product Version: 8

Five9 Plus Adapter for Agent Desktop Toolkit

Symantec Security.cloud

GSX 365 Usage Reports & Security Audit

Office365 / G Suite Backup Manual

McAfee Network Security Platform 9.2

Getting Started Guide moduscloud

You can find more information about the service at

Sophos Mobile. super administrator guide. product version: 8.6

Cisco Cloud Web Security

Assess Remediate Enable Migrate

Marshal Reporting Console Installation Guide

On the Surface. Security Datasheet. Security Datasheet

Firewall XG / SFOS v16 Beta

Scan-to- . Copytech s guide to setting up Scan-to- on Konica Minolta M FDs

Ciphermail Webmail Messenger Administration Guide

FISMA Compliance. with O365 Manager Plus.

HySecure Quick Start Guide. HySecure 5.0

Sophos Mobile. startup guide. Product Version: 8.5

Troubleshooting IMAP Clients and ViewMail for Outlook

Sophos Mobile super administrator guide. Product version: 7.1

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

IBM SmartCloud Notes (SCN) Mail Routing

Enterprise Vault 11 Whitepaper Deploying IMAP Access to Enterprise Vault

Comodo Device Manager Software Version 4.0

Admin Guide Defense With Continuity

Set up a Customer Site

Comprehensive Setup Guide for TLS on ESA

Sophos Mobile. installation guide. Product Version: 8.5

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

SolarWinds Mail Assure

Five9 Plus Adapter for Microsoft Dynamics CRM

SMTP Scanner Creation

Using Centralized Security Reporting

Power365. Prerequisites. April 2018

Sophos Mobile. super administrator guide. product version: 9

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

CLOUD MAIL End User Guide. (Version 1.0)

Archiving Service. Exchange server setup (2013) AT&T Secure Gateway Service

Symantec ST Symantec Messaging Gateway Download Full Version :

Understanding the Pipeline

Sophos Mobile. server deployment guide. product version: 9

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Installation on Windows Server 2008

Christensen Software Exchange Server Configuration Guide

[MS20347]: Enabling and Managing Office 365

Configure Exchange 2003 Server

User Manual. Admin Report Kit for Exchange Server

Appliance Installation Guide

Comendo mail- & spamfence

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Workshare Protect Server 3.8. Solutions Guide

Transcription:

.trust Using Trustwave SEG Cloud with Cloud-Based Email Solutions Table of Contents About This Document 1 1 Trustwave SEG Cloud for Anti-Malware with Cloud-Based Email Solutions 2 2 Networking and DNS Setup 2 3 Provisioning Trustwave SEG Cloud 2 4 Configuring Exchange Online 3 4.1 Set up a connector to send outgoing messages through SEG Cloud... 4 4.2 Set up a connector to accept incoming messages from SEG Cloud... 6 4.3 Set up the SEG Connector Agent for Azure AD... 7 5 Configuring G Suite Email 11 5.1 Set up an Outbound Mail Gateway to deliver outgoing messages to SEG Cloud... 11 5.2 Set up an Inbound Mail Gateway to accept incoming messages from SEG Cloud... 11 About Trustwave 12 Trademarks 12 About This Document This document is for the use of email administrators who are using Trustwave SEG Cloud to accept and filter messages from the Internet, and a cloud based solution to host user mailboxes. This document provides specific instructions for configuration with Microsoft Exchange Online and Google G Suite. The same ideas can be used to configure other cloud-based mailbox hosting solutions.

1 Trustwave SEG Cloud for Anti-Malware with Cloud-Based Email Solutions In this scenario, the organization hosts user mailboxes on a cloud-based service such as Microsoft Exchange Online or Google G Suite Email. The organization uses the Trustwave SEG Cloud service to provide filtering of spam and malware, and other policy controls for both inbound and outbound messages. Internet Trustwave SEG Cloud Cloud Mailbox Hosting Service Connector Connector User Mailboxes 2 Networking and DNS Setup 1. Configure MX records for all your local domains to point to the Trustwave SEG Cloud environment: MX 10 seg.trustwave.com Note: In most cases MX records are updated when you are ready to direct email into the new environment (after all other configuration is complete). 2. Add the SEG Cloud server to your SPF record. For example you might enter v=spf1 include:spf.seg.trustwave.com all 3 Provisioning Trustwave SEG Cloud Trustwave Provisioning or Managed Security Services must configure SEG Cloud to accept and deliver email for your domains. 1. SEG Cloud will deliver email incoming for your managed domains to the cloud hosting environment. Provide the delivery details to Trustwave. Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 2

For Exchange Online, use the MX endpoint of your Exchange Online environment (such as yourexampledomain-com.mail.protection.outlook.com). For G Suite email, use the list of servers documented as G Suite MX record values. At the time this document was last reviewed the values were as in the table below. Destination Server Priority ASPMX.L.GOOGLE.COM 1 ALT1. ASPMX.L.GOOGLE.COM 5 ALT2. ASPMX.L.GOOGLE.COM 5 ALT3. ASPMX.L.GOOGLE.COM 10 ALT4. ASPMX.L.GOOGLE.COM 10 2. SEG Cloud will accept email relaying (messages sent to other domains from your managed domains) based on the configured inbound delivery addresses. For Exchange Online and G Suite, to ensure that the relaying addresses are up to date, Trustwave will also configure relaying based on the SPF records published by the service. 4 Configuring Exchange Online You will set up two connectors to route email between SEG Cloud and Exchange Online. To complete this step, you must have an Office 365 Administrator credential with permission to create connectors. You may find that the validation process only works with a Microsoft browser. To create a connector in Office 365: 1. From the top left corner, open the menu and then click the gray box Admin. Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 3

2. From the Admin left menu, click Exchange to go to the Exchange Admin Center. 3. Next, click mail flow, and then click connectors. 4.1 Set up a connector to send outgoing messages through SEG Cloud 1. To start the Connector wizard, click the plus symbol +. 2. On the first screen, choose a connector as follows: From: Office 365 To: Partner Organization Click Next. Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 4

3. On the next screen, give the connector a name and a detailed description. If you want to enable this routing immediately, check the box Turn it on. Click Next. 4. On the following screen (When do you want to use this connector?), select Only when email messages are sent to these domains. Click + to add recipient domains. On the Add domain window, enter * (to signify all domains), and then click Next. Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 5

5. On the next screen How do you want to route email messages?, select Route email through these smart hosts. 6. Click + to add a smart host. 7. Enter the externally resolvable hostname of the Trustwave SEG Cloud server: seg-outbound.trustwave.com 8. On the following screen How should Office 365 connect?: 9. The Transport Layer Security box should be selected. 10. Ensure that your connector validates. Save the connector. 4.2 Set up a connector to accept incoming messages from SEG Cloud Note: When you set up a connector as described in this section, Exchange Online will ONLY accept incoming SMTP messages that are sent from the SEG Cloud servers at the IP addresses you specify. Messages from any other source will be refused. The steps to accept incoming messages are similar to those for outgoing messages. 1. To start the Connector wizard, click the plus symbol +. 2. On the first screen, choose a connector as follows (note the direction): From: Partner Organization To: Office 365 Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 6

3. Give the connector a name and verbose description. 4. On the screen How do you want to identify the partner organization?, select Use the sender s domain. Click + to add sender domains. On the Add domain window, enter * (to signify all domains) 5. On the screen What security restrictions do you want to apply?, select Reject email messages if they aren t sent from within this IP address range Click + to add an IP address. On the Add ip address window, enter one of the IP address ranges of the Trustwave SEG Cloud servers. Note: Because you can only enter ranges with /24 or higher, you must enter four ranges to cover the required addresses. Repeat until you have added all four ranges: 204.13.200.0/24 204.13.201.0/24 204.13.202.0/24 204.13.203.0/24 Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 7

6. Choose to Reject email messages if they aren t sent over TLS. Do not require a subject name on the certificate. The connector information should appear as below: 7. Save the connector. 4.3 Set up the SEG Connector Agent for Azure AD The Connector Agent is an optional module of SEG Cloud that allows you to retrieve information about local user groups and email addresses from your Active Directory server or LDAP server, for use in SEG SEG Cloud policy. You can use the Connector Agent with Azure AD. Tip: For full instructions about how to download, install, and configure the Connector Agent, refer to the SEG Cloud Customer Guide. If you have a workstation or server available on premises that is a domain member, you can install and configure the Connector Agent in the same way as for a premises AD installation. Refer to the SEG Cloud Customer Guide. You can also use the Connector Agent to synchronize information from Azure AD using LDAPS. Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 8

To use the Connector Agent with Azure AD LDAPS: 1. Configure Secure LDAP (LDAPS) in Azure AD Domain Services. See the Microsoft documentation for this task. 2. Once secure LDAP access to your managed domain over the internet is successfully enabled, the Azure AD Domain Services management site shows the external IP address that can be used to access your directory over LDAPS in the field EXTERNAL IP ADDRESS FOR LDAPS ACCESS. 3. Install the Connector Agent on any computer that has Internet access (HTTPS access to SEG Cloud, and port 636 for LDAPS access to the Azure LDAPS IP address). Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 9

4. Create a new connector, and specify a LDAP directory of type Microsoft Active Directory. 5. Enter the Azure LDAPS IP address. Specify port 636 and select Connect using SSL. Enter logon credentials. 6. Click Next. The Agent tests the connection. 7. When the connection is successfully tested, continue the Wizard as described in the SEG Cloud Customer Guide. 8. When the connector has been successfully created, you can proceed to select groups for synchronization. Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 10

5 Configuring G Suite Email You will set up two gateways to route email between SEG Cloud and G Suite Email. To complete this step, you must have an Administrator credential for the service. 5.1 Set up an Outbound Mail Gateway to deliver outgoing messages to SEG Cloud 1. From the G Suite dashboard, go to Apps > G Suite > Gmail > Advanced settings. 2. In the Organizations section, highlight the top-level org. 3. Scroll down to the Outbound gateway section. 4. In the Outbound gateway text box, enter the externally resolvable hostname of the Trustwave SEG Cloud server: seg-outbound.trustwave.com 5. Save your changes. 5.2 Set up an Inbound Mail Gateway to accept incoming messages from SEG Cloud 1. From the G Suite dashboard, go to Apps > G Suite > Gmail > Advanced settings. 2. In the Organizations section, highlight your domain (top-level org). 3. Scroll down to Inbound gateway (you can also enter Inbound gateway in the search field). 4. Hover the cursor to the right of Inbound gateway. To create a new inbound gateway setting, click Configure. To edit an existing setting, click Edit. 5. Under Gateway IPs, enter the IP address range of the Trustwave SEG Cloud servers: 204.13.200.0/22 6. Also select Reject all mail not from gateway IPs and Require TLS for connections from the email gateways listed above. 7. Save your changes. Using Trustwave SEG Cloud with Cloud-Based Email Solutions - January 8, 2018 11

About Trustwave Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com. Trademarks G Suite is a trademark of Google, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback