en-US
search-icon

Email Security 9.0 Admin Guide

Encryption Service

The Encryption Service feature works in tandem with Email Security as a Software-as-a-Service (SaaS), which provides secure mail delivery solutions. The mail messages that have [SECURE] as part of the Subject are encrypted and securely delivered to the recipient via the Encryption SaaS.

A few things to consider when using the SonicWall Encryption Service:

The customer is responsible for protecting user passwords and using care in spelling email addresses when sending emails, especially emails containing sensitive information.
Encrypted emails automatically expire after 30 days and are not recoverable.
The subject lines of email messages are not encrypted and should not include electronic protected health information (ePHI) or confidential information.

Topics include:

Encryption Service Overview

The Encryption Service works with both outbound and inbound email messages. The Encryption Service must first be licensed through the System > License Management page. The administrator can then enable the default policy filter that allows sending secure email via the Encryption Service. After adding the necessary sender domains and public IP addresses, the administrator can then add users that are licensed to use Encryption Service.

Outbound messages flow in the following order:

1
A user in an organization sends a secure email message. It is sent through the exchange email server of the organization.
2
The message is then processed by Email Security. Email Security recognizes the message as Secure Mail based on the auto sender domains or any other policy set to Route to Encryption Service.
3
The message is sent from the Email Security appliance via TLS to the SonicWall Email Encryption Cloud. The Email Encryption Cloud determines if this is a secure message based on the auto sender domains or any other policy set to ‘Route to Encryption Service.’
4
The Email Encryption Cloud then sends a notification email to the recipient. This email includes a URL to the secure message.
5
The Secure Mail recipient clicks the URL and is required to log into the Email Encryption Cloud to retrieve the message. Once the recipient views the message, the sender gets a notification mail from Email Encryption Cloud indicating that the secure message has been viewed.

Licensing Email Encryption Service

Because Encryption Service is a subscription service, you must purchase a license by logging in to your MySonicWall account or by contacting your SonicWall reseller.

* 
NOTE: The Encryption Service subscription license must match the Email Protection Subscription (Anti-Spam and Anti-Phishing) user account. If not, you receive an error message.
To license the Email Encryption Service:
1
Navigate to the System > Licence Management page of your SonicWall appliance.
2
Select Manage Licenses.
3
Log in to your MySonicWall account with your username and password and select Submit.
4
Click on the Activate or Try link to activate Email Encryption Service.

5
Enter the Email Encryption Service Activation Key in the text field provided.
6
Select the Data Center nearest to you from the drop down list.

7
Enter the Company Name.
8
Add the Admin Email Address.
9
Enter the Auto Sender Domains. If entering more than one domain, separate them with a comma.
 
* 
NOTE: Be sure you own and control these domains before setting them up as the Auto Sender Domains.
10
Click on the Submit button and the licensing information is updated.

11
Navigate to Encryption Services to verify that the settings you just entered are shown in the Settings section.

Enabling the Secure Mail Policy

In order to begin using the Secure Mail Service, you must first enable the default outbound policy to Send Secure Mail. Emails that satisfy the set conditions are encrypted.to received secure emails from Encryptions Service without getting flagged as SPF failures, the corresponding inbound policies have to be enabled too.

To enable Outbound Secure Mail:
1
Navigate to the Policy & Compliance > Filters page of your SonicWall appliance.
2
Click the Outbound tab.
3
Locate the Send Secure Mail: Deliver Message via Encryption Service filter, and select the Edit button. The Edit Filter screen displays.
4
Check the box to Enable this filter. You can either keep the default settings or edit the settings to customize this filter.
5
When finished configuring the settings, click Save This Filter.
 
* 
NOTE: The Policy & Compliance > Filters page allows you to drag-and-drop filters, changing the precedence order of policies, which may be useful for your specific corporate needs. For more information regarding policies, refer to the chapter on Policy & Compliance.
To enable Inbound Secure Email:
1
Navigate to the Policy & Compliance > Filters page of your SonicWall appliance.
2
Click the Inbound tab.
3
Locate the Encrypt on [Encrypt] filter, and select the Edit button.
4
Check the box to Enable this filter. You can either keep the default settings or edit the settings to customize this filter.
5
When finished configuring the settings, select Save This Filter.

Configuring Encryption Service

Once you have successfully licensed the Email Encryption Service and enabled the Secure Mail outbound policy, you can configure the settings for the service.

Topics:  

Account Management Settings and Settings

To configure the Encryption Service:
1
Navigate to the Encryption Service page on Email Security.
2
Under the Account Management Settings section, click the Refresh button to synchronize the account management settings from Encryption Service.
3
Select Reset Credentials button to reset and create new credentials. The credentials are used to authenticate the Secure Mail Server Email gateway.
4
The Company Name field auto-populates with the name specified in a prior section. Edit the Company Name, if needed.
5
Enter the Auto Sender Domains in the space provided. A user account is automatically created for the mail sent from these domains.
 
* 
NOTE: Be sure you own and control the domains listed here.
6
Check box if you want to Allow the Encryption Service to route email replies directly to your organization’s Email Server over a secure channel.
 
* 
NOTE: The TLS has to be enabled on your inbound paths on the Administration > Server Configuration page.
7
Select Apply Changes when finished.

Allowed IP List

These settings define your email servers to the software.

To define IP addresses:
1
Enter the list of public IP addresses for the systems that deliver mail outside your organization. Put each entry on its own line, separated by a carriage return.
2
Enter a list of public IP addresses and the associated domains in your organization that receive mails directly from Encryption Services. If not specified, MXRecord is used to deliver mails to the organization. Separate each entry with a carriage return.
3
Select Apply Changes.

User View Setup

SonicWall recommends that the administrator should add users to the Encryption Service. If any mail messages are sent to the Email Encryption Cloud from a sender account not already created, the Email Encryption Cloud will automatically create a Secure Mail sender account, as long as the domain in the email address is one of the Auto Sender domains.

Adding a New User

To add a new user to the Secure Mail Encryption Service:
1
Navigate to the Encryption Service page.
2
Scroll down to the User View Setup section, and click the Add button.

3
Enter the following fields:
Email Address—Enter the email address for the user.
First Name—Enter the first name of the user.
Last Name—Enter the last name of the user.
Role—Select the role of the user from the drop down list. The available options are User or Admin.
4
Click Add to finish. The new user displays in the User View Setup list.
* 
NOTE: You may need to click the Refresh button to synchronize user accounts and settings from the Secure Email Encryption server if it does not automatically display.

Updating an Existing User

To update the information of an existing user:
1
Select the check box corresponding to the user you want to update.
2
Click the Update button. The Update User account screen displays.
3
Edit the First Name, Last Name, or Role. Note that you cannot update the User Email Address.
4
Click Update to save changes made and update the user information.

Delete an Existing User

To delete an existing from the list:
1
Navigate to Encryption Services and scroll down to User View Setup.
2
Find the user you want to delete and check the box by his or her name.
3
Select the Delete button.

Adding an Existing User

If you have LDAP configured, you can add existing users to the Secure Email Encryption Service.

To add existing users:
1
Navigate to the Encryption Service page on SonicWall Email Security.
2
Click the Add Existing Users button.
3
A list of users displays based on what you have configured for your LDAP directory. You can search for an existing user by email address in the search field.
4
Select the user you wish to add, then click the Add button. The new user displays in the User View Setup list.

Importing Users

If you would like to add multiple users, you can import a .txt list of users to be added to the Secure Email Encryption Service.

The .txt file must use a <TAB> delimiter between the primary email address, first name, last name, and role of each user. You must use <CR> to separate entries. See the following example:

primary_email@company.com<TAB>firstname<TAB>lastname<TAB>admin<CR>

primary_email@company.com<TAB>firstname<TAB>lastname<TAB>user<CR>

Note that the Primary email address is mandatory, while the other fields are optional.

To import users:
1
Navigate to the Encryption Service page on the SonicWall SonicWall appliance.
2
Click the Import Users button.
3
Click the Choose File button to select the file containing the list of users.
4
Click Import.

Exporting Users

To export the list of Secure Email Encryption Service:
1
Navigate to the Encryption Service page on SonicWall Email Security.
2
Click the Export Users button. The list exports a .txt file and saves to your local system.

Cobranding and Reporting

The Secure Email Encryption Service allows you the option to customize features on the management console. You can also customize reports from the Secure Email Encryption Service.

The following are Cobrand and Reporting settings you can configure through the Secure Email Encryption server portal:

Company and User Type Properties

The Company Configuration > Company Information page allows you to edit your organization’s information. The following fields are editable:

Company Name—This is the Company Name specified in the System > License Management page upon licensing the Encryption Service.
Email Address—This is the Admin Email Address specified in the System > License Management page upon licensing the Encryption Service.

The Company Configuration > Company Properties page allows you to edit the Automatically Create Sender Accounts setting. Select one of the following options: Off, On, or Off Send Plain Text.

Cobrand Management Console

The Cobrand Management Console page allows you to edit your organization’s existing cobrand settings or create a new cobrand.

To edit an existing cobrand or create a new cobrand:
1
Under the Cobrand Information section, select (Create a New Cobrand) from the drop down list to create a new cobrand. To edit an existing cobrand, select it from the drop down list.
2
Specify the following cobrand settings:
Company Name—A descriptive name that is associated with the cobrand and will be displayed in the drop down list for editing.
Default URL—The URL where users are directed when they click the cobrand image. Note that you must include the protocol/scheme (“http://”) in the URL.
Cobrand Color—The web color used for the login panel, top and bottom ribbon bars (menu and status bars) for Web pages on the server portal. The web color is identified with 6-character hexadecimal number, commonly used with HTML, CSS, and other applications. You can also identify the cobrand color using the Color Selector box that displays upon editing the hexadecimal number.
Top HTML (Optional)—Allows you to specify a block of HTML coding to be used in place of the cobrand image in the page header. The HTML can contain text, links, graphics, and columns, or follow an HTML style sheet.
Note that if the Top HTML field contains boilerplate code, do not delete it unless you intend to replace it with customized HTML.
Loaded Image (Optional)—Displays the database server path and internal filename for the uploaded cobrand image. Click the Clear Image button to immediately remove the image from the cobrand.
Allow users to stay signed in—Select the check box to enable, and then specify the amount of time for users to stay signed in.
Filter Messages—Allows you to limit the messages that users see in their mailbox to messages related to the cobranded company. If enabled, the Secure Mail recipient’s mailbox only displays messages from or to the cobranded company, as long as the recipient accesses the server using the notification email link.
Select Image—Select a cobrand image, such as an organization or company logo, that displays at the top of all the server portal pages. This is an efficient and easy way to create professional branding without requiring the use of HTML. Click the Choose File button to select the image you want assigned to the cobrand.
3
Click the Save button to save your changes and apply the cobrand to your organization.
Message Tracking Report

The Message Tracking Report enables you to search through email addresses and subject lines of Secure Mail messages (message bodies are not included in the search).

To generate a Message Tracking Report:
1
Click the Message Tracking Report link from the Secure Mail Encryption Service portal.

2
Enter the search parameters into the Email Address or Pattern, Start Date, and End Date fields. The To/From drop down list specifies whether to search for the parameters in the To or From field of email messages.
3
Click Generate Report link. The report displays all messages matching the specified criteria.
User Logon Report

The User Logon Report generates reports about user log on activity. You can search activity based on specific users, defined time frames, and also how the user logged into the service.

To generate a User Logon Report:
1
Click the User Logon Report link from the Secure Mail Encryption Service portal.

2
Enter the search parameters into the Email Address or Pattern, Start Date, and End Date fields. The Logon Source drop down list specifies which service the user accessed. The default is All, which includes every service the user may have used.
3
Click the Generate Report link. The report generates all log on events for the user, based on the specified criteria.
User Reports by Message Size, Volume, Date, and Summary

There are several types of user reports, each of which can be filtered for sent or received messages (or both) for each user. These reports are summaries of user statistics, differing from the more detailed reports such as the Message Tracking Report.

Types of user reports describes the types of reports that can be generated:

Types of user reports

Report Type

Description

Message Size Statistics

Shows the size of messages sent and received by each user

Message Date Statistics

Shows when messages have been sent by the user (first and last messages for each user)

Message Volume Statistics

Shows the number of messages sent/received by the user

Message Summary Data

Shows the fields of other statistics reports on one screen

To access any User Report:
1
Click the User Reports by Message Size, Volume, Date, and Summary link from the Secure Mail Encryption Service portal.

2
Click on the Report to view the information.

Total View Report

The Total View Report provides complete tracking of all messages sent through the Secure Mail system. The report contains a record of every messages sent along with the tracking data for the message (and attachments) in a single report. This report is provided as a CSV file.

The Total View Report includes the following fields:

Message ID
Date
From Email
To Email
Subject
Notification Timestamp
Message Status (Opened / Not Opened)
Message Open Time
Attachment Name
Attachment (Accessed /Not Accessed)
Attachment Open Time
* 
NOTE: Each message and every attachment within a message is reported separately. For example, a message to two recipients with two attachments will generate four rows of data: Two for each recipient, with one attachment listed on each line per recipient.
To generate a Total View Report:
1
Click the Total View Report link from the Secure Mail Encryption Service portal.
2
Specify the Date range for the report. For more efficiency, you can click one of the quick links: Last day, 30 days, or 60 days. This will automatically select the specified time period.
3
Click the Generate Report link.
4
Click the Download Report link to save the CSV file to your local system. Click Select Different Dates to return to the previous screen and conduct a new search with different dates.