en-US
search-icon

Hosted Email Security 9.0 Admin Guide

Encryption Service

The Encryption Service feature works in tandem with SonicWall <product name> as a Software-as-a-Service (SaaS), which provides secure mail delivery solutions. The mail messages that have [SECURE] as part of the Subject will be encrypted and securely delivered to the recipient via the Encryption SaaS.

A few things to consider when using the Hosted Email Security Encryption Service:

It is the customer's responsibility to protect user passwords and use care in spelling email addresses when sending emails, especially emails containing sensitive information.
Encrypted emails automatically expire after 30 days and are not recoverable.
The subject lines of email messages are not encrypted and should not include electronic protected health information (ePHI) or confidential information.
Topics:  

Encryption Service Overview

The Encryption Service works with both outbound and inbound email messages. The Encryption Service must first be licensed through the System > License Management page. The administrator will then enable the default policy filter that enables sending secure email via the Encryption Service. After adding the necessary sender domains and public IP addresses, the administrator can then add users that are licensed to use Encryption Service.

Outbound messages flow in the following order:

1
A user in an organization sends a secure email message. It is sent through the exchange email server of the organization.
2
The message is then processed by SonicWall SonicWall <product name>. The SonicWall <product name> will be able to recognize the message as Secure Mail based on the auto sender domains or any other policy set to ‘Route to Encryption Service.’
3
The message is sent from SonicWall SonicWall <product name> via TLS to the SonicWall Email Encryption Cloud. The Email Encryption Cloud will be able to determine this is a secure message based on the auto sender domains or any other policy set to ‘Route to Encryption Service.’
4
The Email Encryption Cloud then sends a notification email to the recipient. This email includes a URL to the secure message.
5
The Secure Mail recipient clicks the URL and is required to log into the Email Encryption Cloud to retrieve the message. Once the recipient views the message, the sender gets a notification mail from Email Encryption Cloud indicating that the secure message has been viewed.

Licensing Email Encryption Service

Because Encryption Service is a subscription service, you must purchase a license by logging in to your hosted.mysonicwall.com account or by contacting your SonicWall reseller. If you already purchased the Encryption Service through a SonicWall reseller, you will receive an Activation Key for the service.

 
* 
IMPORTANT: The Encryption Service subscription license must match the Email Protection Subscription (Anti-Spam and Anti-Phishing) user account. If not you receive an error message.
To license the service through hosted.mysonicwall.com:
1
Log in to Hosted Email Security solution as administrator.
2
Navigate to the System > Licence Management page of your SonicWall appliance.

3
Select Manage Licenses.
4
Log in to your hosted MySonicWall account with your username and password and select Submit.
5
Click Submit. The following screen displays:
6
Click on the Activate or Try link to activate Email Encryption Service.

7
Enter the Email Encryption Service Activation Key in the text field provided.
8
Select the Data Center nearest to you from the drop down list.
9
Enter data for the following fields:
Company Name—Enter the company name to be associated with the Encryption Service.
Admin Email Address—Enter the administrator email address to be associated with the Encryption Service, for example admin@crickettes.com.
Auto Sender Domain(s)—Specify the domains from where the mail is being sent. These domains must be domains that you own and control.
10
Click Submit.

11
Navigate to Encryption Services to verify that the settings you just entered are shown in the Settings section.

Enabling the Secure Mail Policy

In order to begin using the Secure Mail Service, you must first enable the default outbound policy to Send Secure Mail. Follow the procedures listed below to successfully enable the Secure Mail policy.

To enable Outbound Secure Mail:
1
Navigate to the Policy & Compliance > Filters page of your SonicWall <product name>.
2
Click the Outbound tab.
3
Locate the Send Secure Mail: Deliver Message via Encryption Service filter, and click the Edit button. The Edit Filter screen displays.
4
Click the Enable this filter check box. You can either keep the default settings or edit the settings for this filter.
5
When finished configuring the settings, click Save This Filter.
* 
NOTE: The Policy & Compliance > Filters page allows you to drag-and-drop filters, changing the precedence order of policies, which may be useful for your specific corporate needs. For more information regarding policies, refer to Policy & Compliance.

Configuring Encryption Service

Once you have successfully enabled the Secure Mail outbound policy and licensed the Email Encryption Service through the License Management screen, you can begin configuring settings for the service.

To configure the Encryption Service:
1
Navigate to the Encryption Service page on your SonicWall <product name>.
2
Under the Account Management Settings section, click the Refresh button to synchronize the settings and user list from the Encryption Service.
3
Click the Reset Credentials button to reset and create new credentials. The credentials are used to authenticate the Secure Mail Server Email gateway.
4
The Company Name field auto-populates with the name specified in Licensing Email Encryption Service. Edit the Company Name, if needed.
5
Enter the Auto Sender Domains in the space provided, if needed. The Auto Sender Domains field auto-populates with the domains specified in Licensing Email Encryption Service.
6
Select the check box to enable the use of TLS for secure mail sent from the Encryption Service to your organization. If you decide to enable this feature, verify that all your inbound paths have TLS enabled, located in the Network Architecture > Server Configuration page.
7
Click Apply Changes when finished.

User View Setup

SonicWall recommends that the administrator should add users to the Encryption Service. If any mail messages are sent to the Email Encryption Cloud from a sender account not already created, the Email Encryption Cloud automatically creates a Secure Mail sender account, as long as the domain in the email address is one of the Auto Sender domains.

Topics:  

Adding a New User

To add a new user to the Secure Mail Encryption Service:
1
Navigate to the Encryption Service page on SonicWall <product name>.
2
Scroll down to the User View Setup section, and click the Add button.

3
Enter the following fields:
Email Address—Enter the email address for the user.
First Name—Enter the first name of the user.
Last Name—Enter the last name of the user.
Role—Select the role of the user from the drop down list. The available options are User or Admin.
4
Click Add to finish. The new user displays in the User View Setup list.
 
* 
NOTE: You may need to click the Refresh button to synchronize user accounts and settings from the Secure Email Encryption server if it does not automatically display.

Updating an Existing User

To update the information of an existing user:
1
Select the check box corresponding to the user you want to update.
2
Click the Update button. The Update User account screen displays.
3
Edit the First Name, Last Name, or Role. Note that you cannot update the User Email Address.
4
Click Update to save changes made and update the user information.

Adding an Existing User

If you have LDAP configured, you can add existing users to the Secure Email Encryption Service.

To add existing users:
1
Navigate to the Encryption Service page on SonicWall <product name>.
2
Click the Add Existing Users button.

A list of users displays based on what you have configured for your LDAP directory. You can search for an existing user by email address in the search field.

3
Select the user you wish to add, then click the Add button. The new user displays in the User View Setup list.

Importing Users

If there are multiple users you would like to add, you can import a .txt list of users to be added to the Secure Email Encryption Service.

The .txt file must use a <TAB> delimiter between the primary email address, first name, last name, and role of each user. You must use <CR> to separate entries. See the following example:

primary_email@company.com<TAB>firstname<TAB>lastname<TAB>admin<CR>

primary_email@company.com<TAB>firstname<TAB>lastname<TAB>user<CR>

Note that the Primary email address is mandatory, while the other fields are optional.

To import users:
1
Navigate to the Encryption Service page on SonicWall <product name>.
2
Click the Import Users button.
3
Click the Choose File button to select the file containing the list of users.
4
Click Import.

Exporting Users

To export the list of Secure Email Encryption Service:
1
Navigate to the Encryption Service page on SonicWall <product name>.
2
Click the Export Users button. The list exports a .txt file and saves to your local system.

Cobranding and Reporting

The Secure Email Encryption Service allows you the option to customize features on the management console. You can also customize reports from the Secure Email Encryption Service.

The following are Cobrand and Reporting settings you can configure through the Secure Email Encryption server portal:

Company and User Type Properties

The Company Configuration > Company Information page allows you to edit your organization’s information. The following fields are editable:

Company Name—This is the Company Name specified in the SonicWall <product name> > License Management page upon licensing the Encryption Service.
Email Address—This is the Admin Email Address specified in the SonicWall <product name> System > License Management page upon licensing the Encryption Service.

The Company Configuration > Company Properties page allows you to edit the Automatically Create Sender Accounts setting. Select one of the following options: Off, On, or Off Send Plain Text.

Cobrand Management Console

The Cobrand Management Console page allows you to edit your organization’s existing cobrand settings or create a new cobrand.

To edit an existing cobrand or create a new cobrand:
1
Under the Cobrand Information section, select (Create a New Cobrand) from the drop down list to create a new cobrand. To edit an existing cobrand, select it from the drop down list.
2
Specify the following cobrand settings:
Company Name—A descriptive name that is associated with the cobrand and will be displayed in the drop down list for editing.
Default URL—The URL where users are directed when they click the cobrand image. Note that you must include the protocol/scheme (“http://”) in the URL.
Cobrand Color—The web color used for the login panel, top and bottom ribbon bars (menu and status bars) for Web pages on the server portal. The web color is identified with 6-character hexadecimal number, commonly used with HTML, CSS, and other applications. You can also identify the cobrand color using the Color Selector box that displays upon editing the hexadecimal number.
Top HTML (Optional)—Allows you to specify a block of HTML coding to be used in place of the cobrand image in the page header. The HTML can contain text, links, graphics, and columns, or follow an HTML style sheet.
Note that if the Top HTML field contains boilerplate code, do not delete it unless you intend to replace it with customized HTML.
Loaded Image (Optional)—Displays the database server path and internal filename for the uploaded cobrand image. Click the Clear Image button to immediately remove the image from the cobrand.
Allow users to stay signed in—Select the check box to enable, and then specify the amount of time for users to stay signed in.
Filter Messages—Allows you to limit the messages that users see in their mailbox to messages related to the cobranded company. If enabled, the Secure Mail recipient’s mailbox only displays messages from or to the cobranded company, as long as the recipient accesses the server using the notification email link.
Select Image—Select a cobrand image, such as an organization or company logo, that displays at the top of all the server portal pages. This is an efficient and easy way to create professional branding without requiring the use of HTML. Click the Choose File button to select the image you want assigned to the cobrand.
3
Click the Save button to save your changes and apply the cobrand to your organization.

Message Tracking Report

The Message Tracking Report enables you to search through email addresses and subject lines of Secure Mail messages (message bodies are not included in the search).

To generate a Message Tracking Report:
1
Click the Message Tracking Report link from the Secure Mail Encryption Service portal.
2
Enter the search parameters into the Email Address or Pattern, Start Date, and End Date fields. The To/From drop down list specifies whether to search for the parameters in the To or From field of email messages.
3
Click Generate Report link. The report displays all messages matching the specified criteria.

User Logon Report

The User Logon Report generates reports about user log on activity. You can search activity based on specific users, defined time frames, and also how the user logged into the service.

To generate a User Logon Report:
1
Click the User Logon Report link from the Secure Mail Encryption Service portal.

2
Enter the search parameters into the Email Address or Pattern, Start Date, and End Date fields. The Logon Source drop down list specifies which service the user accessed. The default is All, which includes every service the user may have used.
3
Click the Generate Report link. The report generates all log on events for the user, based on the specified criteria.

User Reports by Message Size, Volume, Date, and Summary

There are several types of user reports, each of which can be filtered for sent or received messages (or both) for each user. These reports are summaries of user statistics, differing from the more detailed reports such as the Message Tracking Report.

The following types of reports can be generated:

 

Report Type

Description

Message Size Statistics

Shows the size of messages sent and received by each user

Message Date Statistics

Shows when messages have been sent by the user (first and last messages for each user)

Message Volume Statistics

Shows the number of messages sent/received by the user

Message Summary Data

Shows the fields of other statistics reports on one screen

To access any User Report:
1
Click the User Reports by Message Size, Volume, Date, and Summary link from the Secure Mail Encryption Service portal.

2
Click on the Report to view the information.

Total View Report

The Total View Report provides complete tracking of all messages sent through the Secure Mail system. The report contains a record of every messages sent along with the tracking data for the message (and attachments) in a single report. This report is provided as a CSV file.

The Total View Report includes the following fields:

Message ID
Date
From Email
To Email
Subject
Notification Timestamp
Message Status (Opened / Not Opened)
Message Open Time
Attachment Name
Attachment (Accessed /Not Accessed)
Attachment Open Time
 
* 
NOTE: Each message and every attachment within a message is reported separately. For example, a message to two recipients with two attachments will generate four rows of data: Two for each recipient, with one attachment listed on each line per recipient.
To generate a Total View Report:
1
Click the Total View Report link from the Secure Mail Encryption Service portal.

2
Specify the Date range for the report. For more efficiency, you can click one of the quick links: Last day, 30 days, or 60 days. This will automatically select the specified time period.
3
Click the Generate Report link.
4
Click the Download Report link to save the CSV file to your local system. Click Select Different Dates to return to the previous screen and conduct a new search with different dates.