How to activate and configure Encryption service on SonicWall Email security

12/20/2019 1140 14761

DESCRIPTION:

The Encryption Service is Software-as-a-Service (SaaS) which provides secure delivery of your e-mail. E-mails which have [SECURE] as a tag at the beginning of the subject line will be encrypted and delivered to the recipient(s). Additionally, the administrator can create a policy with some condition and an action of 'Route to Encryption Service'. E-mails which satisfy the set condition(s) will be encrypted. Please enable outbound policy to send secure mails.
Once receiver receives a secure email, this email will contain an URL which will prompt receiver to register (create an account) with secure server, once the account is created receiver can view his/her account and can see the secure email.

RESOLUTION:

Step 1:

License the Encryption service on mysonicwall.com.

In Classic Mode, enter the key in the Quick Register section and click Next.

In Contemporary Mode, click the + the product icon

Enter the activation key in the pop up & click Confirm

Select the appliance to which the Encryption subscription will be applied, and click Activate

Step 2:

Complete activation

Select the Data Center location and provide the information requested.

Click Activate

A Success banner will display at the top of the page when the service has been successfully activated.

Step 3:

Go to My Products and click to expand the Services list

Click the link to Activate the Encryption Service Account **Make sure that pop-up blocker is disabled**

In Classic Mode, click the link to the ES appliance

Then click the Activate Encryption Service Account link in the upper right corner.

Select the Data Center Location and re-enter the Domain information then click Submit

Step 3:

Configure the Encryption service on the ES appliance

Log into the Email Security appliance and go to the Encryption Service page

On firmware versions 9.0.x and older, click the link on the left menu

On firmware versions 9.1.x and newer, click the Manage button on the top menu, then Encryption Service on the left menu

Add any additional domains from which mail will be sent to the Encryption service and Apply Changes

Add the Public IP(s) from which email will be sent to the Encryption Service. Also add the IP(s) responsible for receiving from the Encryption Service, if necessary. Apply Changes

NOTE: It can take up to one hour for the Account Management Settings to thoroughly replicate

Once the Account settings are saved, go to Policy & Compliance > Filters and click the Outbound button

The Email Security Appliance comes pre-configured with a filter to route mail to the Encryption Service. The filter is disabled by default and will have to be enabled. To do that, click Edit next to the filter name.

 
Place a check in the box next to Enable this filter: then click Save This Filter.

NOTE: It is recommended to update the Matching condition from 'starts with' to 'contains'. This will ensure email will be routed to the Encryption service as long as the subject line contains the Search Value.

Additional conditions can be added as long as the filter is configured to trigger if Any of the conditions are met.

NOTE: Any search value can be used and the values are not case sensitive; however, all other conditions must be met in order to trigger the filter and properly route the message. For instance, using the above conditions, a sender can prepend/append the subject line of an email with [secure] and the filter will be triggered. However, if the sender prepends/appends the subject with (secure), the filter will not trigger because use of parenthesis is not an accepted Search Value.

After the filter is enabled, all mail that meets the conditions of the filter will be routed to the Encryption service.

If the domain has an SPF record, include _spf.sonicsecuremail.com in the SPF record to ensure email routed through the Encryption Service is not flagged as spoofed.