Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
11-29
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
You can also use the following additional command-line switches:
-org <value in double quotes if it contains space>
-orgunit <value in double quotes if it contains space>
-title <value in double quotes if it contains space>
-validity <number of days>
To use client and server certificates for the SSL connection:
1.
Add the certificate authority to the appliance using the Networks > Certificates page. If you
generated a client/server certificate using the tool provided by RSA, import the .pem file.
generated a client/server certificate using the tool provided by RSA, import the .pem file.
1.
Upload the client and server certificate(s) to the Email Security appliance using the Networks >
Certificates page. See the “Customizing Listeners” chapter in the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide for more information. You can use the same certificate for the
client and server. If you generated a certificate using the RSA tool, import the .p12 certificate and
use it for both the client and server certificate.
Certificates page. See the “Customizing Listeners” chapter in the Cisco IronPort AsyncOS for
Email Advanced Configuration Guide for more information. You can use the same certificate for the
client and server. If you generated a certificate using the RSA tool, import the .p12 certificate and
use it for both the client and server certificate.
2.
The common name of the client and server certificates must be the hostname of the Email Security
appliance.
appliance.
3.
When configuring the SSL connection using the DLP Global Settings, assign the client certificate
to the Email Security appliance and the server certificate to Enterprise Manager. See
to the Email Security appliance and the server certificate to Enterprise Manager. See
for more information.
If Enterprise Manager manages the connected Email Security appliances at the group or cluster level,
the appliances should each have their own certificate with a common name that matches their appliance’s
hostname, but all of the certificates should have the same certificate name. Use the Network >
Certificates page on the appliances to make sure that the certificate names match. If a certificate cannot
be found on the Email Security appliance, Enterprise Manager disconnects the appliance.
the appliances should each have their own certificate with a common name that matches their appliance’s
hostname, but all of the certificates should have the same certificate name. Use the Network >
Certificates page on the appliances to make sure that the certificate names match. If a certificate cannot
be found on the Email Security appliance, Enterprise Manager disconnects the appliance.
LDAP User Distinguished Name Query
When the Email Security appliance sends data to Enterprise Manager on DLP incident, the appliance
must include the complete distinguished names for the message senders. To acquire the sender name for
Enterprise Manager, create a user distinguished name query for your LDAP server and add the query to
the listeners that send outgoing messages on your Email Security appliance. The Email Security
appliance only uses this query when RSA Enterprise Manager is enabled for DLP. See the “LDAP
Queries” chapter in the Cisco IronPort AsyncOS for Email Advanced Configuration Guide for more
information.
must include the complete distinguished names for the message senders. To acquire the sender name for
Enterprise Manager, create a user distinguished name query for your LDAP server and add the query to
the listeners that send outgoing messages on your Email Security appliance. The Email Security
appliance only uses this query when RSA Enterprise Manager is enabled for DLP. See the “LDAP
Queries” chapter in the Cisco IronPort AsyncOS for Email Advanced Configuration Guide for more
information.
Message Actions
When you create message actions on the Email Security appliance, the appliance sends the name of the
action and some read-only metadata about the action to Enterprise Manager for DLP policies. You
cannot use Enterprise Manager to modify the action or create new ones.
action and some read-only metadata about the action to Enterprise Manager for DLP policies. You
cannot use Enterprise Manager to modify the action or create new ones.
Message actions can order the Email Security appliance to notify a user, such as a DLP compliance
officer, if a DLP violation occurs. Enterprise Manager’s DLP policies can also send DLP violation
notifications to users. Cisco recommends that you set up notifications using either Enterprise Manager
or the Message Actions page in the Email Security appliance, but not both, to prevent duplicate
notifications.
officer, if a DLP violation occurs. Enterprise Manager’s DLP policies can also send DLP violation
notifications to users. Cisco recommends that you set up notifications using either Enterprise Manager
or the Message Actions page in the Email Security appliance, but not both, to prevent duplicate
notifications.
See
for more information.