Could use a little advice here.... we currently use C660s for outbound encryption, through the CRES site. A number of policies are in place that scan messages and attachments for keywords (that would force encryption), SS#s, Credit card numbers (for automatic encryption) , etc.
We recently discovered the Max Scan size. Based on this rules default, anything over 5 MB was too large to scan, and would instead be sent in the clear. This was, of course, a HUGE concern for us, seeing that a 6 MB spreadsheet of confidential information would never be scanned, and would never encrypt unless manually forced. We immediately raised the scan limit to 10 MB (over supports concerns about performance) , and then introduced a message filter that would tag anything over 10 MB for encryption. We have, of course, now experienced all sorts of issues with large sized messages bouncing back to end users due to PXE Failures. Ironport VERY was responsive in helping us perform upgrades to the hardware and some remediation, but the general response has been we should not attempt to scan anything over 5 MB, and the Encrypt over 10MB is a little... crazy. Files over 10 MB are expected to fail encryption, and often.
My question falls to this; what are other people doing? I’d like to get some insight into how the community deals with encryption and large file size.
- Are people aware that if the attachment cannot be scanned for encryptable content, or is over 5 MB, that the file is just send in the clear? This was a big shock for us. - If so, is this just considered "ok", or what has been done to prevent it? - What kind of message limits are people enforcing, and what kind of issues do they experience due to it? - We are using Groupwise, and cap internet email at 20MB. This of course can reach over 40 MB once converted to MIME. Some 40 MB messages are encrypted fine; others fail, some as small as 12 MB will fail. Do others see this inconsistent behavior? (Yes, I know these are large, but the culture is the culture, and we have not had much luck trying to force in downwards).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...