I was wondering if this is typically enabled and if so how (http, https only, etc...). I'm a little hesitant to just set it out on the internet, but we are going to need to allow users to unjunk from OWA so maybe I'm just being overly cautious.
Curious to hear how others have it configured in their organization.
Quarantine Access is something you usually switch on when configuring your IP interfaces - AFAIK there is no default access to it, since the Anti-Spam Quarantine is disabled at first start until you enable it.
Other then that it's the rest of your network environment that allows or rejects the access to the Quarantine Web Services really, like firewall, NAT, etc.
In our case we enabled it for https access, but only for the internal network or users coming through a SSL VPN. Anything else and without some hardened authentication method (OTP, Token, whatever) just leaves too much room for tempering with the access page for my taste.
Example: You open up your Quarantine for https access from the Internet and use LDAP authentication. Now what happens to internal user accounts if people start running "brute force" methods to get in? Usually accounts are locked after a number of failed login attempts and that could stop internal users from even being able to log in.
No, I wouldn't want something like that to happen. ;)
Thanks Torsten, I appreciate the reply! I was thinking about the exact same thing, but don't know of a good ay to get around it. I don't know that not having a way to release from OWA/blackberries is going to fly with mgmt.
In our previous implementation we proxied unjunk links back through ISA and users were only able to logon inside the network. It looks like the release mechanism is a little different for Ironport, so I’m not sure this would work (also the previous solution sat on the internal network).
Interested in hearing how others have this setup (if at all).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :