FiLink

1173 Concord Rd
Suite A
Smyrna, GA 30080

When To Reach Us

Hours: 8:30am – 10:00PM Monday-Friday, and 10:00am- 3:00pm on Saturday (EST)

Emergency Support: 24 Hours – 7 Days A Week

Contact

Toll-free: 1-866-534-5465
Fax: 404-567-4779

 

Configuring your Google Apps Outbound Gateway for EntrustedMail

In order to begin using the EntrustedMail e-mail encryption services for Google Apps, you must configure Google Apps to send outbound e-mail though the EntrustedMail encryption gateway. Once configured, EntrustedMail will inspect each message to determine whether to encrypt the message based on your organizational encryption policies. If you are only licensing e-mail encryption for a subset of your Google Apps accounts, please click here for instructions on how setup an organizational unit.

  1. Point your browser to admin.google.com. The URL redirects you to the Google accounts sign-in page.
  2. Enter your super administrator account email address (including username and domain) and password. (If you are not an Administrator, you will be redirected to the user hub. The user hub provides quick access to the Google Apps and services they have permission to use, but will not allow access administration features. You will need to contact your Google Apps Administrator)
  3. Click Sign in. The Admin console appears.

gapps1n

 

4. Click Google Apps

gapps2-n

 

5. Next, click Gmail

gapps3n

 

6. Then, click Advanced settings

step7

7. Scroll down to the Inbound gateway section. In the Inbound gateway text box, enter the IP range that was provided to you by your deployent coordinator. This can usually be found in the “welcome e- mail message” that you received. Be sure that you DONOT check the box described as “Only let users receive email from the email gateways listed above.”
Save changes.

gapps4n

8. Scroll down to the Outbound gateway section. In the Outbound gateway text box, enter the host name of the outbound mail gateway server that was provided to you by your deployment coordinator. This can usually be found in the “welcome e-mail message” that you received.
Save your changes.

How to Create an Organization Unit for EntrustedMail.

  1. Point your browser to admin.google.com. The URL redirects you to the Google accounts sign-in page.
  2. Enter your super administrator account email address (including username and domain) and password. (If you are not an Administrator, you will be redirected to the user hub. The user hub provides quick access to the Google Apps and services they have permission to use, but will not allow access administration features. You will need to contact your Google Apps Administrator)
  3. Click Sign in. The Admin console appears.

OU-1

 

4. Click on the Users tile.

ou-2
5. Hover over the organizational unit to which you want to add a child organizational unit, and click the arrow that appears to the right.

6. Click Add suborganization.
ou-3

7. Enter a name and description (optional) for the new organizational unit.

8. Click Create organization. The new organizational unit appears as a child of the organizational unit you selected.

ou-4

9. In the organization tree, highlight the organizational unit that the user currently belongs to. If the user was not assigned to a specific organizational unit when his or her account was created, the account is in the top-level organizational unit; in the example shown here, our top organizational unit is entrustedmail.net.

ou-5

10 Click the check box next to the name of the user you wish to enable for e-mail encryption. Next, select the “move user” button.

ou-6

11. Choose the new organizational unit.

ou-7

12. Click OK.

ou-8

13. Select the Back to dashboard button.

ou-9

14. Click Google Apps title.

ou-10

15. Next, click Gmail

ou-11

16. Then, click Hosts

ou-add-route

17. Click on the Add Route button.

ou-12

18. In the Outbound gateway text box, enter the host name of the outbound mail gateway server that was provided to you by your deployent coordinator. This can usually be found in the “welcome e-mail message” that you recieved.
19. Check Require TLS delivery.
20. Click Save.

ou-13

21. Select the Back to Settings for Gmail button.

ou-14

22. Next, click Advanced settings >>.

ou-15-a

23. Select your new organizational unit.

ou-16

24. Under Sending routing, check outbound; then check change route, and select EntrustedMail Gateway.

25. click the save button.

ou-17

26. Next, Click the Save changes button.

Outbound e-mail for the member of your newly create Orgnaizational Unit will now be routed to the EntrustedMail gateway.

Configuring your Google Apps Outbound Gateway for EntrustedMail

In order to begin using the EntrustedMail e-mail encryption services for Google Apps, you must configure Google Apps to send outbound e-mail though the EntrustedMail encryption gateway. Once configured, EntrustedMail will inspect each message to determine whether to encrypt the message based on your organizational encryption policies. If you are only licensing e-mail encryption for a subset of your Google Apps accounts, please click here for instructions on how setup an organizational unit.

  1. Point your browser to admin.google.com. The URL redirects you to the Google accounts sign-in page.
  2. Enter your super administrator account email address (including username and domain) and password. (If you are not an Administrator, you will be redirected to the user hub. The user hub provides quick access to the Google Apps and services they have permission to use, but will not allow access administration features. You will need to contact your Google Apps Administrator)
  3. Click Sign in. The Admin console appears.
  4. click Google Apps

ga-00a

5. next, click Gmail

ga-0b

6. then, click on Hosts

ga-02

7. next, click on Add route

ga-02b

 

8. Enter a description (can be anything, we chose to use EntrustedMail).

9. Enter the Outbound Gateway Host listed in your “Welcome E-mail”.  Type in the number 25     after the colon.

10. Check the “Require TLS delivery” box.

11.  Click the Save button.

ga-033

 

12.  Click the return icon to go back to Settings for Gmail.
ga-04
13. Click on “Advanced settings”.

ga-05
14. Scroll down to the Inbound gateway section.

15. Enter the inbound gateway IP ranges listed in your “Welcome E-mail”, (this setting will assure that certain replies to your encrypted message donot get blocked.)

ga-36

 

16. Scroll down to the Sending routing section and click on Configure.

ga-006

17. Enter a description (can be anything, we chose to use Send Route to EntrustedMail).

18. Under “E-mail messages to affect” check Outbound.

19. Under “Route” check Change route and then select the new mail route we created.

20. Press the Add Setting button.

ga-0-35

21. Be sure to save your changes one last time by pressing the Save changes button shown below.  Changes normally take affect in 5 – to 10 minutes.  E-mail will continue to use your previous settings until the changes take affect.

ga-08

How to Create a Security Group for EntrustedMail.

  1. Point your browser tohttps://login.microsoftonline.com/.
  2. Enter your administrator account email address and password. (If you are not an Administrator, you will be redirected to the user hub. The user hub provides quick access to Office 365 and services they have permissions to use, but will not allow access to administration features. You will need to contact your Office 365 Administrator)
  3. Click Sign in. The Office 365 console appears.Create a Security Group
  4. On the left menu click on the Admin menu item then click on Exchange.
  5. Under recipients, click on groups. Then click the + (plus symbol) and selectSecurity group.sec_group
  6. Type a name (such as Encryption_Users), alias, e-mail and an optional description for the group, and then click Save.
  7. Next, double click on the new Security Group that you created; then, click onmembership.
    add
  8. Click the + (plus symbol) and select your encryption users. (you can select mutiple users by holding the shift key down), then press the add-> button. After you have added all your encryption users, press OK.Modify existing connector to EntrustedMail
  9. On the left menu select mail flow.
  10. Next, on the top menu select Connectors.Then double click on the Connector to EntrustedMail. Press the Next button to view the “Edit Connector” page.
  11. Change when you want to use the connector to “Only when  have a transport rule set up that redirects messages to this connector”.  Continue to click the Nextbutton until you come to the “Validate this connector” screen.
  12. You will now need to verify the connector.  Click the + sign and add tester@entrustedmail.com (you must use this address) as the test e-mail address.
  13. Click on the Validate button.  The validation process tests the ability to connect to the EntrustedMail Gateway and then sends an email to the  tester@entrustedmail.comemail address.
    008-validation
    You should see Succeeded as the status of both tasks.
  14. Click on the Save button.Create the Transport Rule.
  15.  On the top menu, click on Rules.

    plus_
  16. Click the plus symbol. Next, select “modify messages” from the drop down menu andtype in a name for this rule.
    sender_member_rule
  17. Under, “Apply this rule if….” select “The sender is a member of..
    select_people
  18. Next, click on the “Select people…secure_users_1
  19. Select the E-mail Address associated with the Secure Group that you created; click theadd button and then the OK button.
    more_options
  20. Click on the “More options..” link.
    external1
  21. Click on the “add condition” button.  Select “the recipient…” from the drop down menu; then select “is external/internalexternal2
  22.  next, select “Outside the organization” and click on the OK button.
    the_following_connector
  23. Under “Do the following...” select “Redirect the message to ..” from the drop down menu; then select  “the following connector”.
    select_connector
  24. Choose the Connector for EntrustedMail and click OK and then Save.

    Your done!. Outbound e-mail for the members of your newly created Security Group will begin to be routed to the EntrustedMail gateway within 15 minutes.

Configuring your Office 365 Outbound Gateway for EntrustedMail

In order to begin using the EntrustedMail e-mail encryption services for Office 365, you must configure Office 365 to send outbound e-mail though the EntrustedMail encryption gateway. Once configured, EntrustedMail will inspect each message to determine whether to encrypt the message based on your organizational encryption policies.

  1. Point your browser tohttps://login.microsoftonline.com/.
  2. Enter your administrator account email address and password. (If you are not an Administrator, you will be redirected to the user hub. The user hub provides quick access to Office 365 and services they have permissions to use, but will not allow access to administration features. You will need to contact your Office 365 Administrator)
  3. Click Sign in. The Office 365 console appears.
  4. Mouse over the Admin tab and select Office 365.
    Step1
  5. On the left-hand side, click on Service Settings.
    Step2
  6. Scroll down to Mail Flow and select Custom Mail Rules.
    Step3
  7. Click on Connectors.
    Step4
  8. Scroll down to Outbound Connectors and click the plus sign (Add).
    Step5
  9. Provide a name to the new outbound connector. i.e. EntrustedMail Gateway
  10. Ensure Connector Type is set to Partner and Connection Security is set to Opportunistic TLS. You can provide a description if you choose.
  11. Scroll down to Outbound Delivery. Select the option to Route mail through smart hosts. Click the Plus sign to add a smart host.
    Step7
  12. Enter the host name of the outbound mail gateway server that was provided to you by your deployment coordinator and click Save.This can usually be found in the “welcome e-mail message” that you received.
    Step8
  13. Scroll down to Domains and click the Plus sign (Add). Place an astric * in the text box.
    Step10
  14. Click on Ok. Then click Save at the bottom of the screen.

 

The connector is now listed under Outbound Connectors. You can click Edit to change the configuration settings for this connector. The Connector has now been applied. It can take up to 30 minutes for outbound e-mail to begin flowing through the EntrustedMail’s Microsoft Azure Gateway.

 

Because certain messages, such as out-of-office notifications, do not contain the same identifying information as a typical message, an additional rule should be created so our perimeter gateway knows to allow such messages.

 

15.Click on Rules.

rules

 

16. Select the plus symbol, and then “modify messages” from the dropped down.

modify_message
17. Name your rule and choose [Apply to all messages] for the “*Apply this rule if” drop-down.

applytoallmessages

18. Then, choose “Set the message header to this value” for the “*Do the following…” drop-down.

header

19.  Click on the Enter text… link and type X-EMVALTOK as the value, then click on the ok button.

X-EMVALTOK

20. Then, click on the remaining Enter text… link and type in the header token provided in your welcome message.

TOKEN

21. You can uncheck the box to “Audit this rule with severity level”; verify that the Enforce radio button is selected. Then, click on the save button.

 

enforce