Views:

Procedure

  1. Go to Inbound ProtectionConnection FilteringTransport Layer Security (TLS) Peers or Outbound ProtectionConnection FilteringTransport Layer Security (TLS) Peers.
  2. Click Add.
  3. On the Add Domain TLS Peers screen, configure TLS peers for a managed domain.
    1. In the Basic Information section, select a managed domain.
    2. In the Domain TLS Peers section, click Add to add a TLS peer for the selected domain.
    3. Set Status to Enabled to have Cloud Email Gateway Protection apply your specified TLS security level to the new peer.
    4. For inbound protection, specify a sender domain, IP address, or CIDR block as TLS Peer. For outbound protection, specify a recipient domain as TLS Peer.
    5. Specify Minimum TLS Version that the TLS peer must use when communicating with Cloud Email Gateway Protection through the TLS protocol.
      To determine which TLS version to set as the minimum, you can view the number of messages sent with TLS versions lower than the selected version in the last 7 days.
    6. Set the Security level.
      Note
      Note
      The security levels Opportunistic DANE TLS, Mandatory DANE TLS, and MTA-STS are available only for outbound delivery.
      To ensure messages can be received from the Cloud Email Gateway Protection MTA, configure your firewall to accept email messages from the following Cloud Email Gateway Protection IP address / CIDR blocks:
      • North America, Latin America and Asia Pacific:
        18.208.22.64/26
        18.208.22.128/25
        18.188.9.192/26
        18.188.239.128/26
      • Europe and Africa:
        18.185.115.0/25
        18.185.115.128/26
        34.253.238.128/26
        34.253.238.192/26
      • Australia and New Zealand:
        13.238.202.0/25
        13.238.202.128/26
      • Japan:
        18.176.203.128/26
        18.176.203.192/26
        18.177.156.0/26
        18.177.156.64/26
        15.168.56.0/25
        15.168.49.64/26
        15.168.56.128/26
      • Singapore:
        13.213.174.128/25
        13.213.220.0/26
      • India:
        3.110.59.128/25
        3.110.71.192/26
      • Middle East (UAE):
        3.29.202.0/25
        3.29.194.192/26
    7. (Optional) Select Deliver daily reports to TLS peer.
      This option is available when you select Mandatory DANE TLS, Opportunistic DANE TLS, or MTA-STS.
      The reports share success or failure statistics about TLS connections with DANE or MTA-STS support to the specified TLS peer.
    8. (Optional) Test the connection to the TLS peer.
      • For inbound protection, type an email address local part for TLS test.
      • For outbound protection, type a domain name for DANE test or MTA-STS test if you set Security level to Opportunistic DANE TLS / Mandatory DANE TLS or MTA-STS.
  4. Click Save.
  5. Click Submit.