Focus

PAN-OS ® New Features Guide

TLS Encryption for Email Server Profiles

Table of Contents

TLS Encryption for Email Server Profiles

Learn how to configure TLS encryption for email server profiles to help prevent email spoofing.

Using an authenticated transport layer security (TLS) connection for your email server profiles allows you to use cloud-based email for reports and alerts and helps your network meet security and compliance requirements. This also helps to prevent malicious activity, such as SMTP relay, which can be used to send spam or malware, and email spoofing, which can be used for phishing attacks.

Configure a certificate profile for the email server.
Create or edit an email server profile.
Configure TLS authentication for the email server profile.
1. Select SMTP over TLS as the Protocol.
2. ( Optional) Specify the Port number you want to use to send the email (default is 587 for TLS).
3. Specify the TLS Version (either 1.2 or 1.1).
  
  As a best practice, we recommend that you use the latest available version of TLS.
4. Select the Authentication Method:
  - Auto (default)—Allow the client and server to determine the authentication method.
  - Login—Use Base64 encoding for the username and password and transmit them separately.
  - Plain—Use Base64 encoding for the username and password and transmit them together.
5. Select the Certificate Profile that you configured in Step 1.
6. Enter the User Name and Password for the account that sends the email, then Confirm Password.
( Optional) Test Connection to confirm the firewall can connect to the email server.
Commit your changes.
You can now use the authenticated email server profile to configure email alerts for logs, to schedule reports for email delivery to a single recipient, and to create report groups to send reports to multiple recipients.

Authentication Features

Authentication Portal Exclusion for Predefined Domains