Hi - one thing I don't see in the 15.5 guide is specific guidance around this setting in the EmailQuarantineConnectCustom.properties file:
# SSL protocol version. Could be TLSv1 or TLSv1.2
ssl-protocol-version = TLSv1
Asking because even though your error doesn't seem to reflect it, we do need this to be TLSv1.2, not 1.
https://knowledge.broadcom.com/external/article?articleId=169867If you do make a change, please do restart the SymantecDLPManagerService and Incident Persister services.
------------------------------
Global Support Lead, DLP
Broadcom, Symantec Enterprise Division
------------------------------
Original Message:
Sent: 06-17-2020 01:42 PM
From: Unknown User
Subject: DLP Enforce - FlexResponse Action Filed (SMG Integration)
Thanks for the reply.
I'm working off of: Symantec_DLP_15.5_Email_Quarantine_Connect_FlexResponse_Implementation_Guide
configs and certs look good.
Original Message:
Sent: 06-17-2020 03:54 AM
From: Alex Hedley
Subject: DLP Enforce - FlexResponse Action Filed (SMG Integration)
Did you follow the "Symantec_DLP_11.6_Email_Quarantine_Connect_FlexResponse_Implementation_Guide.pdf" guide and update the configuration files necessary in each of the FRs? Added the cert?
------------------------------
Alex Hedley | Senior Developer | Protirus
Original Message:
Sent: 06-16-2020 04:57 PM
From: Unknown User
Subject: DLP Enforce - FlexResponse Action Filed (SMG Integration)
Hi. has anyone seen the error below?
It's thrown when I try to apply a FlexResponse rule to allow or deny an email that was quarantined by our SMG.
This is a new install and our Enforce server is running on Red Hat EL 7.
I am able to reflect mail from the SMG to the Email Detect servers. (yay!)
A test policy is working, it matches a test string and the response rule quarantines the message as expected. (yay!)
The SMG is reporting to the Enforce server that the message was quarantined, however, when I try to release or reject the message
this error appears in the incident history: (booh!)
FlexResponse Action Failed
[Email Quarantine Connect Approve Action] failed with message: Input error when reading response from email gateway: java.io.IOException: Server returned HTTP response code: 500 for URL: https://smg1.acmex.com:8443/brightmail/ws/DlpQuarantineActionsService
I can manually browse this SMG URL and a page of SMG links is served.
I also confirmed that the Enforce server can open this URL (using wget, so I don't think it's a firewall issue)
Support asked me to restart the SMGs, I did but this didn't help.
thanks!