* solved *
Hello. Does anyone have experience integrating SMGs with Linux-based Detect and Enforce servers?
I am able to reflect outgoing email from SMG to Email Detect and have a test policy with a test string.
If the email contains the string the policy fires a response rule to change the email header.
Also, the SMG policy that looks for that header is working, the email is quarantined as expected (yay!)
The part that isn't working the Flex Response Plug-in.
We can see the incident on the Enforce server but there's not button to "release" or "reject".
Yes, we did install the Plugins on Enforce.
I ran tcpdump and noticed that the SMGs are trying to connect to Enforce on TCP/443.
However, there are no services running on Enforce that listen to TCP/443 and the attempts by the SMG are met with RST,ACK.
It doesn't look like I can change which port the SMG connects on and I read somewhere that DLP Enforce for Windows uses TCP/443 for its console instead of TCP/8443 (which is used by Linux). Perhaps SMG assumes DLP Enforce is a Windows install?
Any help is appreciated, I opened a support case as well.