The first stage of setting up a TLS policy is to configure the security settings on the connections between the Forcepoint Email Security Cloud relays and your email gateways. To do
this:
Steps
-
Select the Connections tab.
-
Click the server name of the inbound or outbound email gateway that you want to configure.
-
Click Edit.
-
If you wish to use email encryption, select a Security value. The available options differ depending on the connection direction. See Encryption tab in Forcepoint Email Security Cloud Help for further information:
Inbound Connections
Available security values: Unenforced, Encrypt, Encrypt+CN, Verify, Verify+CN
Outbound Connections
Available security values: Unenforced, Encrypt, Encrypt+CN
Note: Verify and Verify+CN are no longer available for Outbound connections from 18th May 2026, following the industry-wide deprecation of the TLS Web Client Authentication EKU
in publicly trusted SSL/TLS certificates. Any existing connections using Verify or Verify+CN will be automatically downgraded to Encrypt or Encrypt+CN respectively on that
date. To maintain a comparable level of connection authenticity, it is advised to enable Strict Outbound Message Authenticity Checks.
Note: Inbound TLS settings apply to all inbound connections. If you have multiple MTAs receiving email from Forcepoint Email Security Cloud, all must be configured to use
TLS.