McAfee Email Gateway version 7.0 Appliances Installation Guideb2b-download.mcafee.com/products/naibeta-download/... · Considerations about network modes Deployment strategies for

Installation Guide

McAfee® Email Gateway 7.0 Appliances

Draft only - 9.13.11

COPYRIGHTCopyright © 2011 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or byany means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONSAVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE),MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registeredtrademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive ofMcAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee® Email Gateway 7.0 Appliances Installation Guide


Contents

1 Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5How to use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Finding product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1 Preparing to install 9What's in the box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Plan the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Inappropriate use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Operating conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Positioning the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Considerations about network modes . . . . . . . . . . . . . . . . . . . . . . . . . 11

Transparent bridge mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Transparent router mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Explicit proxy mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Deployment strategies for using the device in a DMZ . . . . . . . . . . . . . . . . . . . 14SMTP configuration in a DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . 15Workload management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2 Installing the McAfee Email Gateway appliance 17Installation quick reference table . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Ports and connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Physically installing the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Mounting the appliance in a rack . . . . . . . . . . . . . . . . . . . . . . . . 18Connect to the network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Port numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Using Copper LAN connections . . . . . . . . . . . . . . . . . . . . . . . . . 19Using Fiber LAN connections . . . . . . . . . . . . . . . . . . . . . . . . . . 20Monitor, mouse and keyboard . . . . . . . . . . . . . . . . . . . . . . . . . 20

Supplying power to the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Overview task — Installing the software . . . . . . . . . . . . . . . . . . . . . . . . 21

Task — Downloading the installation software . . . . . . . . . . . . . . . . . . . 21Task — Creating a CD from the installation software image . . . . . . . . . . . . . 22

Using the Configuration Console . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Welcome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Performing a Standard Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 23Performing a Custom Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 25Restoring from a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36ePO Managed Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Encryption Only Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3 A tour of the Dashboard 53Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

McAfee® Email Gateway 7.0 Appliances Installation Guide 3


Benefits of using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . 53Dashboard portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

4 Testing the configuration 57Task — Test connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Task — Update the DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Task — Test mail traffic and virus detection . . . . . . . . . . . . . . . . . . . . . . . 58Task — Testing spam detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

5 Exploring the appliance features 59Introduction to policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Task — Identify quarantined email messages . . . . . . . . . . . . . . . . . . . 61Compliance Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Data Loss Prevention settings . . . . . . . . . . . . . . . . . . . . . . . . . 65

Index 67

Contents



Preface

Contents

About this guide Finding product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

ConventionsThis guide uses the following typographical conventions and icons.

Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.

Bold Text that is strongly emphasized.

User input or Path Commands and other text that the user types; the path of a folder or program.

Code A code sample.

User interface Words in the user interface including options, menus, buttons, and dialogboxes.

Hypertext blue A live link to a topic or to a website.

Note: Additional information, like an alternate method of accessing an option.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardwareproduct.



Graphical conventionsUse this information to understand the graphical symbols used within this document.

Appliance Internet or external networks

Mail Server Other servers (such as DNSservers)

User or client computer Router

Switch Firewall

Network zone (DMZ or VLAN) Network

Actual data path Perceived data path

Definition of terms used in this guideUse this information to understand some of the key terms used in this document.

Term Definition

demilitarized zone(DMZ)

A computer host or small network inserted as a buffer between a private networkand the outside public network to prevent direct access from outside users toresources on the private network.

DAT files Detection definition (DAT) files, also called signature files, containing thedefinitions that identify, detect, and repair viruses, Trojan horses, spyware,adware, and other potentially unwanted programs (PUPs).

operational mode Three operating modes for the product: explicit proxy mode, transparent bridgemode, and transparent router mode.

policy A collection of security criteria, such as configuration settings, benchmarks, andnetwork access specifications, that defines the level of compliance required forusers, devices, and systems that can be assessed or enforced by a McAfeesecurity application.

ReputationService check

Part of sender authentication. If a sender fails the Reputation Service check, theappliance is set to close the connection and deny the message. The sender's IPaddress is added to a list of blocked connections and is automatically blocked infuture at the kernel level.

How to use this guideThis topic gives a brief summary of the information contained within this document.

This guide helps you to:

• Plan and perform your installation.

• Become familiar with the interface.

PrefaceAbout this guide



• Test that the product functions correctly.

• Apply the latest detection definition files.

• Explore some scanning policies, create reports, and get status information.

• Troubleshoot basic issues.

You can find additional information about the product's scanning features in the online help within theproduct and the McAfee Email Gateway 7.0 Administrators Guide.

Finding product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and troubleshooting. After a product is released, information about the productis entered into the McAfee online KnowledgeBase.

Task

1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation 1 Click Product Documentation.

2 Select a product, then select a version.

3 Select a product document.

KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions.

• Click Browse the KnowledgeBase for articles listed by product and version.

PrefaceFinding product documentation



http://mysupport.mcafee.com

PrefaceFinding product documentation



1 Preparing to install

To ensure the safe operation of McAfee® Email Gateway 7.0, consider the following before you beginthe installation.

• Familiarize yourself with its operational modes and capabilities. It is important that you choose avalid configuration.

• Decide how to integrate the appliance into your network and determine what information you needbefore you start. For example, the name and IP address for the device.

• Unpack the product as close to its intended location as possible.

• Remove the product from any protective packaging and place it on a flat surface.

• Observe all provided safety warnings.

Review and be familiar with all provided safety information.

Contents

What's in the box Plan the installation Inappropriate use Operating conditions Positioning the appliance Considerations about network modes Deployment strategies for using the device in a DMZ

What's in the boxUse this information to ensure that you have a complete shipment for your product.

To check that all components are present, refer to the packing list supplied with your product.

Generally, you should have:

• An appliance • McAfee Email Gateway installation and recovery CD

• Power cords • Linux source code CD

• Network cables • Documentaiton CD

If an item is missing or damaged, contact your supplier.

1



Plan the installationUse this information when planning the installation of your device.

Before unpacking your McAfee Email Gateway, it is important to plan the installation and deployment.

Consider the following:

• Environmental requirements.

Information on environmental site requirements, including temperature, airflow, and spacerequirements.

• Power requirements and considerations.

Power requirements and electrical factors that must be considered before installation.

• Hardware specifications and requirements.

• Configuration scenarios.

• Preparing for installation.

Inappropriate useUse this information to avoid using this product inappropriately.

McAfee® Email Gateway is:

• Not a firewall. — You must use it within your organization behind a correctly configured firewall.

• Not a server for storing extra software and files. — Do not install any software on the deviceor add any extra files to it unless instructed by the product documentation or your supportrepresentative.

The device cannot handle all types of traffic. If you use explicit proxy mode, only protocols that are tobe scanned should be sent to the device.

Operating conditionsUse this information to understand the environmental conditions needed for your McAfee EmailGateway.

Temperature 10 to 35°C (50 to 95°F).

Relative humidity 20% to 80% (non-condensing) with a maximum humidity gradient of 10% perhour.

Maximum vibration 0.25 G at 3–200 Hz for 15 minutes.

Maximum shock One shock pulse in the positive z axis (one pulse on each side of the unit) of 31G for up to 2.6 ms.

Altitude -16 to 3,048 m (-50 to 10,000 ft.).

1 Preparing to installPlan the installation



Positioning the applianceUse this information to understand where the McAfee Email Gateway should be placed before settingup and using it.

Select the final position for the appliance and install it so that it meets the operating conditions, sothat you can control physical access to the appliance, and so that you can access all ports andconnections on both the front and the rear panels..

A rack-mounting kit is supplied with the appliance, allowing you to install the appliance in a 19-inch rack.

Considerations about network modesUse this information to gain an understanding of the operational (or network) modes in which thedevice can operate.

Before you install and configure your McAfee Email Gateway, you must decide which network mode touse. The mode you choose determines how you physically connect your appliance to your network.

You can choose from the following network modes:

• Transparent bridge mode — The device acts as an Ethernet bridge.

• Transparent router mode — The device acts as a router.

• Explicit proxy mode — The device acts as a proxy server and a mail relay.

If you are still unsure about the mode to use after reading this and the following sections, consult yournetwork expert.

Architectural considerations about network modes

The main considerations regarding the network modes are:

• Whether communicating devices are aware of the existence of the device. That is, if the device isoperating in one of the transparent modes.

• How the device physically connects to your network.

• The configuration needed to incorporate the device into your network.

• Where the configuration takes place in the network.

Considerations before changing network modes

In explicit proxy and transparent router modes, you can set up the device to sit on more than onenetwork by setting up multiple IP addresses for the LAN1 and LAN2 ports.

If you change to transparent bridge mode from explicit proxy or transparent router mode, only theenabled IP addresses for each port are carried over.

After you select a network mode, McAfee recommends not changing it unless you move the device orrestructure your network.

Transparent bridge modeUse this information to better understand Transparent bridge mode on your McAfee Email Gateway.

In transparent bridge mode, the communicating servers are unaware of the device — the device’soperation is transparent to the servers.

Preparing to installPositioning the appliance 1



In the figure, the external mail server (A) sends email messages to the internal mail server (C). Theexternal mail server is unaware that the email message is intercepted and scanned by the device (B).

The external mail server seems to communicate directly with the internal mail server — the path isshown as a dotted line. In reality, traffic might pass through several network devices and beintercepted and scanned by the device before reaching the internal mail server.

What the device does in transparent bridge mode

In transparent bridge mode, the device connects to your network using the LAN1 and LAN2 ports. Thedevice scans the traffic it receives, and acts as a bridge connecting two network segments, but treatsthem as a single logical network.

Configuration in transparent bridge mode

Transparent bridge mode requires less configuration than transparent router and explicit proxy modes.You do not need to reconfigure all your clients, default gateway, MX records, Firewall NAT or mailservers to send traffic to the device. Because the device is not a router in this mode, you do not needto update a routing table.

Where to place the device when using transparent bridge mode

For security reasons, you must use the device inside your organization, behind a firewall.

In transparent bridge mode, position the device between the firewall and your router, as shown.

In this mode, you physically connect two network segments to the device, and the device treats themas one logical network. Because the devices — firewall, device, and router — are on the same logicalnetwork, they must all have compatible IP addresses on the same subnet.

Devices on one side of the bridge (such as a router) that communicate with devices on the other sideof the bridge (such as a firewall) are unaware of the bridge. They are unaware that traffic isintercepted and scanned, therefore the device is said to operate as a transparent bridge.

Transparent router modeUse this information to better understand Transparent router mode on your McAfee Email Gateway.

In transparent router mode, the device scans email traffic between two networks. The device has oneIP address for outgoing scanned traffic, and must have one IP address for incoming traffic.

The communicating network servers are unaware of the intervention of the device — the device’soperation is transparent to the devices.

What the device does in transparent router mode

In transparent router mode, the device connects to your networks using the LAN1 and LAN2 ports.The device scans the traffic it receives on one network, and forwards it to the next network device ona different network. The device acts as a router, routing the traffic between networks, based on theinformation held in its routing tables.

1 Preparing to installConsiderations about network modes



Configuration in transparent router mode

Using transparent router mode, you do not need to explicitly reconfigure your network devices to sendtraffic to the device. You need only configure the routing table for the device, and modify some routinginformation for the network devices on either side of it (the devices connected to its LAN1 and LAN2ports). For example, you might need to make the device your default gateway.

In transparent router mode, the device must join two networks. The device must be positioned insideyour organization, behind a firewall.

Transparent router mode does not support Multicast IP traffic or non-IP protocols, such as NETBEUI andIPX.

Firewall rules

In transparent router mode, the firewall connects to the physical IP address for the LAN1/LAN2connection to the management blade.

Where to place the device

Use the device in transparent router mode to replace an existing router on your network.

If you use transparent router mode and you do not replace an existing router, you must reconfigure partof your network to route traffic correctly through the device.

You need to:

• Configure your client devices to point to the default gateway.

• Configure the device to use the Internet gateway as its default gateway.

• Ensure your client devices can deliver email messages to the mail servers within your organization.

Explicit proxy modeUse this information to better understand explicit proxy mode on your McAfee Email Gateway.

In explicit proxy mode, some network devices must be set up explicitly to send traffic to the device.The device then works as a proxy or relay, processing traffic on behalf of the devices.

Explicit proxy mode is best suited to networks where client devices connect to the device through asingle upstream and downstream device.

This might not be the best option if several network devices must be reconfigured to send traffic to thedevice.

Network and device configuration

If the device is set to explicit proxy mode, you must explicitly configure your internal mail server torelay email traffic to the device. The device scans the email traffic before forwarding it, on behalf ofthe sender, to the external mail server. The external mail server then forwards the email message tothe recipient.

In a similar way, the network must be configured so that incoming email messages from the Internetare delivered to the device, not the internal mail server.

The device scans the traffic before forwarding it, on behalf of the sender, to the internal mail server fordelivery, as shown.

Preparing to installConsiderations about network modes 1



For example, an external mail server can communicate directly with the device, although traffic mightpass through several network servers before reaching the device. The perceived path is from theexternal mail server to the device.

Protocols

To scan a supported protocol, you must configure your other network servers or client computers toroute that protocol through the device, so that no traffic bypasses the device.

Firewall rules

Explicit proxy mode invalidates any firewall rules set up for client access to the Internet. The firewallsees only the IP address information for the device, not the IP addresses of the clients, so the firewallcannot apply its Internet access rules to the clients.

Where to place the device

Configure the network devices so that traffic needing to be scanned is sent to the device. This is moreimportant than the location of the device.

The router must allow all users to connect to the device.

The device must be positioned inside your organization, behind a firewall, as shown in Figure 6:Explicit proxy configuration.

Typically, the firewall is configured to block traffic that does not come directly from the device. If youare unsure about your network’s topology and how to integrate the device, consult your network expert.

Use this configuration if:

• The device is operating in explicit proxy mode.

• You are using email (SMTP).

For this configuration, you must:

• Configure the external Domain Name System (DNS) servers or Network Address Translation (NAT)on the firewall so that the external mail server delivers mail to the device, not to the internal mailserver.

• Configure the internal mail servers to send email messages to the device. That is, the internal mailservers must use the device as a smart host. Ensure that your client devices can deliver emailmessages to the mail servers within your organization.

• Ensure that your firewall rules are updated. The firewall must accept traffic from the device, butmust not accept traffic that comes directly from the client devices. Set up rules to preventunwanted traffic entering your organization.

Deployment strategies for using the device in a DMZUse this information to understand about demilitarized zones within your network, and how to usethem to protect your email servers.

A demilitarized zone (DMZ) is a network separated by a firewall from all other networks, including theInternet and other internal networks. The typical goal behind the implementation of a DMZ is to lockdown access to servers that provide services to the Internet, such as email.

Hackers often gain access to networks by identifying the TCP/UDP ports on which applications arelistening for requests, then exploiting known vulnerabilities in applications. Firewalls dramaticallyreduce the risk of such exploits by controlling access to specific ports on specific servers.

1 Preparing to installDeployment strategies for using the device in a DMZ



The device can be added easily to a DMZ configuration. The way you use the device in a DMZ dependson the protocols you intend to scan.

SMTP configuration in a DMZUse this information to understand how to configure SMTP devices within a demilitarized zone on yournetwork.

The DMZ is a good location for encrypting mail. By the time the mail traffic reaches the firewall for thesecond time (on its way from the DMZ to the Internet), it has been encrypted.

Devices which scan SMTP traffic in a DMZ are usually configured in explicit proxy mode.

Configuration changes need only be made to the MX records for the mail servers.

NOTE: You can use transparent bridge mode when scanning SMTP within a DMZ. However, if you do notcontrol the flow of traffic correctly, the device scans every message twice, once in each direction. Forthis reason, explicit proxy mode is usually used for SMTP scanning.

Mail relay

If you have a mail relay already set up in your DMZ, you can replace the relay with the device.

To use your existing firewall policies, give the device the same IP address as the mail relay.

Mail gateway

SMTP does not provide methods to encrypt mail messages — you can use Transport Layer Security(TLS) to encrypt the link, but not the mail messages. As a result, some companies do not allow suchtraffic on their internal network. To overcome this, they often use a proprietary mail gateway, such asLotus Notes® or Microsoft® Exchange, to encrypt the mail traffic before it reaches the Internet.

To implement a DMZ configuration using a proprietary mail gateway, add the scanning device to theDMZ on the SMTP side of the gateway.

In this situation, configure:

• The public MX records to instruct external mail servers to send all inbound mail to the device(instead of the gateway).

• The device to forward all inbound mail to the mail gateway, and deliver all outbound mail usingDNS or an external relay.

• The mail gateway to forward all inbound mail to the internal mail servers and all other (outbound)mail to the device.

• The firewall to allow inbound mail that is destined for the device only.

Firewalls configured to use Network Address Translation (NAT), and that redirect inbound mail tointernal mail servers, do not need their public MX records reconfigured. This is because they aredirecting traffic to the firewall rather than the mail gateway itself. In this case, the firewall must insteadbe reconfigured to direct inbound mail requests to the device.

Preparing to installDeployment strategies for using the device in a DMZ 1



Firewall rules specific to Lotus NotesUse this information to identify specific considerations when protecting Lotus Notes systems.

By default, Lotus Notes servers communicate over TCP port 1352. The firewall rules typically used tosecure Notes servers in a DMZ allow the following through the firewall:

• Inbound SMTP requests (TCP port 25) originating from the Internet and destined for the device

• TCP port 1352 requests originating from the Notes gateway and destined for an internal Notes server

• TCP port 1352 requests originating from an internal Notes server and destined for the Notes gateway

• SMTP requests originating from the device and destined for the Internet

All other SMTP and TCP port 1352 requests are denied.

Firewall rules specific to Microsoft ExchangeUse this information to identify specific considerations when protecting Microsoft Exchange systems.

A Microsoft Exchange-based mail system requires a significant workaround.

When Exchange servers communicate with each other, they send their initial packets using the RPCprotocol (TCP port 135). However, once the initial communication is established, two ports are chosendynamically and used to send all subsequent packets for the remainder of the communication. Youcannot configure a firewall to recognize these dynamically-chosen ports. Therefore, the firewall doesnot pass the packets.

The workaround is to modify the registry on each of the Exchange servers communicating across thefirewall to always use the same two “dynamic” ports, then open TCP 135 and these two ports on thefirewall.

We mention this workaround to provide a comprehensive explanation, but we do not recommend it.The RPC protocol is widespread on Microsoft networks — opening TCP 135 inbound is a red flag tomost security professionals.

If you intend to use this workaround, details can be found in the following Knowledge Base article onthe Microsoft website:

http://support.microsoft.com/kb/q176466/

Workload managementUse this information to learn about the workload management features of McAfee Email Gateway.

The appliances includes its own internal workload management, distributing the scanning load evenlybetween all appliances configured to work together.

You do not need to deploy an external load balancer.

1 Preparing to installDeployment strategies for using the device in a DMZ



http://support.microsoft.com/kb/q176466/

2 Installing the McAfee Email Gatewayappliance

Use this information to understand the recommended process to install, connect and configure yourMcAfee Email Gateway.

McAfee recommends that you consider installing the McAfee Email Gateway in the following order:

1 Unpack the McAfee Email Gateway and confirm no parts are missing (check against parts lists inthe box)

2 Rack-mount the McAfee Email Gateway

3 Connect the peripherals and power (monitor, keyboard).

4 Connect the McAfee Email Gateway to the network, noting deployment scenarios and intendednetwork mode.

5 Install the software onto the McAfee Email Gateway

6 Use the Configuration Console to carry out the basic configuration (server name, IP addresses,gateway, and so on).

7 Connect to the administration interface.

8 Run the Setup Wizard.

9 Route test network traffic through the McAfee Email Gateway

10 Test that the network traffic is being scanned.

11 Configure policies and reporting.

12 Route production traffic through the McAfee Email Gateway.

Connecting the McAfee Email Gateway to your network can disrupt Internet access or other networkservices. Ensure that you have arranged network down-time for this, and that you schedule this duringperiods of low network usage.

Contents

Installation quick reference table Ports and connections Physically installing the appliance Connect to the network Supplying power to the appliance Overview task — Installing the software Using the Configuration Console

2



Installation quick reference tableUse this information as a quick reference when installing the McAfee Email Gateway.

This step... ... is describedhere.

1. Unpack the pallet and check the contents against the parts lists in the box. Part List

2. Connect the peripherals and power.

3. Connect the appliance to the network.

4. Install the software.

5. Perform basic configuration.

6. Connect to the administration interface.

7. Route the test network traffic through the appliance.

8. Test that the network traffic is being scanned.

9. Configure policies and reporting.

10. Configure production traffic through the system.

Ports and connectionsInformation regarding the ports and connections are no longer held within this guide.

For information about the ports and connections on your appliance, please refer to the McAfee EmailGateway Port Identification Guide.

Physically installing the applianceUse this task to physically connect your appliance to your network.

Task

1 Remove the appliance from the protective packaging and place it on a flat surface.

2 If you are going to install the appliance in a 19-inch rack, perform the steps in Mounting theappliance in a rack.

3 Connect a monitor, keyboard and mouse to the appliance.

4 Connect power leads to the monitor and the appliance, but do not connect to the power supplies yet.

5 Connect the appliance to the network, taking into consideration your chosen operating mode.

Mounting the appliance in a rackUse this information to mount your appliance into a rack.

The rack kit enables you to install the appliance into a four-post rack. The kit can be used with mostindustry-standard 19-inch rack cabinets.

2 Installing the McAfee Email Gateway applianceInstallation quick reference table



The rack kit contains:

• 2 mounting rails

• 8 screws

• 2 releasable tie wraps

You will need a screwdriver that is suitable for use with the supplied screws.

Make sure you follow the supplied safety warnings. Always load the rack from the bottom up. If you areinstalling multiple appliances, start with the lowest available position first.

Connect to the networkLearn how to connect your Email Gateway to your network.

This section describes how to connect the appliance to your network.

The ports and cables that you use to connect the appliance to your network depend on how you aregoing to use the appliance. For information about network modes, see Considerations about networkmodes.

Port numbersUse this information to understand some of the important ports used by your appliance.

When you connect the appliance to your network, use the following port numbers:

• For HTTPS, use Port 443. • For POP3, use port 110.

• For HTTP, use Port 80. • For FTP, use Port 21.

• For SMTP, use Port 25.

Using Copper LAN connectionsUnderstand how to connect your Email Gateway to your network using copper connections.

Using the LAN1 and LAN2 switch connections and the supplied network cables (or equivalent Cat 5e orCat 6 Ethernet cables), connect the appliance to your network according to the network mode youhave chosen.

If you have DHCP configured on your network, the IP addresses for these ports are now automaticallyallocated.

Transparent bridge mode

Use the copper LAN cables (supplied) to connect the Email Gateway LAN1 and LAN2 switches to yournetwork so that the appliance is inserted into the data stream.

Transparent router mode

The Email Gateway functions as a router. The LAN segments connected to its two network interfacesmust therefore be on different IP subnets. It must replace an existing router, or a new subnet must becreated on one side of the appliance. Do this by changing the IP address or the netmask used by thecomputers on that side.

Installing the McAfee Email Gateway applianceConnect to the network 2



Explicit proxy mode

Use a copper LAN cable (supplied) to connect the LAN1 or LAN2 switch to your network. The cable is astraight-through (uncrossed) cable, and connects the appliance to a normal uncrossed RJ-45 networkswitch.

In explicit proxy mode, the unused switch connection can be used as a dedicated management port.To manage the appliance locally, use a crossover Cat 5e Ethernet cable to connect the appliance toyour local computer’s network card.

Using Fiber LAN connectionsUnderstand how to connect your Email Gateway to your network using fiber-optic connections.

Using the LAN1 and LAN2 switch connections and the fiber cables, connect the appliance to yournetwork according to the network mode you have chosen.

Transparent bridge mode

Use the fiber cables to connect the LAN1 and LAN2 switches to your network.

Transparent router mode

Use the fiber cables to connect the LAN1 and LAN2 switches to different IP subnets.

Explicit proxy mode

Use a fiber cable to connect the appliance’s LAN1 switches to your network.

In explicit proxy mode, the unused connector can be used as a dedicated management port. If yourmanagement computer has a compatible Network Interface Card (NIC), connect it to the remainingconnector for local management.

Monitor, mouse and keyboardUse this information to connect a computer monitor, the mouse and the keyboard to your McAfeeEmail Gateway.

Connect a computer monitor to the VGA connector on your McAfee Email Gateway.

Connect the keyboard and mouse to USB connectors on the McAfee Email Gateway

Supplying power to the applianceUse this task to supply power to the appliance and to switch it on.

Task

1 Connect the monitor and appliance power cables to power outlets.

If the power cord is not suitable for the country of use, contact your supplier.

2 Switch on the appliance by pushing the power button.

After booting up, the Configuration Console appears on the monitor.

2 Installing the McAfee Email Gateway applianceSupplying power to the appliance



Overview task — Installing the softwareUse this task as an overview of the software installation process for McAfee Email Gateway.

Task

1 From a computer with internet access, download the latest version of the Email and Web Securitysoftware from the McAfee download site. (You will need your Grant Number to do this.)

2 Create a CD from this image.

3 With the device switched on, insert the CD into the CD-ROM drive.

4 Re-boot the device.

As the McAfee Email Gateway reboots, the software is installed on the device.

Tasks

• Task — Downloading the installation software on page 21Use this task to download the most up-to-date version of the McAfee Email Gatewaysoftware.

• Task — Creating a CD from the installation software image on page 22Use this task to create an installation CD from the downloaded software image.

Task — Downloading the installation softwareUse this task to download the most up-to-date version of the McAfee Email Gateway software.

Before you begin

• Read your product installation guide.

• Get the McAfee grant ID number that you received when you purchased McAfee EmailGateway.

McAfee provides the software as an .iso file (for creating CDs for installation on physical appliances),available from the McAfee download website.

Task

1 Go to the McAfee website http://www.mcafee.com. Hover your cursor over your business type andclick Downloads.

2 From My Products - Downloads, click Login.

3 Type the McAfee grant ID number that you received when you purchased McAfee Email Gateway,and click Submit.

4 From the list of products, select Email Gateway.

5 Agree to the license terms, select the latest version and download it.

McAfee recommends that you read the Release Notes that accompany the software image beforeyou continue with the installation.

Installing the McAfee Email Gateway applianceOverview task — Installing the software 2



http://www.mcafee.com

Task — Creating a CD from the installation software imageUse this task to create an installation CD from the downloaded software image.

Before you begin

• Download the software image in .iso file format.

• Ensure that you have a method to validate the downloaded .iso file, by comparing theMD5 checksums.

• Ensure that you have a suitable writable CD-ROM drive connected to your computersystem and suitable writeable CDs.

• Ensure that you have suitable CD creation software — able to create a CD image froman .iso file — installed on your computer system,

From a computer that can access the downloaded .iso image, carry out the following steps.

Task

1 Validate the downloaded .iso file, by generating an MD5 checksum, and comparing it with theinformation given on the download site.

2 Following the instructions supplied with your CD Creation software, open the software.

3 Following the workflow for your CD Creation software, select your writable CD-ROM drive, and theMcAfee Email Gateway .iso file and insert a blank writable CD into the CD-ROM drive..

4 Create the installation CD.

Using the Configuration ConsoleUnderstand how to use the configuration console to set up your McAfee Email Gateway.

You can now configure your Email Gateway either from the Configuration Console, or from the SetupWizard within the user interface.

The Configuration Console launches automatically at the end of the startup sequence after either:

• an unconfigured Email Gateway starts,

• or after a Email Gateway is reset to its factory defaults.

When launched, the Configuration Console provides you with options to either configure your device inyour preferred language from the Email Gateway console, or provides instructions for you to connectto the Setup Wizard within the user interface from another computer on the same class C subnet. Bothmethods provide you with the same options to configure your Email Gateway.

From the Configuration Console, you can configure a new installation of the appliance software.However, to configure your appliance using a previously saved configuration file, you need to log ontothe appliance user interface, and run the setup Wizard (System | Setup Wizard).

This version of the software also introduces automatic configuration using DHCP for the followingparameters:

• Host name • DNS server

• Domain name • Leased IP address

• Default gateway • NTP server

2 Installing the McAfee Email Gateway applianceUsing the Configuration Console



Welcome Use this page to select the type of installation that you want to follow.

This is the first page of the Setup Wizard. Use this page to select the type of installation you want toperform.

• Standard Setup (default) — use this option to set up your device in transparent bridge mode, andconfigure it to protect your network. The SMTP protocol is enabled by default. You can choose toenable scanning of POP3 traffic.

Choosing Standard Setup forces the device to run in transparent bridge mode.

• Custom Setup — use this option to select the operating mode for your device. You can choose toprotect mail traffic using SMTP and POP3 protocols. You should use this if you need to configureIPv6 and to make other changes to the default configuration.

• Restore from a file — (not available from the Configuration Console) use this to set up your devicebased on a previously saved configuration. Following the import of the file you will be able to checkthe imported settings before finishing the wizard. If the file came from an earlier McAfee Email andWeb Security Appliance, some details are not available.

• ePO Managed Setup — use this to set up your device so that it can be managed by your ePolicyOrchestrator server. Only minimal information is needed, as the device will get most of itsconfiguration information from your ePolicy Orchestrator server.

• Encryption Only Setup — use this option to set up your appliance as a standalone encryption server.

The appliance operates in one of the following modes — transparent bridge, transparent router, orexplicit proxy. The mode affects how you integrate the appliance into your network and how theappliance handles traffic. You will need to change the mode only if you restructure your network.

Performing a Standard SetupUse this information to understand the purpose of the Standard Setup.

Standard Setup enables you to quickly set up your McAfee Email Gateway using the most commonoptions. Use this option to set up your device in transparent bridge mode, and configure it to protectyour network. The SMTP protocol is enabled by default. You can choose to enable scanning of POP3traffic.

Choosing Standard Setup forces the device to run in transparent bridge mode.

For the Standard Setup, the wizard includes these pages:

• Email Configuration

• Basic Settings

• Summary

Installing the McAfee Email Gateway applianceUsing the Configuration Console 2



Email Configuration page (Standard Setup)This information describes the options available on this page.

Option Definition

Enable protection againstPotentially Unwanted Programs

Click to activate protection against Potentially Unwanted Programs. Readthe advice from McAfee about the effects that activating this protectioncan have.

Enable McAfee Global ThreatIntelligence feedback

Select this option to enable McAfee Global Threat feedback.

Click What is this? to read about how the feedback is used, and view theMcAfee Privacy Policy.

Local relay domain Enter both the IP address and netmask for your local relay domain.

Basic Settings page (Standard Setup)Use this page in the Standard Setup wizard, to specify basic settings for the appliance in transparentbridge mode.

Option Definition

Device name Specifies a name, such as appliance1.

Domain name Specifies a name, such as domain1.com.

IP address Specifies an address, such as 198.168.200.10.

The fully qualified domain name (Device name.Domain name) must resolve to this IPaddress when the DNS server (specified here) is called. We recommend that this IPaddress resolves to the FQDN in a reverse lookup.

Subnet Specifies a subnet address, such as 255.255.255.0.

Gateway Address Specifies an address, such as 198.168.10.1. This is likely to be a router or afirewall. You can test later that the appliance can communicate with this device.

DNS Server IP Specifies the address of a Domain Name Server that the appliance uses to convertwebsite addresses to IP addresses. This can be an Active Directory or a DomainName Service server. You can test later that the appliance can communicate withthis server.

Mode Specifies the mode — Transparent Bridge, Transparent Router or Explicit Proxy.

User ID The scmadmin user is the super administrator. You cannot change or disable thisaccount and the account cannot be deleted. However, you can add more loginaccounts after installation.

Current Password/New Password

The original default password is password. Specify the new password. Change thepassword as soon as possible to keep your appliance secure.

You must type the new password twice to confirm it.

Appliance Timezone

Specifies the time zone of the appliance. You might need to set this twice each yearif your region observes daylight saving time. The zones are organized from west toeast to cover mid-Pacific, America, Europe, Asia, Africa, India, Japan, and Australia.

Appliance Time(UTC)

Specifies the date and UTC time for the appliance. To select the date, click thecalendar icon. You can determine the UTC time from websites such as http://www.worldtimeserver.com.

Set Now When clicked, applies the date and UTC time that you specified in this row.

Client Time Displays the time according to the client computer from which your browser iscurrently connected to the appliance.




Option Definition

Synchronizeappliance with client

When selected, the time in the Appliance Time (UTC) immediately takes its value fromClient Time. You can use this checkbox as an alternative to manual setting of ApplianceTime (UTC). The appliance calculates the UTC time based on the time zone that it findson the client's browser.

Ensure that the client computer is aware of any daylight savings adjustments. To findthe setting on Microsoft Windows, right-click the time display in the bottom rightcorner of the screen.

NTP server address To use Network Time Protocol (NTP) , specify the server address.

Alternatively, you can configure NTP later.

Summary page (Standard Setup)Use this page in the Standard Setup wizard, to review a summary of the settings that you have madefor the network connections and scanning of the network traffic.

To change any value, click its blue link to display the page where you originally typed the value.

After you click Finish, the setup wizard has completed, and the appliance is configured as a transparentbridge.

Use the IP address shown here to access the interface. For example https://192.168.200.10.

The address begins with https, not http.

When you first log on to the interface, type the user name, admin and the password that you gave onthe Basic Settings page.

Table 2-1

Option Definition

The value is set according to best practice.

The value is probably not correct. Although the value is valid, it is not set according to bestpractice. Check the value before continuing.

No value has been set. The value has not been changed from the default. Check the valuebefore continuing.

Performing a Custom SetupUse this information to understand the purpose of the custom setup.

Use the Custom Setup to give you greater control in the options that you can select, including theoperating mode for your device. You can choose to protect mail traffic using SMTP and POP3 protocols.You should use this configuration option if you need to configure IPv6 and to make other changes tothe default configuration.

For the Custom Setup, the wizard includes these pages:

• Email Configuration • DNS and Routing

• Basic Settings • Time Settings

• Network Settings • Password

• Cluster Management • Summary




Basic Settings page (Custom Setup)Use this page when selecting the Custom Setup wizard, to specify basic settings for the appliance.

The appliance tries to provide some information for you, and shows the information highlighted inamber. To change the information, click and retype.

Option Definition

Cluster mode Defines the options that appear on the Cluster Management page of the Setup Wizard.

• Off — This is a standard appliance.

• Cluster Scanner — The appliance receives its scanning workload from a master appliance.

• Cluster Master — The appliance controls the scanning workload for several otherappliances.

• Cluster Failover — If the master fails, this appliance controls the scanning workloadinstead.



Default Gateway Specifies an IPv4 address, such as 198.168.10.1. You can test later that the appliancecan communicate with this server.

Next Hop Router Specifies an IPv6 address, such as FD4A:A1B2:C3D4::1.

Network Interface Becomes available when you set the Next Hop Router for IPv6.

Network Settings pageUse these options to view and configure the IP address and network speeds for the appliance. You canuse IPv4 and IPv6 addresses, separately or in combination.

To prevent duplication of IP addresses on your network and to deter hackers, give the appliance newIP addresses, and disable the default IP addresses. The IP addresses must be unique and suitable foryour network. Specify as many IP addresses as you need.

Option Definition

<mode> The operating mode that you set during installation or in the Setup Wizard

Network Interface 1 Expands to show the IP address and netmask associated with Network Interface1, the auto-negotiation state, and the size of the MTU.

Network Interface 2 Expands to show the IP address and netmask associated with Network Interface2, the auto-negotiation state, and the size of the MTU

Change NetworkSettings

Click to open the Network Interface Wizard to specify the IP address and adaptersettings for NIC 1 and NIC 2, and change the chosen operating mode.

View Network InterfaceLayout

Click to see the <?> associated with LAN1, LAN2, and the out of band interface

Network Interfaces Wizard Use the Network Interfaces Wizard to change the chosen operating mode, and specify the IP addressand adapter settings for NIC 1 and NIC 2.

The options you see in the Network Interfaces Wizard depend on the operating mode. On the firstpage of the wizard, you can choose to change the operating mode for the appliance. You can changethe settings by clicking Change Network Settings to start a wizard. Click Next to progress through the wizard.

In Explicit Proxy mode, some network devices send traffic to the appliances. The appliance thenworks as a proxy, processing traffic on behalf of the devices.




In Transparent Router or Transparent Bridge mode, other network devices, such as mail servers,are unaware that the appliance has intercepted and scanned the email before forwarding it. Theappliance's operation is transparent to the devices.

If you have a standalone appliance running in transparent bridge mode, you will have the option to adda bypass device in case the appliance fails.

If the appliance is operating in Transparent Bridge mode, and the Spanning Tree Protocol (STP) isrunning on your network, make sure that the appliance is configured according to STP rules.Additionally, you can set up a bypass device in transparent bridge mode.

Network Interfaces Wizard — Explicit Proxy modeUse the Network Interfaces Wizard to change the chosen operating mode, and specify the IP addressand adapter settings for NIC 1 and NIC 2.

This version of the Network Interfaces Wizard becomes available when you select the Explicit Proxymode.

Specify the details for Network Interface 1, then use the Next button to set details for Network Interface2 as necessary.

Network Interface 1 or Network Interface 2 page

Option Definition

IP Address Specifies network addresses to enable the appliance to communicate with yournetwork. You can specify multiple IP addresses for the appliance’s network ports. TheIP address at the top of a list is the primary address. Any IP addresses below it arealiases.

You must have at least one IP address in both Network Interface 1 and NetworkInterface 2. However, you can deselect the Enabled option next to any IP addresses thatyou do not wish to listen on.

Network Mask Specifies the network mask. In IPv4, you can use a format such as 255.255.255.0, orCIDR notation, such as 24. In IPv6, you must use the prefix length, for example, 64.

Enabled When selected, the appliance accepts connections on the IP address.

Virtual When selected, the appliance treats this IP address as a virtual address.

This option only appears in cluster configurations, or on a McAfee Content SecurityBlade Server.




Option Definition

New Address/Delete SelectedAddresses

Add a new address, or remove a selected IP address.

NIC 1 AdapterOptions or NIC2 AdapterOptions

Expand to set the following options:

• MTU size — specifies the Maximum Transmission Unit (MTU) size. The MTU is themaximum size (expressed in bytes) of a single unit of data (for example, anEthernet Frame) that can be sent over the connection. The default value is 1500 bytes.

• Autonegotiation state — either:

• On — allows the appliance to negotiate the speed and duplex state forcommunicating with other network devices.

• Off — allows you to select the speed and duplex state.

• Connection speed — provides a range of speeds. Default value is 100MB.

• Duplex state — provides duplex states. Default value is Full duplex.

• Enable IPv6 auto-configuration — Select this option to allow the appliance to automaticallyconfigure its IPv6 addresses and IPv6 default next-hop router, by receiving RouterAdvertisement messages sent from your IPv6 router.

This option is unavailable by default if your appliance is running in transparent routermode, or is part of a cluster configuration, or running as part of a Blade Serverinstallation.

Network Interfaces Wizard — Transparent Router modeUse the Network Interfaces Wizard to change the chosen operating mode, then specify the IP addressand adapter settings for NIC 1 and NIC 2.

Network Interface 1 or Network Interface 2 pages

Option Definition

IP Address Specifies network addresses to enable the appliance to communicate with yournetwork. You can specify multiple IP addresses for the appliance’s ports. The IPaddress at the top of a list is the primary address. Any IP addresses below it arealiases.

Network Mask Specifies the network mask, for example: 255.255.255.0. In IPv4, you can use aformat such as 255.255.255.0, or CIDR notation, such as 24. In IPv6, you must usethe prefix length, for example, 64.

Enabled When selected, the appliance accepts connections on that IP address.

Virtual When selected, the appliance treats this IP address as a virtual address. This optiononly appears in cluster configurations, or on a McAfee Content Security Blade Server.




Option Definition



NIC 1 AdapterOptions or NIC 2Adapter Options


• MTU size — specifies the Maximum Transmission Unit (MTU) size. The MTU is themaximum size (expressed in bytes) of a single unit of data (for example, anEthernet Frame) that can be sent over the connection. The default value is 1500 bytes.






• Enable IPv6 auto-configuration — select this option to allow the appliance automaticallyconfigure its IPv6 addresses and IPv6 default next-hop router, by receiving RouterAdvertisement messages sent from your IPv6 router.


• Enable sending IPv6 router advertisements on this interface

Network Interfaces Wizard — Transparent Bridge modeUse the Network Interfaces Wizard to change the chosen operating mode, and specify the IP addressand adapter settings for NIC 1 and NIC 2.

Specify the details for the Ethernet Bridge, then use the Next button to set details for the Spanning TreeProtocol and Bypass Device as necessary.

Option definitions — Ethernet Bridge page

Option Definition

Select all Click to select all the IP addresses.

IP Address Specifies network addresses to enable the appliance to communicate with yournetwork. You can specify multiple IP addresses for the appliance’s ports. The IPaddresses are combined into one list for both ports. The IP address at the top of a listis the primary address. Any IP addresses below it are aliases.

Use the Move links to reposition the addresses as necessary.

Network Mask Specifies the network mask, for example: 255.255.255.0. In IPv4, you can use aformat such as 255.255.255.0, or CIDR notation, such as 24. In IPv6, you must usethe prefix length, for example, 64.

Enabled When selected, the appliance accepts connections on that IP address.






Option Definition

NIC AdapterOptions


• MTU size — specifies the Maximum Transmission Unit (MTU) size. The MTU is themaximum size (expressed in bytes) of a single unit of data (for example, an EthernetFrame) that can be sent over the connection. The default value is 1500 bytes.






• Enable IPv6 auto-configuration — select this option to allow the appliance to automaticallyconfigure its IPv6 addresses and IPv6 default next-hop router, by receiving RouterAdvertisement messages sent from your IPv6 router.


Option definitions — Spanning Tree Protocol Settings page

Option Definition

Enable STP STP is enabled by default.

Bridge priority Sets the priority for the STP bridge. Lower numbers have a higher priority. Themaximum number that you can set is 65535.

Advancedparameters

Expand to set the following options. Change the settings only if you understand thepossible effects, or you have consulted an expert:

• Forwarding delay • Garbage collection interval (seconds)

• Hello interval (seconds) • Ageing time (seconds)

• Maximum age (seconds)

Option definitions — Bypass Device Settings page

Option Definition

The bypass device inherits settings from those you entered in NIC Adapter Options

.

Select bypass device Choose from two supported devices.

Watchdog timeout(seconds)




Option Definition

Heartbeat interval(seconds)

Set to monitor heartbeat by default.

Advanced parameters This option becomes active when you select a bypass device.

• Mode — choose to monitor the heartbeat or the heartbeat and the link activity.

• Link activity timeout (seconds) — becomes active when you select Monitor heartbeat andlink activity in Mode

• Enable buzzer — enabled by default.

Cluster Management pageUse this page to specify cluster management balancing requirements.

Depending on the cluster mode you selected on the Basic Settings page, the options that appear on theCluster Management page change.

Cluster Management Configuration (Standard appliance)

Do not use. Cluster management is disabled.

Cluster Management (Cluster Scanner)

Option Definition

Cluster identifier If you have more than one cluster or McAfee Content Security Blade Server on thesame subnet, assign each a different Cluster identifier to ensure the clusters do not conflict.

The allowable range is 0-255.

Cluster Management (Cluster Master)

In explicit proxy mode or transparent router mode, you can enable failover between two appliances in acluster by assigning a virtual IP address to this appliance and configuring another appliance as a ClusterFailover appliance using the same virtual address. In transparent bridge mode, this is achieved bysetting a high STP priority for this appliance and configuring another appliance as a Cluster Failoverappliance with a lower STP priority.

Option Definition

Address to use for load balancing Specifies the appliance address.

Cluster identifier If you have more than one cluster or McAfee Content Security BladeServer on the same subnet, assign each a different Cluster identifier toensure the clusters do not conflict.


Enable scanning on thisappliance (Not applicableon Content SecurityBlade Servers)

If not selected, this appliance distributes all scanning workload to thescanning appliances.

For a cluster of appliances, if you have only a master and a failoverappliance, with both configured to scan traffic, the master will send mostconnections to the failover appliance for scanning.




Cluster Management (Cluster Failover)

Option Definition

Address to use for loadbalancing

Specifies the appliance address. Provides a list of all subnets assigned tothe appliance.

Cluster identifier If you have more than one cluster or McAfee Content Security Blade Serveron the same subnet, assign each a different Cluster identifier to ensure theclusters do not conflict.





DNS and Routing pageUse this page to configure the appliance's use of DNS and routes.

Domain Name System (DNS) servers translate or "map" the names of network devices into IPaddresses (and the reverse operation). The appliance sends requests to DNS servers in the order thatthey are listed here.

DNS server addresses

Table 2-2 Option definitions — DNS Servers

Option Definition

Server Address Displays the IP addresses of the DNS servers. The first server in the list must beyour fastest or most reliable server. If the first server cannot resolve the request,the appliance contacts the second server. If no servers in the list can resolve therequest, the appliance forwards the request to the DNS root name servers on theInternet.

If your firewall prevents DNS lookup (typically on port 53), specify the IP address ofa local device that provides name resolution

New Server/ DeleteSelected Servers

Adds a new server to the list, or removes one when, for example, when you need todecommission a server due to network changes.

Only send queriesto these servers

Selected by default. McAfee recommends that you leave this option selected becauseit might speed up DNS queries as the appliance sends the queries to the specifiedDNS servers only. If they don't know the address, they go to the root DNS serverson the Internet. When they get a reply, the appliance receives it and caches theresponse so that other servers that query that DNS server can get an answer morequickly.

If you deselect this option, the appliance first tries to resolve the requests, or mightquery DNS servers outside your network.

Routing settings

Table 2-3 Option definitions — Routing

Option Definition

Network Address Type the network address of the route.

Mask Specifies how many hosts are on your network, for example, 255.255.255.0.

Gateway Specifies the IP address of the router used as the next hop out of the network. Theaddress 0.0.0.0 (IPv4), or :: (IPv6) means that the router has no default gateway.




Table 2-3 Option definitions — Routing (continued)

Option Definition

Metric Specifies the preference given to the route. A low number indicates a highpreference for that route.

New Route / DeleteSelected Routes

Add a new route to the table, ore remove routes. Use the arrows to move routesup and down the list. The routes are chosen based on their metric value.

Enable dynamicrouting

Use this option in transparent router mode only. When enabled, the appliance can:

• receive broadcast routing information received over RIP (default) that it appliesits routing table so you don't have to duplicate routing information on theappliance that is already present in the network.

• broadcast routing information if static routes have been configured through theuser interface over RIP.

Email Configuration page (Custom Setup)This information describes the options available on this page.

Initial email configuration

Option Definition

Enable protection against PotentiallyUnwanted Programs...

Click to activate protection against Potentially Unwanted Programs.Read the advice from McAfee about the effects that activating thisprotection can have.

Enable McAfee Global Threat Intelligencefeedback

Click What is this? to read about how the feedback is used, and viewthe McAfee Privacy Policy.

Scan SMTP traffic / Scan POP3 traffic Both protocols are selected by default. Deselect a protocol toprevent scanning occurring.

Option definitions — Domains for which the appliance will accept or refuse email

Use these options to define how the appliance will relay email. After you complete the Setup Wizard,you can manage the domains from Email | Email Configuration | Receiving Email

Option Definition

Domain Name/NetworkAddress/MXRecord

Displays the domain names, wildcard domain names, network addresses, and MXlookups from which the appliance will accept or refuse email.

Type • Domain name — for example, example.dom. The appliance uses this to compare therecipient's email address and compare the connection against an A record lookup.

• Network Address — for example, 192.168.0.2/32 or 192.168.0.0/24. The applianceuses this to compare the recipient's IP literal email address such asuser@[192.168.0.2], or the connection.

• MX Record Lookup — for example, example.dom. The appliance uses this to compare theconnection against an MX record lookup.

• Wildcard domain name — for example, *.example.dom. The appliance only uses thisinformation to compare the recipients email address.




Option Definition

Category • Local domain

• Permitted domain

• Denied domain

Add Domain Click to specify the domains that can relay messages through the appliance to therecipient. Choose from:

• Local domain — These are the domains or networks for which email is accepted fordelivery. For convenience, you can import a list of your local domain names using theImport Lists and Export Lists options. McAfee recommends that you add all domains ornetworks that are allowed to relay messages as local domains.

• Permitted domain — Email is accepted. Use permitted domains to manage exceptions.

• Denied domain — Email is refused. Use denied domains to manage exceptions.

Hold your mouse cursor over the field to see the recommended format.

You must set up at least one local domain.

Add MXLookup

Click to specify a domain that the appliance will use to identify all mail server IPaddresses from which it will deliver messages.

DeleteSelected Items

Remove the selected item from the table. You must apply the changes before the item iscompletely removed from the appliance configuration.

Option definitions — Domain Routing

Configure hosts that the appliance will use to route email. After you complete the Setup Wizard, youcan manage the domains from Email | Email Configuration | Sending Email.

Option Definition

Domain name /NetworkAddress / MXRecord

Displays a list of domains.

This list allows you to specify specific relays/sets of relays to be used to delivermessages destined for specific domains. Domains can be identified using exactmatches, or using pattern matches such as *.example.com.

To specify multiple relays for a single domain, separate each with a space.

If the first mail relay is accepting email, all email is delivered to the first relay. If thatrelay stops accepting email, subsequent email is delivered to the next relay in the list.



• MX Record Lookup — for example, example.dom. The appliance uses this to compare theconnection against an MX record lookup.




• Denied domain




Option Definition

Add Relay List Click to populate the Known domains and relay hosts table with a list of host names, or IPaddresses for delivery. Delivery will be attempted in the order specified unless youselect the Round-robin the above hosts option which will distribute the load between thespecified hosts.

Host names/IP addresses may include a port number.

Add MX Lookup Click to populate the Known domains and relay hosts table with an MX record lookup todetermine the IP addresses for delivery.

Delivery will be attempted to host names returned by the MX lookup in the order ofpriority given by the DNS server.

Delete SelectedItems

Remove the selected item from the table. You must apply the changes before the itemis completely removed from the appliance configuration.

Enable DNSlookup fordomains notlisted above

If selected, the appliance uses DNS to route email for other, unspecified domains. DNSdelivery attempts an MX-record lookup. If there are no MX records, it does an A-recordlookup.

If you deselect this checkbox, the appliance delivers email only to the domains that arespecified under Known domains and relay hosts.

Time Settings pageUse this page to set the time and date, and any details for the use of the Network Time Protocol (NTP).

Option Definition

Appliance TimeZone

Specifies the time zone of the appliance. You might need to set this twice each yearif your region observes daylight saving time.

Appliance Time(UTC)




Synchronizeappliance withclient



Enable NTP When selected, accepts NTP messages from a specified server or a networkbroadcast. NTP synchronizes timekeeping among devices in a network. SomeInternet Service Providers (ISPs) provide a timekeeping service. Because NTPmessages are not sent often, they do not noticeably affect the appliance'sperformance.

Enable NTP clientbroadcasts

When selected, accepts NTP messages from network broadcasts only. This method isuseful on a busy network but must trust other devices in the network.

When deselected, accepts NTP messages only from servers specified in the list.




Option Definition

NTP Server Displays the network address or a domain name of one or more NTP servers that theappliance uses. For example, time.nist.gov.

If you specify several servers, the appliance examines each NTP message in turn todetermine the correct time.

New Server Type the IP address of a new NTP Server.

Password pageUse this page to specify a password for the appliance.

For a strong password, include letters and numbers. You can type up to 15 characters.

Option Definition

User ID This is admin. You can add more users later.

Password Specifies the new password. Change the password as soon as possible to keep yourappliance secure.

You must enter the new password twice to confirm it. The original default password ispassword.

Summary pageUse this page to review a summary of the settings that you have made for the network connectionsand scanning of the email traffic.


After you click Finish, the Setup Wizard has completed.



When you first log on to the interface, type the user name, admin and the password that you gave onthe Password page.

Option Definition




Restoring from a fileUse this information to understand the purpose of restoring from a file

When configuring your device from the Setup Wizard within the user interface, using the Restore from a fileoption enables you to import previously saved configuration information and apply it to your device.After this information has been imported you can make changes before applying the configuration.

The Restore from a file option is not available from within the Configuration Console. To make use of this option,you must log into the McAfee Email Gateway and select Restore from a file from the System | Setup Wizard menu.




Once the configuration information has been imported, you are taken to the Custom Setup options withinthe Setup Wizard (see Performing a custom setup.) All imported options are shown on the wizard pages,giving you the opportunity to make any amendments before applying the configuration.

When using the Restore from a file option, the wizard includes these pages:

• Import Config

• Values to Restore

Once this information has been loaded, you are then taken to the Custom Setup pages, so that you canmake further changes before applying the new configuration:

• Email Configuration • DNS and Routing

• Basic Settings • Time Settings

• Network Settings • Password

• Cluster Management • Summary

Basic Settings page (Custom Setup)Use this page when selecting the Custom Setup wizard, to specify basic settings for the appliance.


Option Definition



• Cluster Scanner — The appliance receives its scanning workload from a master appliance.


• Cluster Failover — If the master fails, this appliance controls the scanning workloadinstead.



Default Gateway Specifies an IPv4 address, such as 198.168.10.1. You can test later that the appliancecan communicate with this server.



Cluster Management pageUse this page to specify cluster management balancing requirements.

Depending on the cluster mode you selected on the Basic Settings page, the options that appear on theCluster Management page change.







Option Definition





Option Definition








Option Definition


Specifies the appliance address. Provides a list of all subnets assigned tothe appliance.













Option Definition








Routing settings


Option Definition












Option Definition

Appliance TimeZone


Appliance Time(UTC)






Option Definition














Option Definition




Summary pageUse this page to review a summary of the settings that you have made for the network connectionsand scanning of the email traffic.









Option Definition




ePO Managed SetupUse this information to understand the purpose of the Standard Setup.

McAfee ePolicy Orchestrator enables you to manage all your McAfee software and hardware appliancesfrom a single management console.

Use the ePO Managed Setup to set up your device so that it can be managed by your ePolicyOrchestrator server.

Only minimal information is needed, as the device will get most of its configuration information fromyour ePolicy Orchestrator server.

Settings for ePO ManagementSelect ePO Managed Setup within the Setup Wizard to configure your appliance for management byMcAfee ePolicy Orchestrator.

Table 2-6 Option definitions

Option Definition

ePO Extensions Download the ePolicy Orchestrator extensions for McAfee Gateway products, includingMcAfee® Email Gateway 7.0.

The file MEGv7.0_ePOextensions.zip contains both the EWG and the MEG ePOextensions.

The EWG extension allows reporting from within ePolicy Orchestrator for the followingproducts:

• McAfee Email and Web Security appliances

• McAfee Web Gateway appliances

• McAfee Email Gateway appliances

The MEG Extension provides full ePolicy Orchestrator management for McAfee® EmailGateway 7.0.

For you to use ePolicy Orchestrator for either reporting or management, the ePOExtensions need to be installed on your ePolicy Orchestrator server.

ePO HelpExtensions

Download the ePolicy Orchestrator help extensions.

The file MEGv7.0_ePOhelpextensions.zip contains the online help information for theabove ePO Extensions.

This file installs the help extensions relating to the ePolicy Orchestrator extensions forMcAfee Email and Web Gateway and McAfee® Email Gateway 7.0 appliances onto yourePolicy Orchestrator server.

Import ePOconnectionsettings

Click to browse to the ePolicy Orchestrator connection settings file, to import theePolicy Orchestrator connection information into the appliance.




Task — Configuring the appliance to work with ePolicy Orchestrator

Use this task to set up the appliance to be managed by ePolicy Orchestrator:

1 From your McAfee Email Gateway, on Settings for ePO Management, select ePO Extensions and click Save todownload the extension file.

2 From your McAfee Email Gateway, on Settings for ePO Management, select ePO Help Extensions and click Saveto download the help extension file.

3 On your ePO server, install these extensions using Menu | Software | Extensions | Install Extensions.

4 On the ePO server, save the connections settings from Menu | Gateway Protection | Email and Web Gateway |Actions | Export Connection Settings.

5 On the McAfee Email Gateway, return to the Settings for ePO Management page in the Setup Wizard, andclick Import ePO connection settings. Browse to the ePO connections settings file.

6 Click Next to continue to the Basic Settings page in the Setup Wizard.

Basic Settings page (ePO Managed Setup)Use this page to configure the basic settings for the appliance that will be managed by ePolicyOrchestrator.


Option Definition

Cluster mode The options are:

• Off (Standard appliance)

• Cluster scanner

• Cluster Master

• Cluster failover

Device Name Specifies a name, such as appliance1.

Domain Name Specifies a name, such as domain1.com.

Default Gateway (IPv4) Specifies an IPv4 address, such as 198.168.10.1. You can test later that theappliance can communicate with this server.

Next Hop Router (IPv6) Specifies an IPv6 address, such as FD4A:A1B2:C3D4::1.


Cluster Management page (ePO Managed Setup)Use this page to specify load-balancing requirements that apply to ePO Managed appliances.


Do not use this page. Cluster management is disabled.


Use this page to specify information for a scanning appliance.

Option Definition

Cluster identifier Specifies an identifier. Range is 0-255.





Use this page to specify information for a master appliance.

Option Definition



Enable scanning on this appliance If not selected, this appliance distributes all scanning workload to thescanning appliances.


Use this page to specify information for a failover appliance.

Option Definition

Address to use for load balancing Specifies the appliance address. Provides a list of all subnets assigned tothe appliance.


Enable scanning on this appliance If not selected, this appliance distributes all scanning workload to thescanning appliances.





Option Definition











Routing settings


Option Definition












Option Definition

Appliance TimeZone


Appliance Time(UTC)














Option Definition






Option Definition




Summary — ePO Managed SetupUse this page when using the ePO Managed Setup Wizard, to review a summary of the settings thatyou have made for the network connections and scanning of the network traffic, clustering status, andthe scanning settings that ePolicy Orchestrator will manage for the appliance.


After you click Finish, the setup wizard has completed.

Use the IP address shown here to access the interface. For example https://192.168.200.10. Notethat the address begins with https, not http.

When you first log onto the interface, type the user name, admin and the password that you gave tothis setup wizard.

The appliance is now managed by ePolicy Orchestrator. Log onto the ePO server to manage your appliance.


Option Definition




Encryption Only SetupUse this information to understand the purpose of the Encryption Only setup options.

For small-to-medium sized organizations, it is often sufficient to use the same McAfee Email Gatewayto carry out your email scanning tasks and also your email encryption tasks.




However, if you are part of a larger organization, or you work in an industry that requires that all, or ahigh percentage, of your email messages must be delivered in a secure way, then you may want toconfigure one or more of your McAfee Email Gateway appliances as stand-alone Encryption-only servers.

In this situation, the Encryption Only Setup options within the Setup Wizard provide you with the relevantsettings needed for Encryption only use.

For the Encryption Only Setup, the wizard includes these pages:

Email Configuration page (Encryption Only Setup)Define how the appliance will relay email and configure the hosts that the appliance will use to routeemail.

Domains for which the appliance will accept or refuse email

After you complete the Setup Wizard, you can manage the domains from Email | Email Configuration |Receiving Email .


Option Definition

Domain Name /NetworkAddress / MXRecord

Displays the domain names, wildcard domain names, network addresses, and MXlookups from which the appliance will accept or refuse email.


• Network Address — for example, 192.168.0.2/32 or 192.168.0.0/24. The appliance usesthis to compare the recipient's IP literal email address such as user@[192.168.0.2],or the connection.

• MX Record Lookup — for example, example.dom. The appliance uses this to comparethe connection against an MX record lookup.




• Denied domain

Add Domain Click to specify the domains that can relay messages through the appliance to therecipient. Choose from:

• Local domain — These are the domains or networks for which email is accepted fordelivery. For convenience, you can import a list of your local domain names usingthe Import Lists and Export Lists options. McAfee recommends that you add all domainsor networks that are allowed to relay messages as local domains.

• Permitted domain — Email is accepted. Use permitted domains to manage exceptions.

• Denied domain — Email is refused. Use denied domains to manage exceptions.

Hold your mouse cursor over the field to see the recommended format.

You must set up at least one local domain.




Table 2-11 Option definitions (continued)

Option Definition

Add MX Lookup Click to specify a domain that the appliance will use to identify all mail server IPaddresses from which it will deliver messages.


Remove the selected item from the table. You must apply the changes before the itemis completely removed from the appliance configuration.

Domain Routing

After you complete the Setup Wizard, you can manage the domains from Email | Email Configuration |Sending Email .


Option Definition

Domain Displays a list of domains.



• MX Record Lookup — for example, example.dom. The appliance uses this to comparethe connection against an MX record lookup.


Relay List/MXRecord

Add Relay List Click to populate the Known domains and relay hosts table with a list of hostnames, or IP addresses for delivery. Delivery will be attempted in the order specifiedunless you select the Round-robin the above hosts option which will distribute theload between the specified hosts.

Host names/IP addresses may include a port number.

Add MX Lookup Click to populate the Known domains and relay hosts table with an MX recordlookup to determine the IP addresses for delivery.

Delivery will be attempted to host names returned by the MX lookup in the order ofpriority given by the DNS server.


Remove the selected item from the table. You must apply the changes before theitem is completely removed from the appliance configuration.

Enable DNSlookup fordomains notlisted above.

If selected, the appliance uses DNS to route email for other, unspecified domains.DNS delivery attempts an MX-record lookup. If there are no MX records, it does anA-record lookup.

If you deselect this checkbox, the appliance delivers email only to the domains thatare specified under

Known domains and relay hosts

.




Basic Settings page (Encryption Only Setup) Use this page when selecting the Encryption Only Setup Wizard, to specify basic settings for theappliance.


Option Definition



• Cluster Scanner — The appliance receives its scanning workload from a masterappliance.


• Cluster Failover — If the master fails, this appliance controls the scanningworkload instead.



Default Gateway Specifies an IPv4 address, such as 198.168.10.1. You can test later that theappliance can communicate with this server.



Select management port Specifies the port that manages the gateway. By default, McAfee Email Gatewayuses port 10443.

Network Settings page (Encryption Only Setup)Use these options to view and configure the IP address and network speeds for McAfee Email Gatewayas an encryption only appliance. You can use IPv4 and IPv6 addresses, separately or in combination.

To prevent duplication of IP addresses on your network and to deter hackers, give the appliance newIP addresses, and disable the default IP addresses. The IP addresses must be unique and suitable foryour network. Specify as many IP addresses as you need.


Option Definition

<mode> The operating mode that you set during installation or in the Setup Wizard.



Change Network Settings Click to open the Network Interface Wizard to specify the IP address andadapter settings for NIC 1 and NIC 2, and change the chosen operating mode.

View Network InterfaceLayout

Click to see the <?> associated with LAN1, LAN2, and the out of band interface.

Cluster Management page (Encryption Only Setup)Use cluster management to specify load balancing requirements.

Depending on the cluster mode you selected on the Basic Settings page, the options that appear onthe Cluster Management page change.








Option Definition






Option Definition

Address to use for load balancing Specifies the appliance address



Enable scanning on this appliance(Not applicable on ContentSecurity Blade Servers)


For a cluster of appliances, if you have only a master and a failoverappliance, with both configured to scan traffic, the master will sendmost connections to the failover appliance for scanning.



Option Definition


Specifies the appliance address. Provides a list of all subnets assigned tothe appliance. Provides a list of all subnets assigned to the appliance.









DNS and Routing page (Encryption Only Setup)Use this page to configure the appliance's use of DNS and routes.




Option Definition

Server Address Displays the IP addresses of the DNS servers. The first server in the list must be yourfastest or most reliable server. If the first server cannot resolve the request, theappliance contacts the second server. If no servers in the list can resolve the request,the appliance forwards the request to the DNS root name servers on the Internet.

If your firewall prevents DNS lookup (typically on port 53), specify the IP address of alocal device that provides name resolution

New Server /Delete SelectedServers



Selected by default. McAfee recommends that you leave this option selected becauseit might speed up DNS queries as the appliance sends the queries to the specifiedDNS servers only. If they don't know the address, they go to the root DNS servers onthe Internet. When they get a reply, the appliance receives it and caches theresponse so that other servers that query that DNS server can get an answer morequickly.


Routing settings


Option Definition






Add a new route to the table, or remove routes. Use the arrows to move routes upand down the list. The routes are chosen based on their metric value.



• receive broadcast routing information received over RIP (default) that it applies itsrouting table so you don't have to duplicate routing information on the appliancethat is already present in the network.






Option Definition

Appliance TimeZone


Appliance Time(UTC)














Password page (Encryption Only Setup)Specify a password for the appliance.



Option Definition


Current Password The existing password. The original default password is password. Changethe password as soon as possible to keep your appliance secure.

New Password / Confirm NewPassword

Specifies the new password.

You must enter the new password twice to confirm it.




Summary page (Encryption Only Setup)Review a summary of the settings that you have made for the network connections and scanning ofthe email traffic.



Use the IP address shown on this page to access the interface. For example https://192.168.200.10:10443.




Option Definition







3 A tour of the Dashboard

This section describes the Dashboard page, and how to edit its preferences.

DashboardThe Dashboard provides a summary of the activity of the appliance.

Dashboard

Use this page to access most of the pages that control the appliance. On a cluster master appliance,use this page also to see a summary of activity on the cluster of appliances.

Benefits of using the DashboardThis topic discusses the benefits of using the Dashboard within the user interface of your Email Gateway.

The Dashboard provides a single location for you to view summaries of the activities of the appliancethrough a series of portlets.

Some portlets display graphs that show appliance activity over the following periods of time:

3



• 1 hour • 2 weeks

• 1 day (the default) • 4 weeks

• 1 week

Within the Dashboard, you can make some changes to the information and graphs displayed:

•Expand and collapse the portlet data using the and icons in the portlet's top right-hand corner

• Drill down to specific data using the and icons

• See a status indicator that shows whether the item needs attention:

• — Healthy. The reported items is functioning normally

• — Requires Immediate Attention. A critical threshold has been exceeded

• — Disabled. A service is not enabled

•Use and to zoom in and zoom out of a timeline of information. There is a short delaywhile the view is updated. By default, the dashboard shows data relating to the previous one day.

• Move a portlet to another location on the Dashboard.

• Threshold

Dashboard portletsThis topic describes in detail the portlets found on the dashboard in the user interface of your EmailGateway.

Some portlets display graphs that show appliance activity over time. Although you can deselect aprotocol after clicking Edit, the appliance continues to monitor that traffic

Option Definition

Appliance Status

Inbound MailSummary

Summarizes the data recorded in the Detections portlets. Displays the total numberof inbound messages that were delivered, blocked, bounced or queued. You canfurther disseminate the data by sender/connection, recipient, and content.Additionally, reports on the number of quarantined items. To visit the pages thatmanage the queues, click the blue links. Click Search to go to the Message Search page tolocate specific messages.

Tasks Displays a list of common tasks that link directly to the configuration page in theappliance.

Cluster On a master cluster appliance, displays the state of the cluster of appliances. Tochange the settings of the meter, click Edit

Outbound MailSummary

Summarizes the data recorded in the Detections portlets. Displays the total numberof outbound messages that were delivered, blocked, bounced or queued. You canfurther disseminate the data by sender/connection, recipient, and content.Additionally, reports on the number of quarantined items. To visit the pages thatmanage the queues, click the blue links. Click Search to go to the Message Search page tolocate specific messages.

SMTP Detectionsand POP3Detections

Displays the number of detections under each protocol. Although you can choose notto display information about a protocol, the appliance continues to scan that traffic

3 A tour of the DashboardDashboard



Option Definition

Network Summary Displays the number of connections under each protocol.

Services Displays the status of important components and lets you change the settings ofrecommended system configuration changes:

• For Updates, a green checkmark indicates that the components will update itselfautomatically. To make a manual update, click the blue link

• For other components, a green checkmark indicates that the component isoperating within acceptable limits. For more information, click the blue links

• To adjust the levels at which the warning and alert icons appear, and to changewhat the recommended configuration changes dialog box displays, click Edit

System Summary

HardwareSummary

Some data is displayed in graph format that show appliance activity over time.

A tour of the DashboardDashboard 3



3 A tour of the DashboardDashboard



4 Testing the configuration

This information describes how to test that the appliance is functioning correctly after installation.

Contents

Task — Test connectivity Task — Update the DAT files Task — Test mail traffic and virus detection Task — Testing spam detection

Task — Test connectivityUse this task to confirm basic connectivity. The McAfee Email Gateway Virtual Appliance 7.0 checksthat it can communicate with the gateway, update servers and DNS servers. It also confirms that theappliance name and domain name are valid.

Task

1 From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from theTasks area.

2 Select the Tests tab.

3 Click Start Tests.

Each test should return positively.

Task — Update the DAT filesUse this task to ensure that the McAfee Email Gateway Virtual Appliance 7.0 has the most up-to-datedetection definition (DAT) files. We recommend updating them before you configure the scanningoptions.

As you progress using the virtual appliance, you can choose to update individual types of definition fileand change the default scheduled updates to suit your requirements.

Task

1 Open the Updates page using one of these methods:

• From the Services area of the Dashboard, select Updates.

• Select System | System | Update Status.

4



2 To update all DAT files, click Update Now.

3 To ensure the virtual appliance has the most up-to-date software patch installed, go to the productDashboard, select Updates, and click Update Now.

Task — Test mail traffic and virus detectionUse this task to test that mail traffic is passing successfully through the McAfee Email Gateway VirtualAppliance 7.0 and that threats are correctly identified. We use the EICAR test file, a harmless file thattriggers a virus detection.

Task

1 Send an email message from an outside email account (such as Hotmail) to an internal mailboxand confirm that it arrived.

2 On the Dashboard, look at the Detections areas. The listing for the protocol you used to send themessage should show that a message was received.

3 Copy the following line into a file, making sure you do not include any spaces or line breaks:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

4 Save the file with the name EICAR.COM.

5 From an external email account (SMTP client), create a message that contains the EICAR.COM fileas an attachment and send the message to an internal mailbox.

6 Return to the Dashboard and look at the Detections areas. You should see that a virus was detected.

7 Delete the message when you finish testing your installation, to avoid alarming unsuspecting users.

Task — Testing spam detectionUse this task to run a General Test mail for Unsolicited Bulk Email (GTUBE) to verify that the McAfeeEmail Gateway is detecting incoming spam.

Task

1 From an external email account (SMTP client), create a new email message.

2 In the body of the message, copy the following text:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Make sure that you type this line with no line breaks.

3 Send the new email message to an internal mailbox address.

The device scans the message, recognizes it as a junk email message, and deals with itaccordingly. The GTUBE overrides blacklists and whitelists.

For more information about the GTUBE, visit http://spamassassin.apache.org/tests.html.

4 Testing the configurationTask — Test mail traffic and virus detection



http://spamassassin.apache.org/tests.html

5 Exploring the appliance features

This information contains tasks to demonstrate the McAfee Email Gateway Virtual Appliance 7.0scanning features in action. It provides step-by-step instructions to create and test some samplepolicies and tells you how to generate applicable reports.

Introduction to policiesThe appliance uses policies which describe the actions that the appliance must take against threatssuch as viruses, spam, unwanted files, and the loss of confidential information.

Email | Email Policies

Policies are collections of rules or settings that can be applied to specific types of traffic or to groups ofusers.

EncryptionThe Encryption pages enable you to set up McAfee Email Gateway to use the supported encryptionmethods to securely deliver your email messages.

Email | Encryption

The McAfee Email Gateway includes several encryption methodologies, and can be set up to provideencryption services to the other scanning features, or can be set up as an encryption-only server usedjust to encrypt email messages.

Task — Encrypt all email traffic to a specific customerA common use of the encryption features is to configure a policy to use encryption for email messagesgoing to a specific customer.

This group of tasks show how to configure your McAfee Email Gateway so that all email messagesbeing sent to s specific customer are sent using encryption.

Task — Create a new scanning policyUse this task to learn how to create a new scanning policy.

Your appliance uses the policies you create to scan the email messages sent through the appliance.You can create multiple policies to control the way different users use email, or to specify differentactions based on specific circumstances.

5



Task

1 Click Email | Email Policies | Scanning Policies.

2 Select the required protocol using steps in Task — View policies for the SMTP or POP3 protocols.

3 Click Add policy...

4 In the Scanning Policies — New Policy page, enter the following information:

a A name for the policy.

b An optional description for the new policy.

c Where the new policy inherits its settings from.

If you have a similar policy already set up, select this to allow its settings to be inherited by thenew policy.

d Choose if the policy is to apply to inbound or outbound email traffic. (SMTP only)

e Select the required Match logic for the policy.

f Select the type of rule, how it should match and the value that the rule tests against.

g If required, add additional rules, and use the and buttons to correctly order the rules.

5 Click OK.

The new policy is added to the top of the list of policies.

Task — Configure the encryption settingsConfigure your McAfee Email Gateway to use encryption.

Task

1 Click Email | Encryption | Secure Web Mail | Basic Settings.

2 Select Enable the Secure Web Mail Client.

3 Click Email | Encryption | Secure Web Mail | User Account Settings.

Recipients are automatically enrolled, and receive a digitally signed notification in HTML format. Theadministrator chooses whether to do push and/or pull encryption.

4 Click Email | Encryption | Secure Web Mail | Password Management.

The minimum password length is eight characters. The password expires after 365 days.

Task — Enable encryption within your email policyEnable the required encryption features on your McAfee Email Gateway.

Task

1 Click Email | Email Policies | Compliance

2 Click Enable compliance, and select Create new rule from template.

3 Search for the HIPAA Compliance rule and select it.

4 Click Next to progress through the wizard.

5 Exploring the appliance featuresIntroduction to policies



5 Select the primary action to Allow Through (Monitor).

6 In And also, select Deliver message using encryption.

7 Click Finish, and click OK to close the dialog box.

8 Click Email | Email Policies | Policy Options | Encryption.

9 In When to Encrypt, select Only when triggered from a scanner action.

10 In On-box Encryption Options, select Secure Web Mail, and click OK.

11 Apply the changes.

Task — Identify quarantined email messagesUse this task to discover which email messages have been quarantined by your McAfee Email GatewayAppliance.

To view a list of all messages that have been quarantined:

Task

1 Click Reports | Message Search.

2 Select Quarantined from the Message status drop-down list.

3 Click Search/Refresh.

All messages that have been quarantined are displayed in the lower part of the page.

Task — Refine the searchYou can further refine your search for quarantined email messages to show only those that have beenquarantined due to specific triggers. In this example, to find those email messages quarantined due tocompliancy issues:

Task

1 Complete the steps in Task — Find out which email messages are quarantined.

2 Select Compliancy from the Category drop-down list.

3 Click Search/Refresh.

The lower part of the screen is refreshed to show only the messages that have been quarantined dueto compliancy issues.

Task — View a specific email messageYou can view the content of a quarantined email message.

Task

1 Complete the steps in Task — Refine the search.

2 Select the relevant quarantined message using the check-box to the left of the page.

3 Click View Message.

The selected message is displayed in a new window. From this window, you can view the content ofthe email message. You can also choose to view the detailed email header information. Once you haveviewed the message, by clicking the relevant buttons, you can choose further actions to perform onthe email message.

Exploring the appliance featuresIntroduction to policies 5



Task — Release a quarantined email messageAfter viewing the email message that has been quarantined, you may want to release the messagefrom Quarantine. This task allows you to do this.

To release a selected message from quarantine:

Task

1 Complete the steps in Task — View a specific email message.

2 Click Release Selected.

The selected email message is released from quarantine.

Email messages that contain viral content cannot be released from quarantine, as to do so would riskcausing damage to your systems.

Compliance Settings Use this page to create and manage compliancy rules.

Email | Email Policies | Compliance | Compliance

Benefits of the compliance settings

Use compliance scanning to assist with conformance to regulatory compliance and corporate operatingcompliance. You can choose from a library of predefined compliance rules, or create your own rulesand dictionaries specific to your organization.

Compliance rules can vary in complexity from a straightforward trigger when an individual term withina dictionary is detected, to building on and combining score-based dictionaries which will only triggerwhen a certain threshold is reached. Using the advanced features of compliance rules, dictionaries canbe combined using logical operations of any of, all of, or except.

Task — Restrict the score contribution of a dictionary termUse this task to restrict the score contribution of a dictionary term.

Before you begin

This task assumes that your rule includes a dictionary which triggers the action based on athreshold score, such as the Compensation and Benefits dictionary.

You can restrict how many times a term can contribute to the overall score.

For example, if ’testterm’ within a dictionary has a score of 10 and is seen five times within an email,it will add 50 to the overall score. Alternatively you can restrict this, for example to contribute onlytwice by setting ‘Maximum term count’ to 2.

Task

1 Select Email | Email Policies | Compliance.

2 Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose scoreyou want to change.

3 In Maximum term count, type the maximum number of times that you want a term to contribute to thescore.




Task — Edit the threshold associated with an existing ruleUse this task to edit the threshold associated with an existing rule.

Before you begin

This task assumes that your rule includes a dictionary which triggers the action based on athreshold, such as the Compensation and Benefits dictionary.

Task


2 Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose scoreyou want to change.

3 In dictionary threshold, type the score on which you want the rule to trigger, and click OK.

Task — Create a rule to monitor or block at a thresholdFor score-based dictionaries you might want to monitor triggers that reach a low threshold, and onlyblock the email when a high threshold is achieved.

Task


2 Click Create new rule, type a name for it such as Discontent - Low, and click Next.

3 Select the Discontent dictionary, and in Threshold, type 20.

4 Click Next, and Next again.

5 In If the compliance rule is triggered, accept the default action.

6 Click Finish.

7 Repeat steps 2 through 4 to create another new rule but name it Discontent - High and assign ita threshold of 40.

8 In If the compliance rule is triggered, select Deny connection (Block).

9 Click Finish.

10 Click OK and apply the changes.

Task — Add a dictionary to a ruleUse this task to add a new dictionary to an existing rule.

Task


2 Expand the rule that you want to edit.

3 Select Add dictionaries.

4 Select the new dictionary that you want to include, and click OK.

Task — Create a complex custom ruleUse this task to create a complex rule that triggers when both Dictionary A and Dictionary B aredetected, except when Dictionary C is also detected.




Task

1 Select Email | Email Policies | Scanning Policies and select Compliance.

2 On the Default Compliance Settings dialog box, click Yes to enable the policy.

3 Click Create new rule to open the Rule Creation Wizard.

4 Type a name for the rule, and click Next.

5 Select two dictionaries to include in the rule, and click Next.

6 Select a dictionary that you want to exclude from the rule in the exclusion list.

7 Select the action that you want to take place if the rule triggers.

8 From the And conditionally drop down box, select All, and click Finish.

Task — Create a simple custom ruleUse this task to create a simple custom rule that blocks messages that contain social security numbers.

Task



3 Click Create new rule to open the Rule Creation Wizard.

4 Type a name for the rule, and click Next.

5 In the Search field, type social.

6 Select the Social Security Number dictionary, and click Next twice.

7 Select the Deny connection (Block) action, and click Finish.

Task — Block messages that violate a policyUse this to task to block messages that violate a threatening language policy.

Task



3 Click Create new rule from template to open the Rule Creation Wizard.

4 Select the Acceptable Use - Threatening Language policy, and click Next.

5 Optionally change the name of the rule, and click Next.

6 Change the primary action to Deny connection (Block), and click Finish.

7 Click OK and apply the changes.




Data Loss Prevention settings Use this page to create a policy that assigns data loss prevention actions against the registereddocument categories.

Email | Email Policies | Compliance | Data Loss Prevention

Benefits of using Data Loss Prevention (DLP)You can choose to restrict the flow of sensitive information sent in email messages by SMTP throughthe appliance using the Data Loss Prevention feature. For example, by blocking the transmission of asensitive document such as a financial report that is to be sent outside of your organization. Detectionoccurs whether the original document is sent as an email attachment, or even as just a section of texttaken from the original document.

Configuring DLP takes place in two phases:

• Registering the documents that you want to protect.

• Setting the DLP policy to action, and control the detection (this topic)

If an uploaded registered document contains embedded documents, their content is also fingerprintedso the combined content is used when calculating the percentage match at scan time. To haveembedded documents treated individually, they must be registered separately.

Task — Prevent a sensitive document from being leakedUse this task to block sensitive financial documents from being sent outside your organization.

Before you begin

This example assumes that you have already created a Finance category.

Task

1 Select Email | Email Policies | Compliance | Data Loss Prevention.

2 On the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.

3 Click Create new rule, select the Finance category, and click OK to have the category appear in theRules list.

4 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.

5 Click OK again, and apply the changes.

Task — Block a section of the documentUse this task to block just a small section of the document from being sent outside your organization.

Task



3 Enable the consecutive signatures setting, and type the number of consecutive signatures againstwhich the DLP policy will trigger a detection. The level is set to 10 by default.




4 Click Create new rule, select the Finance category, and click OK to have the category appear in theRules list.

5 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.


Task — Exclude a specific document for a policyUse this task to prevent a specific financial document from triggering the DLP policy settings.

Task



3 Click Create document exclusion, select the document you want to ignore for this policy, and click OK.





Index

A

about this guide 5

B

Basic SettingsCustom Setup Wizard 26, 37

Encryption Only Wizard 48

benefits of data loss prevention 65

benefits of DLP 65

C

cluster configurationstatistics 53

summary 45

virtual network address 26

Cluster ManagementePO Managed Setup 42

Setup Wizard 31, 37

Cluster ModeSetup Wizard 26, 37

compliance 62

Compliancebenefits of 62

scanning for 62

configuration change messages 53

conventions and icons used in this guide 5

D

Dashboard 53

data loss preventionbenefits 65

data loss prevention (DLP) 65

detectionsrates and statistics 53

dictionariesadding to policies 62

editing scores and terms 62

DLPbenefits 65

DLP (data loss prevention) 65

documentationaudience for this guide 5product-specific, finding 7

documentation (continued)typographical conventions and icons 5

E

email policiescompliance 62

email queues 53

email status 53

encryption 59

Encryption OnlySetup Wizard 48

ePO Managed SetupCluster Management 42

ePO Managed Setup Wizardcluster summary 45

ePO Management setup 41

ePolicy Orchestratorsetup 23

G

graphsemail and network statistics 53

I

installationinstalling ePO extensions 41

installation optionssetup wizard 23

L

least used 31, 37

M

McAfee Global Threat Intelligence 53

McAfee ServicePortal, accessing 7

N

network status 53



O

operating modesoptions 23

P

policiesintroduction to 59

status 53

S

Scanningfor compliance 62

ServicePortal, finding product documentation 7setup options

custom and standard 23

encryption only 23

ePO 23

restore from a file 23

Setup Wizardinstallation options 23

Setup Wizard (continued)Basic Settings (Custom) 26, 37

Basic Settings (Encryption Only) 48

Cluster Management 31, 37

Cluster Mode 26, 37

Encryption Only 48

statisticsDashboard 53

T

Technical Support, finding product information 7threat feedback 53

W

warning messagesDashboard 53

web policiescompliance 62

Index



700-3349A0000


Documents

McAfee Email Gateway version 7.0 Appliances Installation Guideb2b-download.mcafee.com/products/naibeta-download/... · Considerations about network modes Deployment strategies for