McAfee Email and Web Security Appliance 5.1, Installation Manual

Page 1: ...McAfee Email and Web Security Appliance 5 1 Installation Guide...

Page 2: ...is distinctive of McAfee brand products All other registered and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USE...

Page 3: ...r Using the Appliance in a DMZ 15 SMTP configuration in a DMZ 15 Connecting and Configuring the Appliance 18 Installation quick reference table 18 Ports and Connections 19 3000 3100 panel layout 19 32...

Page 4: ...37 Further report information 37 Using policies to manage message scanning 38 Creating an anti virus scanning policy 38 Creating an anti spam scanning policy 39 Creating an email compliance policy 40...

Page 5: ...Anti spam 48 Getting more help the links bar 50 5 McAfee Email and Web Security Appliance 5 1 Installation Guide Contents...

Page 6: ...d the appliance features and functions Plan and perform the appliance installation and deployment Begin to use the appliance Test the appliance in a laboratory environment optional You can find additi...

Page 7: ...irewall Switch Network Network zone DMZ or VLAN Perceived data path Actual data path Documentation This Installation Guide is included with your appliance Additional information is available in the on...

Page 8: ...from any protective packaging and place it on a flat surface Observe all provided safety warnings CAUTION Review and be familiar with all safety information provided Contents What s in the box Plan th...

Page 9: ...cannot handle all types of traffic If you use explicit proxy mode only protocols that are to be scanned should be sent to the appliance Operating conditions 10 to 35 C 50 to 95 F Temperature 20 to 80...

Page 10: ...liance That is if the appliance is operating in one of the transparent modes How the appliance physically connects to your network The configuration needed to incorporate the appliance into your netwo...

Page 11: ...arent bridge mode requires less configuration than transparent router and explicit proxy modes You do not need to reconfigure all your clients default gateway MX records Firewall NAT or mail servers t...

Page 12: ...e on a different network The appliance acts as a router routing the traffic between networks based on the information held in its routing tables Configuration Using transparent router mode you do not...

Page 13: ...licitly to send traffic to the appliance The appliance then works as a proxy or relay processing traffic on behalf of the devices Explicit proxy mode is best suited to networks where client devices co...

Page 14: ...xplicit proxy mode invalidates any firewall rules set up for client access to the Internet The firewall sees only the IP address information for the appliance not the IP addresses of the clients so th...

Page 15: ...t provide services to the Internet such as email Hackers often gain access to networks by identifying the TCP UDP ports on which applications are listening for requests then exploiting known vulnerabi...

Page 16: ...the mail messages As a result some companies do not allow such traffic on their internal network To overcome this they often use a proprietary mail gateway such as Lotus Notes or Microsoft Exchange t...

Page 17: ...sts originating from an internal Notes server and destined for the Notes gateway SMTP requests originating from the appliance and destined for the Internet All other SMTP and TCP port 1352 requests ar...

Page 18: ...work traffic is being scanned 11 Configure policies and reporting 12 Route production traffic through the appliance CAUTION Connecting the appliance to your network can disrupt Internet access or othe...

Page 19: ...ppliance 12 Testing the appliance Test that the network traffic is being scanned 13 Using policies to manage message scanning Configure policies and reporting 14 Configuring the appliance using the Se...

Page 20: ...drive is in use Power and LED Turns the appliance on and off Lights green when the appliance is operational Flashes green whenthe appliance is in standby mode It is receiving power through the power s...

Page 21: ...ned or 10 Mbps or 100 Mbps Ethernet Each LAN port has built in LEDs Lights green when the port has a good link to the attached Ethernet Flashes amber when the port detects activity on the attached Eth...

Page 22: ...10 1 1 108 for that port You connected fiber cables to the fiber LAN1 and LAN2 ports and now want to enable these ports Transparent Router and Transparent Bridge modes The LAN2 port is used with LAN1...

Page 23: ...9 inch rack perform the steps in Mounting the appliance in a rack 3 Connect a monitor and keyboard to the appliance 4 Connect power leads to the monitor and the appliance but do not connect to the pow...

Page 24: ...rossed RJ 45 network switch In explicit proxy mode the unused switch connection can be used as a dedicated management port To manage the appliance locally use a crossover Cat 5e Ethernet cable to conn...

Page 25: ...th the appliance switched on insert the CD into the CD ROM drive 5 Re boot the appliance The software is installed on the appliance Using the Configuration Console The Configuration Console enables yo...

Page 26: ...ou made when you used the Configuration Console Logging on to the Setup Wizard Welcome page Performing a standard installation Performing a custom setup Logging on to the Setup Wizard Use this task to...

Page 27: ...col Configuration Connection Settings SMTP McAfee Anti Spyware protects your network from many types of potentially unwanted software such as spyware adware remote administration tools dialers and pas...

Page 28: ...ion User ID Specifies the new password Change the password as soon as possible to keep yourappliance secure You must type the new password twice to confirm it The original default password is scmchang...

Page 29: ...ver Gateway IP Offers a choice of mode Operating mode In Transparent Route or Transparent Bridge mode other network devices such as mail servers are unaware that the appliance has intercepted and scan...

Page 30: ...appliance forwards the request to the DNS root name servers on the Internet If your firewall prevents DNS lookup typically on port 53 specify the IP address of a local device that provides name resol...

Page 31: ...ot noticeably affect the appliances performance Option definitions Definition Option Specifies your local time zone You might need to set this twice each year if your region observes daylight saving t...

Page 32: ...the user name scmadmin and the password that you gave to this setup wizard Option definitions Definition Option The value is set according to best practice The value is probably not correct Although t...

Page 33: ...troducing the user interface To start the user interface on the appliance you must log on using the username and password The user interface opens on the Dashboard page NOTE The interface you see migh...

Page 34: ...esources Help information Similar to clicking Show Quick Help in the navigation pane Help Topics Section icons There are five or six section icons depending on the software that you are using Click an...

Page 35: ...virus installations Task 1 Copy the following line into a file making sure you do not include any spaces or line breaks X5O P AP 4 PZX54 P 7CC 7 EICAR STANDARD ANTIVIRUS TEST FILE H H 2 Save the file...

Page 36: ...message to an internal mailbox address The Anti Spam Module scans the message recognizes it as a junk email message and deals with it accordingly The GTUBE overrides blacklists and whitelists For more...

Page 37: ...lect Anti Virus Engine detections then click Next The log shows the EICAR test file that you detected Task Use this task to update the appliance s DAT files and to then view the the update report NOTE...

Page 38: ...l email Notify the recipient Alert the sender Task Use this task to demonstrate what happens when a mass mailer virus rule is triggered by the EICAR test file and actions that can be taken 1 On the ap...

Page 39: ...connections list To the sending server it appears that the server is not online The appliance checks the message as it enters your mail gateway and identifies that it contains a virus It quarantines...

Page 40: ...lick OK 5 Create an email on the server from example server email address to example client email address Include the line Hi You are scheduled for an X Ray later this week which may give more indicat...

Page 41: ...have increased 17 Click the Quarantined messages link to display information on these messages 18 Using the recipient s email account open McAfee Quarantine Manager User interface and select Unwanted...

Page 42: ...iance is switched on and its software is running If the power button LED is orange the appliance is connected but is not turned on If the power LED is green the appliance is connected and turned on Th...

Page 43: ...ormance The defaults provide guidance about the correct value to use Interface problems This section contains solutions to problems you might encounter when trying to configure the appliance through i...

Page 44: ...he default is 10 1 2 108 in the URL field of your web browser The appliance has a working connection to your computer indicated by the NIC 2 network activity LED flashing on the control panel If the L...

Page 45: ...or valid recipients during the SMTP conversation and then send a non delivery report Several email servers do not send User unknown errors as part of the SMTP configuration These include but might not...

Page 46: ...mail message in Outlook select View Options Internet Headers If the appliance is in the mail path you see a header of the form Received from sender by server_name via ws_smtp with sender and server_na...

Page 47: ...tion discusses physical configuration issues I connected the appliance to the network but I cannot connect to it with my browser In explicit proxy mode make sure you have connected the LAN1 adapter to...

Page 48: ...d DAT version number In the navigation pane select Monitor System Status then General Status Alternatively select Monitor Updates The DAT files are downloaded checked and applied The appliance does no...

Page 49: ...ecting and preventing spam ensure that the appliance is using the latest versions of the anti spam engine anti spam rules and extra rules files as well as using all the features that can block unwante...

Page 50: ...ssages for spam requires appliance resources and affects SMTP performance Users are complaining that their mailboxes are full If users automatically divert spam to a spam folder in the mailbox their m...