McAfee Email and Web Security Appliance 5.5, Installation Manual

Page 1: ...McAfee Email and Web Security Appliance 5 5 Installation Guide...

Page 2: ...is distinctive of McAfee brand products All other registered and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USE...

Page 3: ...12 Transparent bridge mode 13 Transparent router mode 14 Explicit proxy mode 15 Deployment Strategies for Using the device in a DMZ 17 SMTP configuration in a DMZ 18 Workload management 20 Connecting...

Page 4: ...tallation 42 Exploring the appliance 43 Generating reports 43 Using policies to manage message scanning 43 Creating an anti virus scanning policy 44 Creating an anti spam scanning policy 45 Creating a...

Page 5: ...System maintenance 54 Anti virus automatic updating 54 Anti spam 55 Getting more help the links bar 57 5 McAfee Email and Web Security Appliance 5 5 Installation Guide Contents...

Page 6: ...This guide helps you to Plan and perform your installation Become familiar with the interface Test that the product functions correctly Apply the latest detection definition files Explore some scannin...

Page 7: ...router mode operational mode A collection of security criteria such as configuration settings benchmarks and network access specifications policy that defines the level of compliance required for user...

Page 8: ...s This information describes where to get more information and assistance McAfee KnowledgeBase Go to https mysupport mcafee com eservice Default aspx McAfee products and click Search the KnowledgeBase...

Page 9: ...POP3 FTP HTTP and ICAP maintenance and monitoring Introducing McAfee Email and Web Security Appliances Available resources 9 McAfee Email and Web Security Appliance 5 5 Installation Guide...

Page 10: ...Observe all provided safety warnings CAUTION Review and be familiar with all provided safety information Contents What s in the box Plan the installation Inappropriate use Operating conditions Positio...

Page 11: ...e device cannot handle all types of traffic If you use explicit proxy mode only protocols that are to be scanned should be sent to the device Pre installation Operating conditions 10 to 35 C 50 to 95...

Page 12: ...arding the network modes are Whether communicating devices are aware of the existence of the device That is if the device is operating in one of the transparent modes How the device physically connect...

Page 13: ...parent bridge mode requires less configuration than transparent router and explicit proxy modes You do not need to reconfigure all your clients default gateway MX records Firewall NAT or mail servers...

Page 14: ...e LAN1 and LAN2 ports The device scans the traffic it receives on one network and forwards it to the next network device on a different network The device acts as a router routing the traffic between...

Page 15: ...ur client devices to point to the default gateway Configure the device to use the Internet gateway as its default gateway Ensure your client devices can deliver email messages to the mail servers with...

Page 16: ...mmunicate directly with the device although traffic might pass through several network servers before reaching the device The perceived path is from the external mail server to the device Protocols To...

Page 17: ...st Ensure that your client devices can deliver email messages to the mail servers within your organization Ensure that your firewall rules are updated The firewall must accept traffic from the device...

Page 18: ...scans every message twice once in each direction For this reason explicit proxy mode is usually used for SMTP scanning Mail relay Figure 7 Device in explicit proxy configuration in a DMZ If you have...

Page 19: ...ffic to the firewall rather than the mail gateway itself In this case the firewall must instead be reconfigured to direct inbound mail requests to the device Firewall rules specific to Lotus Notes By...

Page 20: ...comprehensive explanation but we do not recommend it The RPC protocol is widespread on Microsoft networks opening TCP 135 inbound is a red flag to most security professionals If you intend to use thi...

Page 21: ...est that the network traffic is being scanned 11 Configure policies and reporting 12 Route production traffic through the appliance CAUTION Connecting the appliance to your network can disrupt Interne...

Page 22: ...Test that the network traffic is being scanned 8 Using policies to manage message scanning Configure policies and reporting 9 Using the Configuration Console Configure production traffic through the s...

Page 23: ...ng upgrading or diagnosing system faults on the appliance CD ROM drive System status LED System status and hard Lights during normal use Flashes when the System Identification button is pressed disk d...

Page 24: ...uipment designed for 10 Mbps 100 Mbps or 1000 Mbps 1Gb Ethernet network use port NIC 1 and LAN2 Each LAN port has built in LEDs port NIC 2 Lights green when the port has a good link to the attached Et...

Page 25: ...an Ethernet Cat 5e cable to the RJ 45 port Remote Access Card 3300 and 3400 appliances only 3000 3100 appliances only The 3000 and 3100 appliances have a single hard disk drive Hard disk drives 3200...

Page 26: ...from the bottom up If you are installing multiple appliances start with the lowest available position first Contents Connect to the network This section describes how to connect the appliance to your...

Page 27: ...nt port To manage the appliance locally use a crossover Cat 5e Ethernet cable to connect the appliance to your local computer s network card Using Fiber LAN connections Use the fiber cables to connect...

Page 28: ...ration Console or from the Setup Wizard within the user interface The Configuration Console launches automatically at the end of the startup sequence after either an unconfigured device starts or afte...

Page 29: ...o make other changes to the default configuration Select Restore from a File not available from the Configuration Console to set up your device based on a previously saved configuration Following the...

Page 30: ...rk against viruses spam and phish and uses McAfee TrustedSource to protect your network from unwanted email If you want to scan more types of traffic you can enable each protocol from its page From th...

Page 31: ...rd twice to confirm it The original default password is scmchangeme Password Offers a choice of time zones The zones are organized from West to East to cover mid Pacific America Europe Asia Africa Ind...

Page 32: ...he device is in Explicit Proxy mode and a protocol is disabled traffic directed to the blade server for that protocol is refused The protocol is blocked at the device In Explicit Proxy mode only SMTP...

Page 33: ...otection against Potentially Unwanted Programs including Spyware Scan SMTP traffic Scan POP3 traffic Under Relaying options the device suggests the domain information if this is available via DHCP Del...

Page 34: ...r network For example 198 168 10 1 or FD4A A1B2 C3D4 1 IP Address You can specify multiple IP addresses for the appliance s ports If the appliance is in Transparent Bridge mode the IP addresses are co...

Page 35: ...ster set by default For all cluster members the administrator must set the cluster identifier This unique identifier ensures that members of the cluster are joined correctly To create multiple cluster...

Page 36: ...ntaining two or three appliances it is likely that you want to enable scanning on all appliances For larger systems you may prefer to not have the Cluster Failover scanning Enable scanning on this app...

Page 37: ...en they do not noticeably affect the blade servers performance Option definitions Definition Option Specifies your local time zone You might need to set this twice each year if your region observes da...

Page 38: ...on Option The value is set according to best practice The value is probably not correct Although the value is valid it is not set according to best practice Check the value before continuing No value...

Page 39: ...des some information to help you get started How to start the user interface again Tasks to complete to make sure that the device is working correctly Contents Introducing the user interface Testing t...

Page 40: ...s information Library which describes every virus and other potentially unwanted programs that McAfee detects and cleans Download SNMB files Download files for SMI MIB and HP Openview Opens the Online...

Page 41: ...rnal email account such as Hotmail to an internal mailbox and confirm that it arrived 2 Select Dashboard The SMTP protocol section shows that a message was received Testing virus detection Use this ta...

Page 42: ...s 3 Send the new email message to an internal mailbox address The device scans the message recognizes it as a junk email message and deals with it accordingly The GTUBE overrides blacklists and whitel...

Page 43: ...en click Next The log shows the EICAR test file that you detected Task Use this task to update the appliance s DAT files and to then view the the update report NOTE The System Status page is displayed...

Page 44: ...e sender and Quarantine the original email 6 In If cleaning fails select Replace the detected item with an alert 7 In the And also section beneath If cleaning fails select Deliver a notification E mai...

Page 45: ...ntains a virus It quarantines the message and notifies the intended recipient and the sender that the message was infected Creating an anti spam scanning policy Use this task to set up a policy to pro...

Page 46: ...ng rule 9 Select Privacy Rules from within Type Compliancy 10 Click OK 11 In If Triggered select Accept and then drop the data Block 12 Click OK 13 Click OK 14 Create an email on the server from examp...

Page 47: ...event 18 View the Dashboard to see information about items quarantined because of their content 19 Using the recipient s email account open McAfee Quarantine Manager User interface and select Unwante...

Page 48: ...host Queued Email You can view all quarantined email or just quarantined email for each host Quarantined Email You can view all reports or just reports for each host Reporting Behavior between the dev...

Page 49: ...iance is switched on and its software is running If the power button LED is orange the appliance is connected but is not turned on If the power LED is green the appliance is connected and turned on Th...

Page 50: ...rk and that it can reach the same subnet to which the appliance is connected You have used the new IP address that you configured for the LAN1 port in the URL field of your web browser If you have not...

Page 51: ...heck the accompanying release notes for known issues when using some web browsers on particular operating systems Client software cannot communicate through theappliance Check the following The correc...

Page 52: ...l select Refresh to see the progress that the appliance has made through the list of messages The appliance works through the messages until each one is sent If there is still a delivery problem cause...

Page 53: ...configuration of your inside and outside networks Make sure that the list of outside networks has an asterisk as the last entry Also make sure that the list of inside networks does not have an asteri...

Page 54: ...y appear to the appliance as though they were coming from the firewall System maintenance This section discusses system maintenance issues The appliance does not accept the HotFix file Do not unzip th...

Page 55: ...block a specific sender of spam 1 In the navigation pane select Configure SMTP 2 Select Protocol Settings Permit and Deny Settings 3 At Deny Sender type the sender s email address Users are not getti...

Page 56: ...or to simply block the spam at the appliance The email messages might be coming from senders domains or networks that are in the Permit Sender list Review the list to make sure that you really want em...

Page 57: ...can Access the McAfee online virus information library to find out more about a specific virus Submit a virus sample to McAfee for analysis Contact McAfee Technical Support See the Online help for mo...

Page 58: ......

Page 59: ......

Page 60: ...700 2315A00...