Transcription
Draft only - 9.13.11Installation GuideMcAfee Email Gateway 7.0 Appliances
Draft only - 9.13.11COPYRIGHTCopyright 2011 McAfee, Inc. All Rights Reserved.No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or byany means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.TRADEMARK ATTRIBUTIONSAVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE),MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registeredtrademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive ofMcAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.LICENSE INFORMATIONLicense AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.2McAfee Email Gateway 7.0 Appliances Installation Guide
Draft only - 9.13.11Contents1PrefaceAbout this guide . . . . . . .Audience . . . . . . .Conventions . . . . . .How to use this guide . .Finding product documentation .15.Preparing to install555679What's in the box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Plan the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Inappropriate use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Operating conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Positioning the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Considerations about network modes . . . . . . . . . . . . . . . . . . . . . . . . . 11Transparent bridge mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Transparent router mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Explicit proxy mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Deployment strategies for using the device in a DMZ . . . . . . . . . . . . . . . . . . . 14SMTP configuration in a DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . 15Workload management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Installing the McAfee Email Gateway applianceInstallation quick reference table . . . . . . . . . . . . . . . . . .Ports and connections . . . . . . . . . . . . . . . . . . . . . . .Physically installing the appliance . . . . . . . . . . . . . . . . . .Mounting the appliance in a rack . . . . . . . . . . . . . . .Connect to the network . . . . . . . . . . . . . . . . . . . . . .Port numbers . . . . . . . . . . . . . . . . . . . . . . .Using Copper LAN connections . . . . . . . . . . . . . . . .Using Fiber LAN connections . . . . . . . . . . . . . . . . .Monitor, mouse and keyboard . . . . . . . . . . . . . . . .Supplying power to the appliance . . . . . . . . . . . . . . . . . .Overview task — Installing the software . . . . . . . . . . . . . . .Task — Downloading the installation software . . . . . . . . . .Task — Creating a CD from the installation software image . . . . .Using the Configuration Console . . . . . . . . . . . . . . . . . . .Welcome . . . . . . . . . . . . . . . . . . . . . . . . .Performing a Standard Setup . . . . . . . . . . . . . . . . .Performing a Custom Setup . . . . . . . . . . . . . . . . .Restoring from a file . . . . . . . . . . . . . . . . . . . .ePO Managed Setup . . . . . . . . . . . . . . . . . . . .Encryption Only Setup . . . . . . . . . . . . . . . . . . .317.A tour of the 53Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53McAfee Email Gateway 7.0 Appliances Installation Guide3
ContentsDraft only - 9.13.11Benefits of using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . 53Dashboard portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544Testing the configurationTaskTaskTaskTask5————Test connectivity . . . . . . . . . .Update the DAT files . . . . . . . .Test mail traffic and virus detection . .Testing spam detection . . . . . . .57. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57. . 57. . 58. . 58Exploring the appliance featuresIntroduction to policies . . . . . . . . . . . . . . . . . . . .Encryption . . . . . . . . . . . . . . . . . . . . . .Task — Identify quarantined email messages . . . . . . . . .Compliance Settings . . . . . . . . . . . . . . . . . .Data Loss Prevention settings . . . . . . . . . . . . . .Index4.McAfee Email Gateway 7.0 Appliances Installation Guide59. . . . . . . . . . . . . . . . . . . . . 59. 5961. 62. 6567
Draft only - 9.13.11PrefaceContentsAbout this guideFinding product documentationAbout this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.AudienceMcAfee documentation is carefully researched and written for the target audience.The information in this guide is intended primarily for: Administrators — People who implement and enforce the company's security program.ConventionsThis guide uses the following typographical conventions and icons.Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.BoldText that is strongly emphasized.User input or PathCommands and other text that the user types; the path of a folder or program.CodeA code sample.User interfaceWords in the user interface including options, menus, buttons, and dialogboxes.Hypertext blueA live link to a topic or to a website.Note: Additional information, like an alternate method of accessing an option.Tip: Suggestions and recommendations.Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.Warning: Critical advice to prevent bodily harm when using a hardwareproduct.McAfee Email Gateway 7.0 Appliances Installation Guide5
Draft only - 9.13.11PrefaceAbout this guideGraphical conventionsUse this information to understand the graphical symbols used within this document.ApplianceInternet or external networksMail ServerOther servers (such as DNSservers)User or client computerRouterSwitchFirewallNetwork zone (DMZ or VLAN)NetworkActual data pathPerceived data pathDefinition of terms used in this guideUse this information to understand some of the key terms used in this document.TermDefinitiondemilitarized zone A computer host or small network inserted as a buffer between a private network(DMZ)and the outside public network to prevent direct access from outside users toresources on the private network.DAT filesDetection definition (DAT) files, also called signature files, containing thedefinitions that identify, detect, and repair viruses, Trojan horses, spyware,adware, and other potentially unwanted programs (PUPs).operational modeThree operating modes for the product: explicit proxy mode, transparent bridgemode, and transparent router mode.policyA collection of security criteria, such as configuration settings, benchmarks, andnetwork access specifications, that defines the level of compliance required forusers, devices, and systems that can be assessed or enforced by a McAfeesecurity application.ReputationService checkPart of sender authentication. If a sender fails the Reputation Service check, theappliance is set to close the connection and deny the message. The sender's IPaddress is added to a list of blocked connections and is automatically blocked infuture at the kernel level.How to use this guideThis topic gives a brief summary of the information contained within this document.This guide helps you to:6 Plan and perform your installation. Become familiar with the interface.McAfee Email Gateway 7.0 Appliances Installation Guide
Draft only - 9.13.11PrefaceFinding product documentation Test that the product functions correctly. Apply the latest detection definition files. Explore some scanning policies, create reports, and get status information. Troubleshoot basic issues.You can find additional information about the product's scanning features in the online help within theproduct and the McAfee Email Gateway 7.0 Administrators Guide.Finding product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and troubleshooting. After a product is released, information about the productis entered into the McAfee online KnowledgeBase.Task1Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.2Under Self Service, access the type of information you need:To access.Do this.User documentation1 Click Product Documentation.2 Select a product, then select a version.3 Select a product document.KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version.McAfee Email Gateway 7.0 Appliances Installation Guide7
PrefaceFinding product documentation8Draft only - 9.13.11McAfee Email Gateway 7.0 Appliances Installation Guide
Draft only - 9.13.111Preparing to installTo ensure the safe operation of McAfee Email Gateway 7.0, consider the following before you beginthe installation. Familiarize yourself with its operational modes and capabilities. It is important that you choose avalid configuration. Decide how to integrate the appliance into your network and determine what information you needbefore you start. For example, the name and IP address for the device. Unpack the product as close to its intended location as possible. Remove the product from any protective packaging and place it on a flat surface. Observe all provided safety warnings.Review and be familiar with all provided safety information.ContentsWhat's in the boxPlan the installationInappropriate useOperating conditionsPositioning the applianceConsiderations about network modesDeployment strategies for using the device in a DMZWhat's in the boxUse this information to ensure that you have a complete shipment for your product.To check that all components are present, refer to the packing list supplied with your product.Generally, you should have: An appliance McAfee Email Gateway installation and recovery CD Power cords Linux source code CD Network cables Documentaiton CDIf an item is missing or damaged, contact your supplier.McAfee Email Gateway 7.0 Appliances Installation Guide9
1Draft only - 9.13.11Preparing to installPlan the installationPlan the installationUse this information when planning the installation of your device.Before unpacking your McAfee Email Gateway, it is important to plan the installation and deployment.Consider the following: Environmental requirements.Information on environmental site requirements, including temperature, airflow, and spacerequirements. Power requirements and considerations.Power requirements and electrical factors that must be considered before installation. Hardware specifications and requirements. Configuration scenarios. Preparing for installation.Inappropriate useUse this information to avoid using this product inappropriately.McAfee Email Gateway is: Not a firewall. — You must use it within your organization behind a correctly configured firewall. Not a server for storing extra software and files. — Do not install any software on the deviceor add any extra files to it unless instructed by the product documentation or your supportrepresentative.The device cannot handle all types of traffic. If you use explicit proxy mode, only protocols that are tobe scanned should be sent to the device.Operating conditionsUse this information to understand the environmental conditions needed for your McAfee EmailGateway.Temperature10 to 35 C (50 to 95 F).Relative humidity20% to 80% (non-condensing) with a maximum humidity gradient of 10% perhour.Maximum vibration 0.25 G at 3–200 Hz for 15 minutes.10Maximum shockOne shock pulse in the positive z axis (one pulse on each side of the unit) of 31G for up to 2.6 ms.Altitude-16 to 3,048 m (-50 to 10,000 ft.).McAfee Email Gateway 7.0 Appliances Installation Guide
Draft only - 9.13.111Preparing to installPositioning the appliancePositioning the applianceUse this information to understand where the McAfee Email Gateway should be placed before settingup and using it.Select the final position for the appliance and install it so that it meets the operating conditions, sothat you can control physical access to the appliance, and so that you can access all ports andconnections on both the front and the rear panels.A rack-mounting kit is supplied with the appliance, allowing you to install the appliance in a 19-inch rack.Considerations about network modesUse this information to gain a
product and the McAfee Email Gateway 7.0 Administrators Guide. Finding product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task
