mcafee email gateway 7.0 virtual appliance installation...

Installation GuideRevision A

McAfee® Email Gateway 7.0 VirtualAppliance

COPYRIGHTCopyright © 2011 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or byany means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONSAVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE),MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registeredtrademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive ofMcAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee® Email Gateway 7.0 Virtual Appliance Installation Guide

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5How to use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Finding product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1 Introduction to McAfee Email Gateway Virtual Appliance 9McAfee Email Gateway features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9What you get in the download package . . . . . . . . . . . . . . . . . . . . . . . . 12

2 Preparing to install 13Inappropriate use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Considerations about network modes . . . . . . . . . . . . . . . . . . . . . . . . . 13

Explicit proxy mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Transparent bridge mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Transparent router mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 17VMware vSphere network configuration . . . . . . . . . . . . . . . . . . . . . 18

Deployment strategies for using the device in a DMZ . . . . . . . . . . . . . . . . . . . 21SMTP configuration in a DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . 21

System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Sample installation scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Running the virtual appliance as the only virtual machine on the host . . . . . . . . . 25Running the virtual appliance with other virtual machines . . . . . . . . . . . . . . 26

3 Installing the McAfee Email Gateway Virtual Appliance 27Overview of the virtual appliance installation process . . . . . . . . . . . . . . . . . . . 27Installation best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Task — Convert from a VMtrial installation . . . . . . . . . . . . . . . . . . . . . . . 28Task — Download the installation software . . . . . . . . . . . . . . . . . . . . . . . 28Task — Install the appliance on VMware vSphere . . . . . . . . . . . . . . . . . . . . . 29Task — Improve performance on VMware vSphere . . . . . . . . . . . . . . . . . . . . 30Configure the virtual appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Using the Configuration Console . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Welcome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Performing a Standard Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 32Performing a Custom Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 34Restoring from a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Encryption Only Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4 A tour of the Dashboard 59The Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Benefits of using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . 60Dashboard panes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

McAfee® Email Gateway 7.0 Virtual Appliance Installation Guide 3

5 Testing the configuration 63Task — Test connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Task — Update the DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Task — Test mail traffic and virus detection . . . . . . . . . . . . . . . . . . . . . . . 64Task — Test spam detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6 Exploring the appliance features 65Introduction to policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Task — Identify quarantined email messages . . . . . . . . . . . . . . . . . . . 67Compliance Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Data Loss Prevention settings . . . . . . . . . . . . . . . . . . . . . . . . . 71

7 Additional Configuration Options 73Task — Upgrading to Email Gateway Virtual Appliance 7.0 . . . . . . . . . . . . . . . . . 73Task — Change the default Power Off and Reset actions . . . . . . . . . . . . . . . . . . 74Task — Configure the shutdown and restart option . . . . . . . . . . . . . . . . . . . . 74

Index 77

Contents


Preface

This guide provides the information you need to install your McAfee product.

Contents

About this guide Finding product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

ConventionsThis guide uses the following typographical conventions and icons.

Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.

Bold Text that is strongly emphasized.

User input or Path Commands and other text that the user types; the path of a folder or program.

Code A code sample.

User interface Words in the user interface including options, menus, buttons, and dialogboxes.

Hypertext blue A live link to a topic or to a website.

Note: Additional information, like an alternate method of accessing an option.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardwareproduct.


Graphical conventionsUse this information to understand the graphical symbols used within this document.

Virtual Appliance Internet or externalnetworks

Mail Server Other servers (such asDNS servers)

User or client computer Router

Switch Firewall

Network zone (DMZ orVLAN)

Network

Actual data path Perceived data path

Definition of terms used in this guideUnderstand some of the key terms used in this document.

Term Definition

demilitarized zone(DMZ)

A computer host or small network inserted as a buffer between a private networkand the outside public network to prevent direct access from outside users toresources on the private network.

DAT files Detection definition (DAT) files, also called signature files, containing thedefinitions that identify, detect, and repair viruses, Trojan horses, spyware,adware, and other potentially unwanted programs (PUPs).

operational mode Three operating modes for the product: explicit proxy mode, transparent bridgemode, and transparent router mode.

policy A collection of security criteria, such as configuration settings, benchmarks, andnetwork access specifications, that defines the level of compliance required forusers, devices, and systems that can be assessed or enforced by a McAfeesecurity application.

ReputationService check

Part of sender authentication. If a sender fails the Reputation Service check, theappliance is set to close the connection and deny the message. The sender's IPaddress is added to a list of blocked connections and is automatically blocked infuture at the kernel level.

PrefaceAbout this guide


How to use this guideThis topic gives a brief summary of the information contained within this document.

This guide helps you to:

• Plan and perform your installation.

• Become familiar with the interface.

• Test that the product functions correctly.

• Apply the latest detection definition files.

• Explore some scanning policies, create reports, and get status information.

• Troubleshoot basic issues.

You can find additional information about the product's scanning features in the online help within theproduct and the McAfee Email Gateway 7.0 Administrators Guide.

Finding product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and troubleshooting. After a product is released, information about the productis entered into the McAfee online KnowledgeBase.

Task

1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation 1 Click Product Documentation.

2 Select a product, then select a version.

3 Select a product document.

KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions.

• Click Browse the KnowledgeBase for articles listed by product and version.

PrefaceFinding product documentation


http://mysupport.mcafee.com

1 Introduction to McAfee Email GatewayVirtual Appliance

McAfee Email Gateway Virtual Appliance 7.0 delivers comprehensive, enterprise-class protectionagainst email threats in a virtual environment.

McAfee Email Gateway Virtual Appliance works in the following virtual environments:

• VMware vSphere 4.x

• VMware vSphere Hypervisor (ESXi) 4.x

Contents

McAfee Email Gateway features What you get in the download package

McAfee Email Gateway features This information describes the features of the product and where to locate them in the product interface.

Email scanning features

Feature Description

Comprehensivescanningprotection

Offers anti-virus and anti-spam protection for the following network protocols:

• SMTP

• POP3

Anti-virusprotection

Email | Email Policies | Anti-Virus

Reduce threats to all protocol traffic using:

• Anti-virus settings to identify known and unknown threats in viruses inarchives files, and other file types

• Other threat detection settings to detect viruses, potentially unwantedprograms, packers, and other malware

• McAfee Global Threat Intelligence file reputation to complement theDAT-based signatures by providing the appliances access to millions ofcloud-based signatures; this reduces the delay between McAfee detecting anew malware threat and its inclusion in DAT files, providing broader coverage

1


Feature Description

Anti-spamprotection

Email | Email Policies | Spam

Reduce spam in SMTP and POP3 email traffic using:

• Anti-spam engine, the anti-spam, and anti-phishing rule sets

• Lists of permitted and denied senders

• McAfee Global Threat Intelligence message reputation to identifysenders of spam email messages

• Permit and deny lists that administrators and users can create using aMicrosoft Outlook plug-in (user-level only)

Detect phishing attacks and take the appropriate action.

Encryption Email | EncryptionThe McAfee Email Gateway includes several encryption methodologies:

• Server-to-server encryption

• Secure Web Mail

• Pull delivery

• Push delivery

The encryption features can be set up to provide encryption services to theother scanning features, or can be set up as an encryption-only server used justto encrypt email messages.

McAfee GlobalThreatIntelligencefeedback

Email | Email Policies | Policy Options | McAfee GTI feedback

System | Setup Wizard

McAfee analyzes data about detections and alerts, threat details, and usagestatistics from a broad set of customers to combat electronic attacks, protectvulnerable systems from exploit, and thwart cyber crime. By enabling thisfeedback service in your product, you will help us improve McAfee Global ThreatIntelligence, thereby making your McAfee products more effective, as well ashelp us work with law enforcement to address electronic threats.

ComplianceSettings

Email | Email Policies | Compliance

This release of the product includes enhancements to the way the applianceuses compliance rules:

• In the Compliance policy, use the Rule Creation wizard to specify the inbuiltdictionaries that you want to comply with, or create the a new rule using anexisting rule as a template.

• Use the Mail size filtering and File filtering policies to check SMTP email messagesfor true file types and take action on email based on size and number ofattachments.

Data LossPrevention

Email | DLP and Compliance

Use the Data Loss Prevention policy to upload and analyze your sensitivedocuments — known as training — and to create a fingerprint of each document.

Message Search Reports | Message search

From a single location within the user interface, Message Search allows you toconfirm the status of email messages that have passed through the appliance.It provides you with information about the email, including whether it wasdelivered or blocked, if the message bounced, if it was quarantined, or held in aqueue pending further action.

1 Introduction to McAfee Email Gateway Virtual ApplianceMcAfee Email Gateway features


Feature Description

Quarantinefeatures

Email | Quarantine Configuration | Quarantine Options

• Quarantine digests — Allow users to handle quarantined items without involvingthe email administrator.

• McAfee Quarantine Manager — Consolidate quarantine management for McAfeeproducts.

Message TransferAgent

• Reroute traffic on-the-fly based on criteria set by the administrator. Forexample, encrypted mail can be rerouted for decryption.

• Allow the administrator to determine the final status of each message.

• See a quick view summary of inbound email messages by domain withdrill-down facilities per domain and undeliverable email by domain.

• Prioritize the redelivery of undeliverable email based on domain.

• Pipeline multiple email deliveries to each domain.

• Rewrite an email address on inbound and outbound email based on regularexpressions defined by the administrator.

• Strip email headers on outbound messages to hide internal networkinfrastructure.

• Deliver messages using TLS.

• Manage certificates.

Reporting and System features

Feature Description

ScheduledReports

Reports | Scheduled Reports

Schedule reports to run on a regular basis and send them to one or more emailrecipients.

Logging options System | Logging, Alerting and SNMP

You can configure the appliance to send emails containing information aboutviruses and other detected threats, and to use SNMP to transfer information fromyour appliance.

Dashboardstatistics

Dashboard

The Dashboard provides a single location for you to view summaries of theactivities of the appliance, such as the email flowing through the appliance, andthe overall system health of the appliance. You can also go directly to areas ofthe user interface that you often use.

ePolicyOrchestratormanagement ofappliances

System | Setup Wizard

Choose the ePO Managed Setup option to monitor the status of your appliances andalso manage your appliance from ePolicy Orchestrator.

You can directly manage your appliances from ePolicy Orchestrator, withoutneeding to launch the interface for each appliance.

In ePolicy Orchestrator, the user interface pages that you use to configure andmanage your appliance have a familiar look-and-feel to the pages that you findwithin the appliances.

Introduction to McAfee Email Gateway Virtual ApplianceMcAfee Email Gateway features 1


Feature Description

ClusterManagement

System | System Administration | Cluster Management

Cluster management enables you to set up groups of appliances that worktogether to share your scanning workloads, and to provide redundancy in theevent of hardware failure.

From these pages you can back up and restore your configurations, pushconfigurations from one appliance to others, and set up load balancing betweenyour appliances.

Virtual Hosts System | Virtual Hosting | Virtual Hosts

For the SMTP protocol, you can specify the addresses where the appliancereceives or intercepts traffic on the Inbound Address Pool.

Using virtual hosts, a single appliance can appear to behave like severalappliances. Each appliance can manage traffic within specified pools of IPaddresses, enabling the appliance to provide scanning services to traffic frommany customers.

Role-basedAccess Control

System | Users | Users and Roles

System | Users | Login Services

In addition to the Kerberos authentication method, RADIUS authentication is alsoavailable.

What you get in the download package The McAfee Email Gateway Virtual Appliance 7.0 is supplied in a zip file that contains the softwareinstallation files and installation documents to install the virtual appliance on VMware vSphere 4.x.

The download package does not contain the VMware product installation files. If you do not alreadyhave your virtual software set up, go to the VMware website (http://www.vmware.com) to purchaseVMware vSphere, or VMware vSphere Hypervisor (ESXi).

1 Introduction to McAfee Email Gateway Virtual ApplianceWhat you get in the download package


http://www.vmware.com

2 Preparing to install

To ensure the safe operation of McAfee Email Gateway Virtual Appliance 7.0, consider the followingbefore you begin the installation.

• Familiarize yourself with its operational modes and capabilities. It is important that you choose avalid configuration.

• Decide how to integrate the appliance into your network and determine what information you needbefore you start. For example, the name and IP address for the device.

Contents

Inappropriate use Considerations about network modes Deployment strategies for using the device in a DMZ System requirements Sample installation scenarios

Inappropriate useUse this information to avoid using this product inappropriately.

McAfee Email Gateway Virtual Appliance 7.0 is:

• Not a firewall — You must use it within your organization behind a correctly configured firewall.

• Not a server for storing extra software and files — Do not install any software on the deviceor add any extra files to it unless instructed by the product documentation or your supportrepresentative.

The device cannot handle all types of traffic. If you use explicit proxy mode, only protocols that are tobe scanned should be sent to the device.

Considerations about network modes Use this information to gain an understanding of the operational (or network) modes in which thedevice can operate.

Before you configure your McAfee Email Gateway, you must decide which network mode to use. Themode you choose determines how you physically connect your VMware ESX host to your network.Different modes also have an impact on your vSwitch configuration to which your virtual appliance willbe connected to. Running the virtual appliance in explicit proxy mode requires the least amount ofconfiguration on your VMware ESX host and is easier to set up. To installing the virtual appliance ineither of the transparent modes, other considerations must be made. All necessary ESX configurationsteps for either of the modes are described below.

2


You can choose from the following network modes:

• Explicit proxy mode — The virtual appliance acts as a proxy server and a mail relay.

• Transparent router mode — The virtual appliance acts as a router.

• Transparent bridge mode — The virtual appliance acts as an Ethernet bridge.

If you are still unsure about the mode to use after reading this and the following sections, consult yournetwork expert.

Explicit proxy mode Use this information to better understand explicit proxy mode on your McAfee Email Gateway.

In explicit proxy mode, some network devices must be set up explicitly to send traffic to the device.The device then works as a proxy or relay, processing traffic on behalf of the devices.

Figure 2-1 Explicit proxy mode — apparent data path

Explicit proxy mode is best suited to networks where client devices connect to the device through asingle upstream and downstream device.

This might not be the best option if several network devices must be reconfigured to send traffic to thedevice.

Network and device configuration

If the device is set to explicit proxy mode, you must explicitly configure your internal mail server torelay email traffic to the device. The device scans the email traffic before forwarding it, on behalf ofthe sender, to the external mail server. The external mail server then forwards the email message tothe recipient.

In a similar way, the network must be configured so that incoming email messages from the Internetare delivered to the device, not the internal mail server.

The device scans the traffic before forwarding it, on behalf of the sender, to the internal mail server fordelivery, as shown.

For example, an external mail server can communicate directly with the device, although traffic mightpass through several network servers before reaching the device. The perceived path is from theexternal mail server to the device.

Protocols

To scan a supported protocol, you must configure your other network servers or client computers toroute that protocol through the device, so that no traffic bypasses the device.

Firewall rules

Explicit proxy mode invalidates any firewall rules set up for client access to the Internet. The firewallsees only the physical IP address information for the device, not the IP addresses of the clients, so thefirewall cannot apply its Internet access rules to the clients.

2 Preparing to installConsiderations about network modes


Ensure that your firewall rules are updated. The firewall must accept traffic from McAfee® EmailGateway, but must not accept traffic that comes directly from the client devices.

Set up firewall rules to prevent unwanted traffic entering your organization.

Where to place the device

Configure the network devices so that traffic needing to be scanned is sent to the McAfee® EmailGateway. This is more important than the location of the McAfee® Email Gateway.

The router must allow all users to connect to the McAfee® Email Gateway.

Figure 2-2 Positioning in Explicit proxy mode

The McAfee® Email Gateway must be positioned inside your organization, behind a firewall, as shownin Figure 6: Explicit proxy configuration.

Typically, the firewall is configured to block traffic that does not come directly from the device. If youare unsure about your network’s topology and how to integrate the device, consult your network expert.

Use this configuration if:

• The device is operating in explicit proxy mode.

• You are using email (SMTP).

For this configuration, you must:

• Configure the external Domain Name System (DNS) servers or Network Address Translation (NAT)on the firewall so that the external mail server delivers mail to the device, not to the internal mailserver.

• Configure the internal mail servers to send email messages to the device. That is, the internal mailservers must use the device as a smart host. Ensure that your client devices can deliver emailmessages to the mail servers within your organization.

• Ensure that your firewall rules are updated. The firewall must accept traffic from the device, butmust not accept traffic that comes directly from the client devices. Set up rules to preventunwanted traffic entering your organization.

Preparing to installConsiderations about network modes 2


Transparent bridge mode Use this information to better understand Transparent bridge mode on your McAfee Email Gateway.

In transparent bridge mode, the communicating servers are unaware of the device — the device’soperation is transparent to the servers.

Figure 2-3 Transparent bridge mode — apparent data path

In the figure, the external mail server (A) sends email messages to the internal mail server (C). Theexternal mail server is unaware that the email message is intercepted and scanned by the device (B).

The external mail server seems to communicate directly with the internal mail server — the path isshown as a dotted line. In reality, traffic might pass through several network devices and beintercepted and scanned by the device before reaching the internal mail server.

What the device does in transparent bridge mode

In transparent bridge mode, the device connects to your network using the LAN1 and LAN2 ports. Thedevice scans the traffic it receives, and acts as a bridge connecting two network segments, but treatsthem as a single logical network.

Configuration in transparent bridge mode

Transparent bridge mode requires less configuration than transparent router and explicit proxy modes.You do not need to reconfigure all your clients, default gateway, MX records, Firewall NAT or mailservers to send traffic to the device. Because the device is not a router in this mode, you do not needto update a routing table.

Where to place the device when using transparent bridge mode

For security reasons, you must use the device inside your organization, behind a firewall.

Figure 2-4 Positioning in Transparent bridge mode

In transparent bridge mode, position the device between the firewall and your router, as shown.

In this mode, you physically connect two network segments to the device, and the device treats themas one logical network. Because the devices — firewall, device, and router — are on the same logicalnetwork, they must all have compatible IP addresses on the same subnet.



Devices on one side of the bridge (such as a router) that communicate with devices on the other sideof the bridge (such as a firewall) are unaware of the bridge. They are unaware that traffic isintercepted and scanned, therefore the device is said to operate as a transparent bridge.

Figure 2-5 Network structure — Transparent bridge mode

Transparent router modeUse this information to better understand Transparent router mode on your McAfee Email Gateway.

In transparent router mode, the device scans email traffic between two networks. The device has oneIP address for outgoing scanned traffic, and must have one IP address for incoming traffic.

The communicating network servers are unaware of the intervention of the device — the device’soperation is transparent to the devices.

What the device does in transparent router mode

In transparent router mode, the device connects to your networks using the LAN1 and LAN2 ports.The device scans the traffic it receives on one network, and forwards it to the next network device ona different network. The device acts as a router, routing the traffic between networks, based on theinformation held in its routing tables.

Configuration in transparent router mode

Using transparent router mode, you do not need to explicitly reconfigure your network devices to sendtraffic to the device. You need only configure the routing table for the device, and modify some routinginformation for the network devices on either side of it (the devices connected to its LAN1 and LAN2ports). For example, you might need to make the device your default gateway.



In transparent router mode, the device must join two networks. The device must be positioned insideyour organization, behind a firewall.

Transparent router mode does not support Multicast IP traffic or non-IP protocols, such as NETBEUI andIPX.

Firewall rules

In transparent router mode, the firewall connects to the physical IP address for the LAN1/LAN2connection to the management blade.

Where to place the device

Use the device in transparent router mode to replace an existing router on your network.

If you use transparent router mode and you do not replace an existing router, you must reconfigure partof your network to route traffic correctly through the device.

Figure 2-6 Network structure — Transparent bridge mode

You need to:

• Configure your client devices to point to the default gateway.

• Configure the device to use the Internet gateway as its default gateway.

• Ensure your client devices can deliver email messages to the mail servers within your organization.

VMware vSphere network configurationThis group of tasks presents how to prepare your vSwitch configuration for each of the operatingmodes available.



Task — Configure VMware vSphere for an explicit proxy mode installationUse this task to configure VMware vSphere to install the virtual appliance in the explicit proxy mode.

Before you begin

Ensure that you have at least two different physical interfaces available on your VMwareESX host. A third interface can be used for out-of-band management.

For best performance, McAfee recommends that the interfaces used by the McAfee EmailGateway Virtual Appliance virtual machine are not shared with any other virtual machine onthis VMware ESX host. Before you begin to install the virtual appliance, ensure that youhave vSwitches created to which LAN 1 and LAN 2 of the virtual appliance can connect, andthat they have the correct configuration.

When importing the McAfee Email Gateway Virtual Appliance .OVA file ensure that the LAN 1 interfaceis connected to your first vSwitch and that the LAN 2 interface is connected to your second vSwitch.

You must create identical vSwitches on each host in the High Availability (HA) cluster if vMotion is in use.

Task

1 Log on to your vSphere client.

2 In the Hosts and Clusters view, select the host on the left on which you are planning to install thevirtual appliance.

3 On the right hand side, select Configuration.

4 Click Networking.

5 Click Add Networking.

6 In the Add Network Wizard, select Virtual Machine, and click Next.

7 Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1connection of your virtual appliance, and click Next.

8 Type a label for your new network, such as MEG LAN 1.

9 Click Next, then click Finish .

10 Repeat steps 5 – 10 to add a second vSwitch for your LAN 2 interface.

Task — Configure VMware vSphere for a transparent bridge mode installationUse this task to configure VMware vSphere to install the virtual appliance in a transparent bridge mode.

Before you begin

Ensure that you have at least two different physical interfaces available on your VMwareESX host. The two interfaces used for the bridge must be connected to different broadcastdomains to avoid network loops and cause severe disruption in your network. A thirdinterface can be used for out-of-band management.

For best performance, McAfee recommends that the interfaces used by the bridge arededicated to the McAfee Email Gateway Virtual Appliance virtual machine and not sharedwith any other virtual machine on this VMware ESX host. Before you begin to install thevirtual appliance, ensure that you have vSwitches created to which LAN 1 and LAN 2 of thevirtual appliance can connect, and that they have the correct configuration.



When importing the McAfee Email Gateway Virtual Appliance .OVA file make sure that the LAN 1interface is connected to your first vSwitch and that the LAN 2 interface is connected to your secondvSwitch.


Task




4 Click Networking.



7 Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1connection of your virtual appliance, and click Next .


By default, VMware ESX removes VLAN tags. To have the virtual appliance see VLAN tagged traffic(for example, to create specific policies per VLAN) you have to enable Virtual Guest Tagging. To do so,see VMware Knowledge Base article 1004252.


10 Scroll down on the page to the virtual switch you just created, and click Properties.

11 In vSwitch Properties, double-click the vSwitch entry in the list on the left-hand side.

12 Click Security.

13 In Promiscuous Mode, change the value to Accept and click OK.

14 Click Close.


The second vSwitch has to be connected to a different physical interface, which is connected to adifferent broadcast domain on your network than the interface used for your first vSwitch.

Task — Configure VMware vSphere for a transparent router mode installationUse this task to configure VMware vSphere to install the virtual appliance in a transparent router mode.

Before you begin

Ensure that you have at least two different physical interfaces available on your VMwareESX host. A third interface can be used for out-of-band management.

For best performance, McAfee recommends that the interfaces used by the McAfee EmailGateway Virtual Appliance virtual machine are not shared with any other virtual machine onthis VMware ESX host. Before you begin to install the virtual appliance, ensure that youhave vSwitches created to which LAN 1 and LAN 2 of the virtual appliance can connect, andthat they have the correct configuration.



When importing the McAfee Email Gateway Virtual Appliance .OVA file ensure that the LAN 1 interfaceis connected to your first vSwitch and that the LAN 2 interface is connected to your second vSwitch.


Task




4 Click Networking.



7 Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1connection of your virtual appliance, and click Next.




The second vSwitch has to be connected to a different physical interface than the interface used foryour first vSwitch.

Deployment strategies for using the device in a DMZ Use this information to understand about demilitarized zones within your network, and how to usethem to protect your email servers.

A demilitarized zone (DMZ) is a network separated by a firewall from all other networks, including theInternet and other internal networks. The typical goal behind the implementation of a DMZ is to lockdown access to servers that provide services to the Internet, such as email.

Hackers often gain access to networks by identifying the TCP/UDP ports on which applications arelistening for requests, then exploiting known vulnerabilities in applications. Firewalls dramaticallyreduce the risk of such exploits by controlling access to specific ports on specific servers.

The device can be added easily to a DMZ configuration. The way you use the device in a DMZ dependson the protocols you intend to scan.

SMTP configuration in a DMZ Use this information to understand how to configure SMTP devices within a demilitarized zone on yournetwork.

The DMZ is a good location for encrypting mail. By the time the mail traffic reaches the firewall for thesecond time (on its way from the DMZ to the Internet), it has been encrypted.

Devices which scan SMTP traffic in a DMZ are usually configured in explicit proxy mode.

Preparing to installDeployment strategies for using the device in a DMZ 2


Configuration changes need only be made to the MX records for the mail servers.

NOTE: You can use transparent bridge mode when scanning SMTP within a DMZ. However, if you do notcontrol the flow of traffic correctly, the device scans every message twice, once in each direction. Forthis reason, explicit proxy mode is usually used for SMTP scanning.

Mail relay

Figure 2-7 Configuring as a mail relay

If you have a mail relay already set up in your DMZ, you can replace the relay with the device.

To use your existing firewall policies, give the device the same IP address as the mail relay.

Mail gateway

SMTP does not provide methods to encrypt mail messages — you can use Transport Layer Security(TLS) to encrypt the link, but not the mail messages. As a result, some companies do not allow suchtraffic on their internal network. To overcome this, they often use a proprietary mail gateway, such asLotus Notes® or Microsoft® Exchange, to encrypt the mail traffic before it reaches the Internet.

2 Preparing to installDeployment strategies for using the device in a DMZ


To implement a DMZ configuration using a proprietary mail gateway, add the scanning device to theDMZ on the SMTP side of the gateway.

Figure 2-8 Configuring as a mail gateway

In this situation, configure:

• The public MX records to instruct external mail servers to send all inbound mail to the device(instead of the gateway).

• The device to forward all inbound mail to the mail gateway, and deliver all outbound mail usingDNS or an external relay.

• The mail gateway to forward all inbound mail to the internal mail servers and all other (outbound)mail to the device.

• The firewall to allow inbound mail that is destined for the device only.

Firewalls configured to use Network Address Translation (NAT), and that redirect inbound mail tointernal mail servers, do not need their public MX records reconfigured. This is because they aredirecting traffic to the firewall rather than the mail gateway itself. In this case, the firewall must insteadbe reconfigured to direct inbound mail requests to the device.

System requirements Use this information to ensure that your host computer adheres to the system requirements forwhichever VMware virtual environment you choose.

See the VMware Knowledge Base article 1003661 available from http://www.vmware.com to get theminimum system requirements for VMware ESX or VMware ESXi 4.x. You need a computer that has a64bit x86 CPU.

Preparing to installSystem requirements 2



Additionally, ensure that the virtual machine where you will run meets the following minimum systemrequirements:

Item Specification

Processor Two virtual processors

Available virtual memory 2 GB

Free hard disk space 80 GB

If you plan to install McAfee Email Gateway Virtual Appliance in transparent bridge mode, you need tohave two external network interfaces on your physical VMware ESX host which are connected todifferent broadcast domains. For best performance, McAfee recommends that these two interfaces arenot shared with any other virtual machines on the same physical host. Connecting both interfaces of abridge to the same broadcast domain creates an STP loop in your network which can cause networkoutages.

Sample installation scenariosThis section contains information about installing the virtual appliance in different server configurations.

2 Preparing to installSample installation scenarios


Running the virtual appliance as the only virtual machine onthe hostA possible single server deployment of the virtual appliance on your chosen VMware virtual environment.

VMware vSphere or VMware vSphere Hypervisor are dedicated servers to the virtual appliance. Theirhardware specification must exceed the minimum hardware requirements outlined in the McAfee EmailGateway Performance Data Guidelines.

This example assumes you are installing the virtual appliance in the recommended explicit proxy mode.

Figure 2-9 Single server deployment

Preparing to installSample installation scenarios 2


Running the virtual appliance with other virtual machinesA possible deployment of the McAfee Email Gateway Virtual Appliance 7.0 on your chosen virtualenvironment alongside other virtual machines.

In this example, one VMware host is responsible for the virtual appliance as well as other virtualmachines, all of which run on the same hardware. Refer to the VMware website http://www.vmware.com for information on building a resource pool dedicated to the virtual appliance. Theresource pool must also have the minimum levels of CPU and memory allocated to it as stated in theMcAfee Email Gateway Performance Data Guidelines.

This example assumes you are installing the virtual appliance in the recommended explicit proxy mode.

Figure 2-10 Multiple server deployment

2 Preparing to installSample installation scenarios




3 Installing the McAfee Email GatewayVirtual Appliance

This information helps you to set up the virtual environment and install the McAfee Email GatewayVirtual Appliance 7.0 Virtual Appliance on it.

Contents

Overview of the virtual appliance installation process Installation best practices Task — Convert from a VMtrial installation Task — Download the installation software Task — Install the appliance on VMware vSphere Task — Improve performance on VMware vSphere Configure the virtual appliance Using the Configuration Console

Overview of the virtual appliance installation process This information provides a short overview of the steps needed to install the virtual appliance.

McAfee recommends that you install the virtual appliance in the following order:

1 Install your chosen VMware product.

2 Download the virtual appliance installation files.

3 Install the virtual appliance on the virtual environment.

4 Complete the graphical configuration wizard.

5 Log on to the virtual appliance.

6 Test the configuration.

7 Enable protocols.

Installation best practices This information gives some important considerations to your installation on VMware vSphere.

McAfee recommends that you read and act upon this information before you start theinstallation process.

3


• The virtual appliance is easiest to set up and maintain when it runs in the default explicit proxyoperating mode.

• Familiarize yourself with the information about creating clusters and resource pools. See theVMware website http://www.vmware.com.

• Use a Storage Area Network (SAN) rather than a Network File System (NFS) share to achieveoptimal performance.

• If you run the virtual appliance in either of the transparent modes:

• The VMware Distributed Resource Scheduler (DRS) and High Availability (HA) features maycause network interruptions if a failover takes place.

• Ensure that the virtual appliance NICs do not link to the same broadcast domain and that theirIP addresses are not in the same subnet to avoid network loops.

• Ensure that each network adapter on the virtual appliance is connected to a different physicalnetwork on the host computer.

• You will need at least three NICs in your VMware host. The virtual appliance needs two NICs andVMware recommend a dedicated NIC for the Service Console.

Task — Convert from a VMtrial installation Use this task to migrate any configuration settings from a McAfee Email Gateway Appliance (VMtrial)installation to the McAfee Email Gateway Virtual Appliance 7.0.

Task

1 From your VMtrial installation, select System | System Administration | Configuration Management.

2 Click Backup Configuration to save the configuration details.

3 Install the McAfee Email Gateway Virtual Appliance 7.0 software onto your chosen virtualenvironment.

4 Log on, and open the McAfee Email Gateway Virtual Appliance 7.0 software.

5 Select System | System Administration | Configuration Management, and click Restore From File.

You can also access restore configuration options from System | Setup Wizard.

6 Browse to the VMtrial configuration file you want to restore and click Open.

7 Select the parts of the file that you want to restore and click OK.

8 Check that the settings were imported successfully and apply the changes.

Task — Download the installation softwareUse this task to download the most up-to-date version of the McAfee Email Gateway software.

Before you begin

• Read your product installation guide.

• Get the McAfee grant ID number that you received when you purchased McAfee EmailGateway.

3 Installing the McAfee Email Gateway Virtual ApplianceTask — Convert from a VMtrial installation



McAfee provides the software as an OVA file for installing onto virtual environments.

Task

1 Go to the McAfee website http://www.mcafee.com. Hover your cursor over your business type andclick Downloads.

2 From My Products - Downloads, click Login.

3 Type the McAfee grant ID number that you received when you purchased McAfee Email Gateway,and click Submit.

4 From the list of products, select Email Gateway.

5 Agree to the license terms, select the latest version and download it.

McAfee recommends that you read the Release Notes that accompany the software image beforeyou continue with the installation.

Task — Install the appliance on VMware vSphere Use this task to install McAfee Email Gateway Virtual Appliance 7.0 onto a host computer runningVMware vSphere 4 or VMware vSphere Hypervisor (ESXi) 4.0.

Before you begin

• Ensure that you have configured VMware vSphere to work with your chosen operationalmode.

• Download the McAfee Email Gateway Virtual Appliance 7.0 package from the McAfeedownload site and extract it to a location where the VMware vSphere Client can see it.

• Install a fully licensed copy of VMware vSphere 4 or VMware vSphere Hypervisor (ESXi)4.

If you used the VMtrial product to test the software, you can save your VMtrial configuration andrestore it onto the virtual appliance when the installation is complete.

Task

1 Start the VMware vSphere Client application.

2 Log on to the VMware vSphere server, or the vCenter Server.

3 From the Inventory list, select the host or cluster onto which you want to import the virtual appliancesoftware.

4 Click File | Deploy OVF Template | Deploy From File, and click Browse to go to where downloaded the .OVA file.

5 Select McAfee-MEG-7.0-<build_number>.VMbuy.ova file, and click Open.

6 Click Next twice, and optionally type a new name.

7 Select the resource pool that you want to use if you have any configured.

8 Select the datastore that you want to use, and click Next.

9 Select the virtual networks to which the virtual appliance NICs will be connected.

Installing the McAfee Email Gateway Virtual ApplianceTask — Install the appliance on VMware vSphere 3


http://www.mcafee.com

10 Define the size of the data storage disk to increase the space allocated for quarantined, deferred,and logged items.

You cannot set a disk size smaller than the default 40GB.

11 Click Next, read the summary, then click Finish and wait for the import process to finish.

Task — Improve performance on VMware vSphere Use this task to potentially improve system performance in VMware vSphere environments bychanging the default hard disk, network adapter, memory, and CPU settings.

Task

1 To edit the hard disk settings:

a Check that the virtual machine is shut down.

b Right-click the virtual appliance in the Inventory list, and click Edit Settings.

In the Virtual Machine Properties dialog box, there are three hard disks available to thevirtual appliance:

• Hard disk 1 holds the virtual appliance installation files, and must not be removed or changed.

• Hard disk 2 is the main hard disk used by the virtual appliance. You can increase its size butMcAfee recommends that you do not reduce it.

• Hard disk 3 will hold the temporary swap space of the virtual appliance.

Putting the second and third hard disks on two separate datastores can potentially improveperformance.

2 To edit the memory and virtual CPU settings:

• Check that the virtual machine is shut down.

• Right-click the virtual appliance in the Inventory list, and click Edit Settings.

• In the Virtual Machine Properties dialog box, change the settings as necessary.

McAfee recommends that you do not reduce the settings to less than the default settings or therecommended virtual appliance system requirements.

After the appliance is installed, the disk size cannot be changed.

Configure the virtual appliance Use this task to configure the virtual appliance.

Before you begin

Ensure your virtual environment is installed and running correctly.

3 Installing the McAfee Email Gateway Virtual ApplianceTask — Improve performance on VMware vSphere


Task

1 Start the virtual appliance. The installation starts automatically.

2 Read the End-User License Agreement to continue with the installation, then click y to accept it andstart the installation.

3 At the installation menu, select a to perform a full installation and y to continue.

4 When the installation is complete, the virtual appliance restarts.

5 On the Welcome screen, choose the language that you want to use.

6 Accept the terms of the license agreement.

7 Configure the virtual appliance from the graphical configuration wizard.

8 Apply the configuration to the virtual appliance. Depending on the settings you entered, it mightrestart. You can install the virtual appliance on more than one VMware vSphere, VMware vSphereHypervisor, or VMware Player server. To do so:

a Follow the steps in this task on another VMware vSphere, VMware vSphere Hypervisor, orVMware Player server.

b Return to the previously installed virtual appliance user interface.

c Go to System | System Administration | Configuration Push to send the configuration details to thesecond virtual appliance.

Using the Configuration Console Understand how to use the configuration console to set up your McAfee® Email GatewayMcAfee EmailGateway.

You can now configure your McAfee® Email Gateway either from the Configuration Console, or from theSetup Wizard within the user interface.

The Configuration Console launches automatically at the end of the startup sequence after either:

• an unconfigured Email Gateway starts,

• or an Email Gateway is reset to its factory defaults.

When launched, the Configuration Console provides you with options to either configure your device inyour preferred language from the Email Gateway console, or provides instructions for you to connectto the Setup Wizard within the user interface from another computer on the same class C subnet. Bothmethods provide you with the same options to configure your Email Gateway.

From the Configuration Console, you can configure a new installation of the appliance software.However, to configure your appliance using a previously saved configuration file, you need to log ontothe appliance user interface, and run the setup Wizard (System | Setup Wizard).

This version of the software also introduces automatic configuration using DHCP for the followingparameters:

• Host name • DNS server

• Domain name • Leased IP address

• Default gateway • NTP server

Installing the McAfee Email Gateway Virtual ApplianceUsing the Configuration Console 3


Welcome Use this page to select the type of installation that you want to follow.

This is the first page of the Setup Wizard. Use this page to select the type of installation you want toperform.

• Standard Setup (default) — use this option to set up your device in transparent bridge mode, andconfigure it to protect your network. The SMTP protocol is enabled by default. You can choose toenable scanning of POP3 traffic.

Choosing Standard Setup forces the device to run in transparent bridge mode.

• Custom Setup — use this option to select the operating mode for your device. You can choose toprotect mail traffic using SMTP and POP3 protocols. You should use this if you need to configureIPv6 and to make other changes to the default configuration.

• Restore from a file — (not available from the Configuration Console) use this to set up your devicebased on a previously saved configuration. Following the import of the file you will be able to checkthe imported settings before finishing the wizard. If the file came from an earlier McAfee Email andWeb Security Appliance, some details are not available.

• ePolicy Orchestrator Managed Setup — use this to set up your device so that it can be managed by yourePolicy Orchestrator

®

(McAfee ePO™) server. Only minimal information is needed, as the device willget most of its configuration information from your ePolicy Orchestrator server.

• Encryption Only Setup — use this option to set up your appliance as a standalone encryption server.

The appliance operates in one of the following modes — transparent bridge, transparent router, orexplicit proxy. The mode affects how you integrate the appliance into your network and how theappliance handles traffic. You will need to change the mode only if you restructure your network.

Performing a Standard SetupUse this information to understand the purpose of the Standard Setup.

Standard Setup enables you to quickly set up your McAfee Email Gateway using the most commonoptions. Use this option to set up your device in transparent bridge mode, and configure it to protectyour network. The SMTP protocol is enabled by default. You can choose to enable scanning of POP3traffic.

Choosing Standard Setup forces the device to run in transparent bridge mode.

For the Standard Setup, the wizard includes these pages:

• Email Configuration

• Basic Settings

• Summary

3 Installing the McAfee Email Gateway Virtual ApplianceUsing the Configuration Console


Email Configuration page (Standard Setup)This information describes the options available on this page.

Option Definition

Enable protection againstPotentially Unwanted Programs

Click to activate protection against Potentially Unwanted Programs. Readthe advice from McAfee about the effects that activating this protectioncan have.

Enable McAfee Global ThreatIntelligence feedback

Select this option to enable McAfee Global Threat feedback.

Click What is this? to read about how the feedback is used, and view theMcAfee Privacy Policy.

Local relay domain Enter both the IP address and netmask for your local relay domain.

Basic Settings page (Standard Setup)Use this page in the Standard Setup wizard, to specify basic settings for the appliance in transparentbridge mode.

Option Definition

Device name Specifies a name, such as appliance1.

Domain name Specifies a name, such as domain1.com.

IP address Specifies an address, such as 198.168.200.10.

The fully qualified domain name (Device name.Domain name) must resolve to this IPaddress when the DNS server (specified here) is called. We recommend that this IPaddress resolves to the FQDN in a reverse lookup.

Subnet Specifies a subnet address, such as 255.255.255.0.

Gateway Address Specifies an address, such as 198.168.10.1. This is likely to be a router or afirewall. You can test later that the appliance can communicate with this device.

DNS Server IP Specifies the address of a Domain Name Server that the appliance uses to convertwebsite addresses to IP addresses. This can be an Active Directory or a DomainName Service server. You can test later that the appliance can communicate withthis server.

Mode Specifies the mode — Transparent Bridge, Transparent Router or Explicit Proxy.

User ID The scmadmin user is the super administrator. You cannot change or disable thisaccount and the account cannot be deleted. However, you can add more loginaccounts after installation.

Current Password/New Password

The original default password is password. Specify the new password. Change thepassword as soon as possible to keep your appliance secure.

You must type the new password twice to confirm it.

Appliance Timezone

Specifies the time zone of the appliance. You might need to set this twice each yearif your region observes daylight saving time. The zones are organized from west toeast to cover mid-Pacific, America, Europe, Asia, Africa, India, Japan, and Australia.

Appliance Time(UTC)

Specifies the date and UTC time for the appliance. To select the date, click thecalendar icon. You can determine the UTC time from websites such as http://www.worldtimeserver.com.

Set Now When clicked, applies the date and UTC time that you specified in this row.

Client Time Displays the time according to the client computer from which your browser iscurrently connected to the appliance.



Option Definition

Synchronizeappliance with client

When selected, the time in the Appliance Time (UTC) immediately takes its value fromClient Time. You can use this checkbox as an alternative to manual setting of ApplianceTime (UTC). The appliance calculates the UTC time based on the time zone that it findson the client's browser.

Ensure that the client computer is aware of any daylight savings adjustments. To findthe setting on Microsoft Windows, right-click the time display in the bottom rightcorner of the screen.

NTP server address To use Network Time Protocol (NTP) , specify the server address.

Alternatively, you can configure NTP later.

Summary page (Standard Setup)Use this page in the Standard Setup wizard, to review a summary of the settings that you have madefor the network connections and scanning of the network traffic.

To change any value, click its blue link to display the page where you originally typed the value.

After you click Finish, the setup wizard has completed, and the appliance is configured as a transparentbridge.

Use the IP address shown here to access the interface. For example https://192.168.200.10.

The address begins with https, not http.

When you first log on to the interface, type the user name, admin and the password that you gave onthe Basic Settings page.

Table 3-1 Basic settings

Option Definition

The value is set according to best practice.

The value is probably not correct. Although the value is valid, it is not set according to bestpractice. Check the value before continuing.

No value has been set. The value has not been changed from the default. Check the valuebefore continuing.

Performing a Custom Setup Use this information to understand the purpose of the custom setup.

Use the Custom Setup to give you greater control in the options that you can select, including theoperating mode for your device. You can choose to protect mail traffic using SMTP and POP3 protocols.You should use this configuration option if you need to configure IPv6 and to make other changes tothe default configuration.

For the Custom Setup, the wizard includes these pages:

• Email Configuration • DNS and Routing

• Basic Settings • Time Settings

• Network Settings • Password

• Cluster Management • Summary



Basic Settings page (Custom Setup)Use this page when selecting the Custom Setup wizard, to specify basic settings for the appliance.

The appliance tries to provide some information for you, and shows the information highlighted inamber. To change the information, click and retype.

Option Definition

Cluster mode Defines the options that appear on the Cluster Management page of the Setup Wizard.

• Off — This is a standard appliance.

• Cluster Scanner — The appliance receives its scanning workload from a master appliance.

• Cluster Master — The appliance controls the scanning workload for several otherappliances.

• Cluster Failover — If the master fails, this appliance controls the scanning workloadinstead.



Default Gateway Specifies an IPv4 address, such as 198.168.10.1. You can test later that the appliancecan communicate with this server.

Next Hop Router Specifies an IPv6 address, such as FD4A:A1B2:C3D4::1.

Network Interface Becomes available when you set the Next Hop Router for IPv6.

Network Settings pageUse these options to view and configure the IP address and network speeds for the appliance. You canuse IPv4 and IPv6 addresses, separately or in combination.

To prevent duplication of IP addresses on your network and to deter hackers, give the appliance newIP addresses, and disable the default IP addresses. The IP addresses must be unique and suitable foryour network. Specify as many IP addresses as you need.

Option Definition

<mode> The operating mode that you set during installation or in the Setup Wizard

Network Interface 1 Expands to show the IP address and netmask associated with Network Interface1, the auto-negotiation state, and the size of the MTU.

Network Interface 2 Expands to show the IP address and netmask associated with Network Interface2, the auto-negotiation state, and the size of the MTU

Change NetworkSettings

Click to open the Network Interface Wizard to specify the IP address and adaptersettings for NIC 1 and NIC 2, and change the chosen operating mode.

View Network InterfaceLayout

Click to see the <?> associated with LAN1, LAN2, and the out of band interface

Network Interfaces Wizard Use the Network Interfaces Wizard to change the chosen operating mode, and specify the IP addressand adapter settings for NIC 1 and NIC 2.

The options you see in the Network Interfaces Wizard depend on the operating mode. On the firstpage of the wizard, you can choose to change the operating mode for the appliance. You can changethe settings by clicking Change Network Settings to start a wizard. Click Next to progress through the wizard.

In Explicit Proxy mode, some network devices send traffic to the appliances. The appliance thenworks as a proxy, processing traffic on behalf of the devices.



In Transparent Router or Transparent Bridge mode, other network devices, such as mail servers,are unaware that the appliance has intercepted and scanned the email before forwarding it. Theappliance's operation is transparent to the devices.

If you have a standalone appliance running in transparent bridge mode, you will have the option to adda bypass device in case the appliance fails.

If the appliance is operating in Transparent Bridge mode, and the Spanning Tree Protocol (STP) isrunning on your network, make sure that the appliance is configured according to STP rules.Additionally, you can set up a bypass device in transparent bridge mode.

Network Interfaces Wizard — Explicit Proxy modeUse the Network Interfaces Wizard to change the chosen operating mode, and specify the IP addressand adapter settings for NIC 1 and NIC 2.

This version of the Network Interfaces Wizard becomes available when you select the Explicit Proxymode.

Specify the details for Network Interface 1, then use the Next button to set details for Network Interface2 as necessary.

Network Interface 1 or Network Interface 2 page

Option Definition

IP Address Specifies network addresses to enable the appliance to communicate with yournetwork. You can specify multiple IP addresses for the appliance’s network ports. TheIP address at the top of a list is the primary address. Any IP addresses below it arealiases.

You must have at least one IP address in both Network Interface 1 and NetworkInterface 2. However, you can deselect the Enabled option next to any IP addresses thatyou do not wish to listen on.

Network Mask Specifies the network mask. In IPv4, you can use a format such as 255.255.255.0, orCIDR notation, such as 24. In IPv6, you must use the prefix length, for example, 64.

Enabled When selected, the appliance accepts connections on the IP address.

Virtual When selected, the appliance treats this IP address as a virtual address.

This option only appears in cluster configurations, or on a McAfee Content SecurityBlade Server.



Option Definition

New Address/Delete SelectedAddresses

Add a new address, or remove a selected IP address.

NIC 1 AdapterOptions or NIC2 AdapterOptions

Expand to set the following options:

• MTU size — specifies the Maximum Transmission Unit (MTU) size. The MTU is themaximum size (expressed in bytes) of a single unit of data (for example, anEthernet Frame) that can be sent over the connection. The default value is 1500 bytes.

• Autonegotiation state — either:

• On — allows the appliance to negotiate the speed and duplex state forcommunicating with other network devices.

• Off — allows you to select the speed and duplex state.

• Connection speed — provides a range of speeds. Default value is 100MB.

This value is fixed at 1GB for fiber-connected systems.

• Duplex state — provides duplex states. Default value is Full duplex.

• Enable IPv6 auto-configuration — Select this option to allow the appliance to automaticallyconfigure its IPv6 addresses and IPv6 default next-hop router, by receiving RouterAdvertisement messages sent from your IPv6 router.

This option is unavailable by default if your appliance is running in transparent routermode, or is part of a cluster configuration, or running as part of a Blade Serverinstallation.

Network Interfaces Wizard — Transparent Router modeUse the Network Interfaces Wizard to change the chosen operating mode, then specify the IP addressand adapter settings for NIC 1 and NIC 2.

Network Interface 1 or Network Interface 2 pages

Option Definition

IP Address Specifies network addresses to enable the appliance to communicate with yournetwork. You can specify multiple IP addresses for the appliance’s ports. The IPaddress at the top of a list is the primary address. Any IP addresses below it arealiases.

Network Mask Specifies the network mask, for example: 255.255.255.0. In IPv4, you can use aformat such as 255.255.255.0, or CIDR notation, such as 24. In IPv6, you must usethe prefix length, for example, 64.

Enabled When selected, the appliance accepts connections on that IP address.

Virtual When selected, the appliance treats this IP address as a virtual address. This optiononly appears in cluster configurations, or on a McAfee Content Security Blade Server.



Option Definition



NIC 1 AdapterOptions or NIC2 AdapterOptions


• MTU size — Specifies the Maximum Transmission Unit (MTU) size. The MTU is themaximum size (expressed in bytes) of a single unit of data (for example, anEthernet Frame) that can be sent over the connection. The default value is 1500 bytes.







• Enable IPv6 auto-configuration — Select this option to allow the appliance automaticallyconfigure its IPv6 addresses and IPv6 default next-hop router, by receiving RouterAdvertisement messages sent from your IPv6 router.


• Enable sending IPv6 router advertisements on this interface — When enabled, allows IPv6 routeradvertisements to be sent to machines on the sub-net that require a routerresponse to complete auto-configuration.

Network Interfaces Wizard — Transparent Bridge modeUse the Network Interfaces Wizard to change the chosen operating mode, and specify the IP addressand adapter settings for NIC 1 and NIC 2.

Specify the details for the Ethernet Bridge, then use the Next button to set details for the Spanning TreeProtocol and Bypass Device as necessary.

Option definitions — Ethernet Bridge page

Option Definition

Select all Click to select all the IP addresses.

IP Address Specifies network addresses to enable the appliance to communicate with yournetwork. You can specify multiple IP addresses for the appliance’s ports. The IPaddresses are combined into one list for both ports. The IP address at the top of a listis the primary address. Any IP addresses below it are aliases.

Use the Move links to reposition the addresses as necessary.

Network Mask Specifies the network mask, for example: 255.255.255.0. In IPv4, you can use aformat such as 255.255.255.0, or CIDR notation, such as 24. In IPv6, you must usethe prefix length, for example, 64.

Enabled When selected, the appliance accepts connections on that IP address.



Option Definition



NIC AdapterOptions


• MTU size — specifies the Maximum Transmission Unit (MTU) size. The MTU is themaximum size (expressed in bytes) of a single unit of data (for example, an EthernetFrame) that can be sent over the connection. The default value is 1500 bytes.







• Enable IPv6 auto-configuration — select this option to allow the appliance to automaticallyconfigure its IPv6 addresses and IPv6 default next-hop router, by receiving RouterAdvertisement messages sent from your IPv6 router.


Option definitions — Spanning Tree Protocol Settings page

Option Definition

Enable STP STP is enabled by default.

Bridge priority Sets the priority for the STP bridge. Lower numbers have a higher priority. Themaximum number that you can set is 65535.

Advancedparameters

Expand to set the following options. Change the settings only if you understand thepossible effects, or you have consulted an expert:

• Forwarding delay • Garbage collection interval (seconds)

• Hello interval (seconds) • Ageing time (seconds)

• Maximum age (seconds)

Option definitions — Bypass Device Settings page

Option Definition

The bypass device inherits settings from those you entered in NIC Adapter Options

.

Select bypass device Choose from two supported devices.

Watchdog timeout(seconds)

For the bypass device, the time, in seconds, that can elapse before the systembypasses the appliance.



Option Definition

Heartbeat interval(seconds)

Set to monitor heartbeat by default.

Advancedparameters

This option becomes active when you select a bypass device.

• Mode — choose to monitor the heartbeat or the heartbeat and the link activity.

• Link activity timeout (seconds) — becomes active when you select Monitor heartbeat and linkactivity in Mode

• Enable buzzer — enabled by default. If the bypass device fails to detect theheartbeat signal for the configured Watchdog timeout, the buzzer sounds.

Cluster Management pageUse this page to specify cluster management balancing requirements.

Depending on the cluster mode you selected on the Basic Settings page, the options that appear on theCluster Management page change.

Cluster Management Configuration (Standard appliance)

Do not use. Cluster management is disabled.

Cluster Management (Cluster Scanner)

Option Definition

Cluster identifier If you have more than one cluster or McAfee Content Security Blade Server on thesame subnet, assign each a different Cluster identifier to ensure the clusters do not conflict.

The allowable range is 0-255.

Cluster Management (Cluster Master)

In explicit proxy mode or transparent router mode, you can enable failover between two appliances in acluster by assigning a virtual IP address to this appliance and configuring another appliance as a ClusterFailover appliance using the same virtual address. In transparent bridge mode, this is achieved bysetting a high STP priority for this appliance and configuring another appliance as a Cluster Failoverappliance with a lower STP priority.

Option Definition

Cluster identifier If you have more than one cluster or McAfee Content Security Blade Server onthe same subnet, assign each a different Cluster identifier to ensure the clusters donot conflict.


Address to use for loadbalancing

Specifies the appliance address.

Enable scanning on thisappliance

If not selected, this appliance distributes all scanning workload to the scanningappliances.

For a cluster of appliances, if you have only a master and a failover appliance,with both configured to scan traffic, the master will send most connections tothe failover appliance for scanning.

Option definitions — Advanced scanning device settings



Use this area for fine-grained control of attached scanning devices. You can also configure the devicesto share hard disk space for the storage of Secure Web Mail Messages. Devices in a cluster areidentified by their MAC (Media Access Control) addresses. When you add a MAC address to the tableyou may opt to disable it, meaning that scanning requests will not be sent to the device, and sharehard disk space.

Option Definition

MAC Address Specifies the device's Media Access Control (MAC) address as 12 hexadecimaldigits in the format: A1:B2:C3:D4:E5:F6.

Disabled Select to remove this device from the pool of scanning devices.

Add MAC Address Click to add the MAC address of a new device.

Manage MAC Addresses Opens the MAC Addresses dialog box that enables you to manage the list ofavailable MAC addresses.

Although you can add the MAC addresses of management and failover devices to this table, they alwayscontribute hard disk space for Secure Web Mail messages and cannot be disabled.

Cluster Management (Cluster Failover)

Option Definition


Specifies the appliance address. Provides a list of all subnets assigned to theappliance.



Enable scanning onthis appliance


For a cluster of appliances, if you have only a master and a failover appliance,with both configured to scan traffic, the master will send most connections to thefailover appliance for scanning.

DNS and Routing pageUse this page to configure the appliance's use of DNS and routes.

Domain Name System (DNS) servers translate or "map" the names of network devices into IPaddresses (and the reverse operation). The appliance sends requests to DNS servers in the order thatthey are listed here.



DNS server addresses

Option Definition

Server Address Displays the IP addresses of the DNS servers. The first server in the list must be yourfastest or most reliable server. If the first server cannot resolve the request, theappliance contacts the second server. If no servers in the list can resolve the request,the appliance forwards the request to the DNS root name servers on the Internet.

If your firewall prevents DNS lookup (typically on port 53), specify the IP address of alocal device that provides name resolution

New Server/Delete SelectedServers

Adds a new server to the list, or removes one when, for example, when you need todecommission a server due to network changes.

Only sendqueries to theseservers

Selected by default. McAfee recommends that you leave this option selected because itmight speed up DNS queries as the appliance sends the queries to the specified DNSservers only. If they don't know the address, they go to the root DNS servers on theInternet. When they get a reply, the appliance receives it and caches the response sothat other servers that query that DNS server can get an answer more quickly.

If you deselect this option, the appliance first tries to resolve the requests, or mightquery DNS servers outside your network.

Routing Settings

Option Definition

Network Address Type the network address of the route.

Mask Specifies how many hosts are on your network, for example, 255.255.255.0.

Gateway Specifies the IP address of the router used as the next hop out of the network. Theaddress 0.0.0.0 (IPv4), or :: (IPv6) means that the router has no default gateway.

Metric Specifies the preference given to the route. A low number indicates a high preferencefor that route.

New Route /Delete SelectedRoutes

Add a new route to the table, ore remove routes. Use the arrows to move routes upand down the list. The routes are chosen based on their metric value.

Enable dynamicrouting

Use this option in transparent router mode only. When enabled, the appliance can:

• receive broadcast routing information received over RIP (default) that it applies itsrouting table so you don't have to duplicate routing information on the appliancethat is already present in the network.

• broadcast routing information if static routes have been configured through theuser interface over RIP.

Email Configuration page (Custom Setup)This information describes the options available on this page.

Initial email configuration

Option Definition

Enable protection against PotentiallyUnwanted Programs...

Click to activate protection against Potentially Unwanted Programs.Read the advice from McAfee about the effects that activating thisprotection can have.

Enable McAfee Global Threat Intelligencefeedback

Click What is this? to read about how the feedback is used, and viewthe McAfee Privacy Policy.

Scan SMTP traffic / Scan POP3 traffic Both protocols are selected by default. Deselect a protocol toprevent scanning occurring.



Option definitions — Domains for which the appliance will accept or refuse email

Use these options to define how the appliance will relay email. After you complete the Setup Wizard,you can manage the domains from Email | Email Configuration | Receiving Email

Option Definition

Domain Name/NetworkAddress/MXRecord

Displays the domain names, wildcard domain names, network addresses, and MXlookups from which the appliance will accept or refuse email.

Type • Domain name — for example, example.dom. The appliance uses this to compare therecipient's email address and compare the connection against an A record lookup.

• Network Address — for example, 192.168.0.2/32 or 192.168.0.0/24. The applianceuses this to compare the recipient's IP literal email address such asuser@[192.168.0.2], or the connection.

• MX Record Lookup — for example, example.dom. The appliance uses this to compare theconnection against an MX record lookup.

• Wildcard domain name — for example, *.example.dom. The appliance only uses thisinformation to compare the recipients email address.

Category • Local domain

• Permitted domain

• Denied domain

Add Domain Click to specify the domains that can relay messages through the appliance to therecipient. Choose from:

• Local domain — These are the domains or networks for which email is accepted fordelivery. For convenience, you can import a list of your local domain names using theImport Lists and Export Lists options. McAfee recommends that you add all domains ornetworks that are allowed to relay messages as local domains.

• Permitted domain — Email is accepted. Use permitted domains to manage exceptions.

• Denied domain — Email is refused. Use denied domains to manage exceptions.

Hold your mouse cursor over the field to see the recommended format.

You must set up at least one local domain.

Add MXLookup

Click to specify a domain that the appliance will use to identify all mail server IPaddresses from which it will deliver messages.

DeleteSelected Items

Remove the selected item from the table. You must apply the changes before the item iscompletely removed from the appliance configuration.

Option definitions — Domain Routing

Configure hosts that the appliance will use to route email. After you complete the Setup Wizard, youcan manage the domains from Email | Email Configuration | Sending Email.



Option Definition

Domain name /NetworkAddress / MXRecord

Displays a list of domains.

This list allows you to specify specific relays/sets of relays to be used to delivermessages destined for specific domains. Domains can be identified using exactmatches, or using pattern matches such as *.example.com.

To specify multiple relays for a single domain, separate each with a space.

If the first mail relay is accepting email, all email is delivered to the first relay. If thatrelay stops accepting email, subsequent email is delivered to the next relay in the list.







• Denied domain

Add Relay List Click to populate the Known domains and relay hosts table with a list of host names, or IPaddresses for delivery. Delivery will be attempted in the order specified unless youselect the Round-robin the above hosts option which will distribute the load between thespecified hosts.

Host names/IP addresses may include a port number.

Add MX Lookup Click to populate the Known domains and relay hosts table with an MX record lookup todetermine the IP addresses for delivery.

Delivery will be attempted to host names returned by the MX lookup in the order ofpriority given by the DNS server.

Delete SelectedItems

Remove the selected item from the table. You must apply the changes before the itemis completely removed from the appliance configuration.

Enable DNSlookup fordomains notlisted above

If selected, the appliance uses DNS to route email for other, unspecified domains. DNSdelivery attempts an MX-record lookup. If there are no MX records, it does an A-recordlookup.

If you deselect this checkbox, the appliance delivers email only to the domains that arespecified under Known domains and relay hosts.



Time Settings pageUse this page to set the time and date, and any details for the use of the Network Time Protocol (NTP).

Option Definition

Appliance TimeZone

Specifies the time zone of the appliance. You might need to set this twice each yearif your region observes daylight saving time.

Appliance Time(UTC)




Synchronizeappliance withclient



Enable NTP When selected, accepts NTP messages from a specified server or a networkbroadcast. NTP synchronizes timekeeping among devices in a network. SomeInternet Service Providers (ISPs) provide a timekeeping service. Because NTPmessages are not sent often, they do not noticeably affect the appliance'sperformance.

Enable NTP clientbroadcasts

When selected, accepts NTP messages from network broadcasts only. This method isuseful on a busy network but must trust other devices in the network.

When deselected, accepts NTP messages only from servers specified in the list.

NTP Server Displays the network address or a domain name of one or more NTP servers that theappliance uses. For example, time.nist.gov.

If you specify several servers, the appliance examines each NTP message in turn todetermine the correct time.

New Server Type the IP address of a new NTP Server.

Password pageUse this page to specify a password for the appliance.

For a strong password, include letters and numbers. You can type up to 15 characters.

Option Definition

User ID This is admin. You can add more users later.

Password Specifies the new password. Change the password as soon as possible to keep yourappliance secure.

You must enter the new password twice to confirm it. The original default password ispassword.

Summary pageReview a summary of the settings that you have made for the network connections and scanning ofthe email traffic.




After you click Finish, the Setup Wizard has completed.

Use the IP address shown here to access the interface. For example https://192.168.200.10. Theaddress starts with https, not http.

If you have configured your McAfee® Email Gateway to provide Secure Web Mail, then you need toaccess the appliance using port 10443. So, using the example above, you would need to enter https://192.168.200.10:10443.

When you first log on to the interface, type the user name, admin and the password that you gave onthe Password page.


Option Definition




Restoring from a fileUse this information to understand the purpose of restoring from a file

When configuring your device from the Setup Wizard within the user interface, using the Restore from a fileoption enables you to import previously saved configuration information and apply it to your device.After this information has been imported you can make changes before applying the configuration.

The Restore from a file option is not available from within the Configuration Console. To make use of this option,you must log into the McAfee Email Gateway and select Restore from a file from the System | Setup Wizard menu.

Once the configuration information has been imported, you are taken to the Custom Setup options withinthe Setup Wizard (see Performing a custom setup.) All imported options are shown on the wizard pages,giving you the opportunity to make any amendments before applying the configuration.

When using the Restore from a file option, the wizard includes these pages:

• Import Config

• Values to Restore

Once this information has been loaded, you are then taken to the Custom Setup pages, so that you canmake further changes before applying the new configuration:

• Email Configuration • DNS and Routing

• Basic Settings • Time Settings

• Network Settings • Password

• Cluster Management • Summary

Basic Settings page (Custom Setup)Use this page when selecting the Custom Setup wizard, to specify basic settings for the appliance.




Option Definition



• Cluster Scanner — The appliance receives its scanning workload from a master appliance.


• Cluster Failover — If the master fails, this appliance controls the scanning workloadinstead.



Default Gateway Specifies an IPv4 address, such as 198.168.10.1. You can test later that the appliancecan communicate with this server.



Cluster Management pageUse this page to specify cluster management balancing requirements.

Depending on the cluster mode you selected on the Basic Settings page, the options that appear on theCluster Management page change.




Option Definition







Option Definition








Option definitions — Advanced scanning device settings

Use this area for fine-grained control of attached scanning devices. You can also configure the devicesto share hard disk space for the storage of Secure Web Mail Messages. Devices in a cluster areidentified by their MAC (Media Access Control) addresses. When you add a MAC address to the tableyou may opt to disable it, meaning that scanning requests will not be sent to the device, and sharehard disk space.

Option Definition

MAC Address Specifies the device's Media Access Control (MAC) address as 12 hexadecimaldigits in the format: A1:B2:C3:D4:E5:F6.

Disabled Select to remove this device from the pool of scanning devices.

Add MAC Address Click to add the MAC address of a new device.

Manage MAC Addresses Opens the MAC Addresses dialog box that enables you to manage the list ofavailable MAC addresses.

Although you can add the MAC addresses of management and failover devices to this table, they alwayscontribute hard disk space for Secure Web Mail messages and cannot be disabled.


Option Definition










DNS and Routing pageUse this page to configure the appliance's use of DNS and routes.



Option Definition



New Server/Delete SelectedServers





Routing Settings

Option Definition






Add a new route to the table, ore remove routes. Use the arrows to move routes upand down the list. The routes are chosen based on their metric value.








Option Definition

Appliance TimeZone


Appliance Time(UTC)














Password pageUse this page to specify a password for the appliance.


Option Definition


Password Specifies the new password. Change the password as soon as possible to keep yourappliance secure.

You must enter the new password twice to confirm it. The original default password ispassword.

Summary pageReview a summary of the settings that you have made for the network connections and scanning ofthe email traffic.









Option Definition




Encryption Only SetupUse this information to understand the purpose of the Encryption Only setup options.

For small-to-medium sized organizations, it is often sufficient to use the same McAfee Email Gatewayto carry out your email scanning tasks and also your email encryption tasks.

However, if you are part of a larger organization, or you work in an industry that requires that all, or ahigh percentage, of your email messages must be delivered in a secure way, then you may want toconfigure one or more of your McAfee Email Gateway appliances as stand-alone Encryption-only servers.

In this situation, the Encryption Only Setup options within the Setup Wizard provide you with the relevantsettings needed for Encryption only use.

For the Encryption Only Setup, the wizard includes these pages:

Email Configuration page (Encryption Only Setup)Define how the appliance will relay email and configure the hosts that the appliance will use to routeemail.

Domains for which the appliance will accept or refuse email

After you complete the Setup Wizard, you can manage the domains from Email | Email Configuration |Receiving Email .



Option Definition

Domain Name/ NetworkAddress / MXRecord

Displays the domain names, wildcard domain names, network addresses, and MXlookups from which the appliance will accept or refuse email.


• Network Address — for example, 192.168.0.2/32 or 192.168.0.0/24. The appliance usesthis to compare the recipient's IP literal email address such as user@[192.168.0.2],or the connection.





• Denied domain

Add Domain Click to specify the domains that can relay messages through the appliance to therecipient. Choose from:

• Local domain — These are the domains or networks for which email is accepted fordelivery. For convenience, you can import a list of your local domain names using theImport Lists and Export Lists options. McAfee recommends that you add all domains ornetworks that are allowed to relay messages as local domains.

• Permitted domain — Email is accepted. Use permitted domains to manage exceptions.

• Denied domain — Email is refused. Use denied domains to manage exceptions.

Hold your mouse cursor over the field to see the recommended format.

You must set up at least one local domain.

Add MX Lookup Click to specify a domain that the appliance will use to identify all mail server IPaddresses from which it will deliver messages.



Domain Routing

After you complete the Setup Wizard, you can manage the domains from Email | Email Configuration |Sending Email .



Option Definition

Domain Displays a list of domains.



• MX record lookup — for example, example.dom. The appliance uses this to compare theconnection against an MX record lookup.


Relay List/MXRecord

Displays either the Relay List of the MX record for the selected domain.

Add Relay List Click to populate the Known domains and relay hosts table with a list of hostnames, or IP addresses for delivery. Delivery will be attempted in the order specifiedunless you select the Round-robin the above hosts option which will distribute theload between the specified hosts.

Host names/IP addresses may include a port number.

Add MX Lookup Click to populate the Known domains and relay hosts table with an MX recordlookup to determine the IP addresses for delivery.

Delivery will be attempted to host names returned by the MX lookup in the order ofpriority given by the DNS server.



Enable DNSlookup fordomains notlisted above.

If selected, the appliance uses DNS to route email for other, unspecified domains. DNSdelivery attempts an MX-record lookup. If there are no MX records, it does an A-recordlookup.

If you deselect this checkbox, the appliance delivers email only to the domains that arespecified under

Known domains and relay hosts

.

Basic Settings page (Encryption Only Setup) Use this page when selecting the Encryption Only Setup Wizard, to specify basic settings for theappliance.




Option Definition



• Cluster Scanner — The appliance receives its scanning workload from a masterappliance.


• Cluster Failover — If the master fails, this appliance controls the scanningworkload instead.



Default Gateway Specifies an IPv4 address, such as 198.168.10.1. You can test later that theappliance can communicate with this server.



Select management port Specifies the port that manages the gateway. By default, McAfee Email Gatewayuses port 10443.

Network Settings page (Encryption Only Setup)Use these options to view and configure the IP address and network speeds for McAfee Email Gatewayas an encryption only appliance. You can use IPv4 and IPv6 addresses, separately or in combination.

To prevent duplication of IP addresses on your network and to deter hackers, give the appliance newIP addresses, and disable the default IP addresses. The IP addresses must be unique and suitable foryour network. Specify as many IP addresses as you need.

Option Definition

<mode> The operating mode that you set during installation or in the Setup Wizard.



Change NetworkSettings

Click to open the Network Interface Wizard to specify the IP address and adaptersettings for NIC 1 and NIC 2, and change the chosen operating mode.

View Network InterfaceLayout

Click to see the <?> associated with LAN1, LAN2, and the out of band interface.

Cluster Management page (Encryption Only Setup)Use cluster management to specify load balancing requirements.

Depending on the cluster mode you selected on the Basic Settings page, the options that appear onthe Cluster Management page change.






Option Definition





Option Definition









Option Definition








DNS and Routing page (Encryption Only Setup)Use this page to configure the appliance's use of DNS and routes.





Option Definition



New Server /Delete SelectedServers





Routing Settings

Option Definition






Add a new route to the table, or remove routes. Use the arrows to move routes upand down the list. The routes are chosen based on their metric value.






Option Definition

Appliance TimeZone


Appliance Time(UTC)






Option Definition











Password page (Encryption Only Setup)Specify a password for the appliance.


Option Definition


Current Password The existing password. The original default password is password. Changethe password as soon as possible to keep your appliance secure.

New Password / Confirm NewPassword

Specifies the new password.

You must enter the new password twice to confirm it.

Summary page (Encryption Only Setup)Review a summary of the settings that you have made for the network connections and scanning ofthe email traffic.









Option Definition






4 A tour of the Dashboard

This section describes the Dashboard page, and how to edit its preferences.

The DashboardThe Dashboard provides a summary of the activity of the appliance.

Dashboard

Use this page to access most of the pages that control the appliance.

On a cluster master appliance, use this page also to see a summary of activity on the cluster ofappliances.

4


Benefits of using the DashboardThe Dashboard provides a single location for you to view summaries of the activities of the appliancethrough a series of portlets.

Figure 4-1 Dashboard portlets

Some portlets display graphs that show appliance activity over the following periods of time:

• 1 hour • 2 weeks

• 1 day (the default) • 4 weeks

• 1 week

Within the Dashboard, you can make some changes to the information and graphs displayed:

•Expand and collapse the portlet data using the and icons in the portlet's top right-hand corner

• Drill down to specific data using the and icons

• See a status indicator that shows whether the item needs attention:

• — Healthy. The reported items is functioning normally

• — Requires Immediate Attention. A critical threshold has been exceeded

• — Disabled. A service is not enabled

•Use and to zoom in and zoom out of a timeline of information. There is a short delaywhile the view is updated. By default, the dashboard shows data relating to the previous one day.

• Move a portlet to another location on the Dashboard

4 A tour of the DashboardThe Dashboard


• Double-click the top bar of a portlet to expand it across the top of the Dashboard

• Set your own alert and warning thresholds to trigger events. To do so, highlight the item and clickit, edit the alert and warning threshold fields, and click Save. When the item exceeds the thresholdyou set, an event is triggered.

Depending on the browser used to view the McAfee Email Gateway user interface, the Dashboard"remembers" the current state of each portlet (whether it is expanded or collapsed, and if you havedrilled down to view specific data) and attempts to recreate that view if you navigate to another pagewithin the user interface and then return to the Dashboard within the same browsing session.

Dashboard panesThis topic discusses the panes found on the dashboard within the user interface of your Email Gateway.

Option Definition

Email Detectionsand WebDetections

Displays the number of detections under each protocol. Click Edit to change the view inthis window. Although you can choose not to display information about a protocol, theappliance continues to scan that traffic

System Health Displays the status of important components and lets you change the settings ofrecommended system configuration changes:

• For Updates, a green checkmark indicates that the components will update itselfautomatically. To make a manual update, click the blue link

• For other components, a green checkmark indicates that the component is operatingwithin acceptable limits. For more information, click the blue links

• To adjust the levels at which the warning and alert icons appear, and to change whatthe recommended configuration changes dialog box displays, click Edit

Currentdetection rates

Displays the status of important detections by the appliance, using icons

Network Displays the number of connections under each protocol. Although you can deselect aprotocol after clicking Edit, the appliance continues to handle that traffic

Email Queues Displays the number of items, and the number of recipients for each queued item inthe Queued, Quarantined, and Release requests queues maintained by the appliance,using icons. To visit the pages that manage the queues, click the blue links. To quicklysearch through email in the queues, click Quick search

ScanningPolicies

Displays a list of the policies that the appliance is applying. Although you can deselecta protocol after clicking Edit, the appliance continues to apply policies to that traffic. Toview the scanning policies or add more policies, click the blue links

Tasks Displays a list of common tasks. To remove or reorganize the tasks, click Edit

Load balancing On a master cluster appliance, displays the state of the cluster of appliances. Tochange the settings of the meter, click Edit

Graphs ... Displays graphs that show appliance activity over time. Although you can deselect aprotocol after clicking Edit, the appliance continues to monitor that traffic

A tour of the DashboardThe Dashboard 4


5 Testing the configuration

This information describes how to test that the appliance is functioning correctly after installation.

Contents

Task — Test connectivity Task — Update the DAT files Task — Test mail traffic and virus detection Task — Test spam detection

Task — Test connectivityUse this task to confirm basic connectivity.

The McAfee Email Gateway checks that it can communicate with the gateway, update servers and DNSservers. It also confirms that the appliance name and domain name are valid.

Task

1 From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from theTasks area.

2 Select the Tests tab.

3 Click Start Tests.

Each test should return positively.

Task — Update the DAT filesUse this task to ensure that the McAfee Email Gateway has the most up-to-date detection definition(DAT) files. We recommend updating them before you configure the scanning options.

As you progress using the McAfee Email Gateway, you can choose to update individual types ofdefinition file and change the default scheduled updates to suit your requirements.

Task

1 Select System | Component Management | Update Status .

2 To update the anti-virus engine and anti-virus database, click Update Now.

To check that the update applied correctly, open the Services portlet in the Dashboard, and expandthe Updates status. The Anti-virus components will have a green status.

5


Task — Test mail traffic and virus detectionUse this task to test that mail traffic is passing successfully through the McAfee Email Gateway andthat threats are correctly identified. We use the EICAR test file, a harmless file that triggers a virusdetection.

Task

1 Send an email message from an outside email account (such as Hotmail) to an internal mailboxand confirm that it arrived.

2 On the Dashboard, look at the Detections areas. The listing for the protocol you used to send themessage should show that a message was received.

3 Copy the following line into a file, making sure you do not include any spaces or line breaks:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

4 Save the file with the name EICAR.COM.

5 From an external email account (SMTP client), create a message that contains the EICAR.COM fileas an attachment and send the message to an internal mailbox.

6 Return to the Dashboard and look at the Detections areas. You should see that a virus was detected.

7 Delete the message when you finish testing your installation, to avoid alarming unsuspecting users.

Task — Test spam detectionUse this task to run a General Test mail for Unsolicited Bulk Email (GTUBE) to verify that the McAfeeEmail Gateway is detecting incoming spam.

Task

1 From an external email account (SMTP client), create a new email message.

2 In the body of the message, copy the following text:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Make sure that you type this line with no line breaks.

3 Send the new email message to an internal mailbox address.

The device scans the message, recognizes it as a junk email message, and deals with itaccordingly. The GTUBE overrides blacklists and whitelists.

For more information about the GTUBE, visit http://spamassassin.apache.org/tests.html.

5 Testing the configurationTask — Test mail traffic and virus detection


http://spamassassin.apache.org/tests.html

6 Exploring the appliance features

This information contains tasks to demonstrate the McAfee Email Gateway Virtual Appliance 7.0scanning features in action. It provides step-by-step instructions to create and test some samplepolicies and tells you how to generate applicable reports.

Introduction to policiesThe appliance uses policies which describe the actions that the appliance must take against threatssuch as viruses, spam, unwanted files, and the loss of confidential information.

Email | Email Policies

Policies are collections of rules or settings that can be applied to specific types of traffic or to groups ofusers.

EncryptionThe Encryption pages enable you to set up McAfee Email Gateway to use the supported encryptionmethods to securely deliver your email messages.

Email | Encryption

The McAfee Email Gateway includes several encryption methodologies, and can be set up to provideencryption services to the other scanning features, or can be set up as an encryption-only server usedjust to encrypt email messages.

Task — Encrypt all email traffic to a specific customerA common use of the encryption features is to configure a policy to use encryption for email messagesgoing to a specific customer.

This group of tasks show how to configure your McAfee Email Gateway so that all email messagesbeing sent to s specific customer are sent using encryption.

Task — Create a new scanning policyLearn how to create a new scanning policy.

Your appliance uses the policies you create to scan the email messages sent through the appliance.You can create multiple policies to control the way different users use email, or to specify differentactions based on specific circumstances.

6


Task

1 Click Email | Email Policies | Scanning Policies.

2 Select the required protocol using steps in Task — View policies for SMTP, POP3 or McAfee SecureWeb Mail.

3 Click Add policy...

4 In the Scanning Policies — New Policy page, enter the following information:

a A name for the policy.

b An optional description for the new policy.

c Where the new policy inherits its settings from.

If you have a similar policy already set up, select this to allow its settings to be inherited by thenew policy.

d Choose if the policy is to apply to inbound or outbound email traffic. (SMTP only)

e Select the required Match logic for the policy.

f Select the type of rule, how it should match and the value that the rule tests against.

g If required, add additional rules, and use the and buttons to correctly order the rules.

5 Click OK.

The new policy is added to the top of the list of policies.

Task — Configure the encryption settingsConfigure your McAfee Email Gateway to use encryption.

Task

1 Click Email | Encryption | Secure Web Mail | Basic Settings.

2 Select Enable the Secure Web Mail Client.

3 Click Email | Encryption | Secure Web Mail | User Account Settings.

Recipients are automatically enrolled, and receive a digitally signed notification in HTML format. Theadministrator chooses whether to do push and/or pull encryption.

4 Click Email | Encryption | Secure Web Mail | Password Management.

The minimum password length is eight characters. The password expires after 365 days.

Task — Enable encryption within your email policyEnable the required encryption features on your McAfee Email Gateway.

Task

1 Click Email | Email Policies | Compliance

2 Click Enable compliance, and select Create new rule from template.

3 Search for the HIPAA Compliance rule and select it.

6 Exploring the appliance featuresIntroduction to policies


4 Click Next to progress through the wizard.

5 Select the primary action to Allow Through (Monitor).

6 In And also, select Deliver message using encryption.

7 Click Finish, and click OK to close the dialog box.

8 Click Email | Email Policies | Policy Options | Encryption.

9 In When to Encrypt, select Only when triggered from a scanner action.

10 In On-box Encryption Options, select Secure Web Mail, and click OK.

11 Apply the changes.

Task — Identify quarantined email messagesUse this task to discover which email messages have been quarantined by your McAfee Email GatewayAppliance.

To view a list of all messages that have been quarantined:

Task1 Click Reports | Message Search.

2 Select Quarantined from the Message status drop-down list.

3 Click Search/Refresh.

All messages that have been quarantined are displayed in the lower part of the page.

Task — Refine the searchYou can further refine your search for quarantined email messages to show only those that have beenquarantined due to specific triggers. In this example, to find those email messages quarantined due tocompliancy issues:

Task1 Complete the steps in Task — Find out which email messages are quarantined.

2 Select Compliancy from the Category drop-down list.

3 Click Search/Refresh.

The lower part of the screen is refreshed to show only the messages that have been quarantined dueto compliancy issues.

Task — View a specific email messageYou can view the content of a quarantined email message.

Task1 Complete the steps in Task — Refine the search.

2 Select the relevant quarantined message using the check-box to the left of the page.

3 Click View Message.

The selected message is displayed in a new window. From this window, you can view the content ofthe email message. You can also choose to view the detailed email header information. Once you haveviewed the message, by clicking the relevant buttons, you can choose further actions to perform onthe email message.

Exploring the appliance featuresIntroduction to policies 6


Task — Release a quarantined email messageAfter viewing the email message that has been quarantined, you may want to release the messagefrom Quarantine. This task allows you to do this.

To release a selected message from quarantine:

Task

1 Complete the steps in Task — View a specific email message.

2 Click Release Selected.

The selected email message is released from quarantine.

Email messages that contain viral content cannot be released from quarantine, as to do so would riskcausing damage to your systems.

Compliance Settings Use this page to create and manage compliancy rules.

Email | Email Policies | Compliance | Compliance

Benefits of the compliance settings

Use compliance scanning to assist with conformance to regulatory compliance and corporate operatingcompliance. You can choose from a library of predefined compliance rules, or create your own rulesand dictionaries specific to your organization.

Compliance rules can vary in complexity from a straightforward trigger when an individual term withina dictionary is detected, to building on and combining score-based dictionaries which will only triggerwhen a certain threshold is reached. Using the advanced features of compliance rules, dictionaries canbe combined using logical operations of any of, all of, or except.

Task — Restrict the score contribution of a dictionary termUse this task to restrict the score contribution of a dictionary term.

Before you begin

This task assumes that your rule includes a dictionary which triggers the action based on athreshold score, such as the Compensation and Benefits dictionary.

You can restrict how many times a term can contribute to the overall score.

For example, if ’testterm’ within a dictionary has a score of 10 and is seen five times within an email,it will add 50 to the overall score. Alternatively you can restrict this, for example to contribute onlytwice by setting ‘Maximum term count’ to 2.

Task

1 Select Email | Email Policies | Compliance.

2 Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose scoreyou want to change.

3 In Maximum term count, type the maximum number of times that you want a term to contribute to thescore.



Task — Edit the threshold associated with an existing ruleUse this task to edit the threshold associated with an existing rule.

Before you begin

This task assumes that your rule includes a dictionary which triggers the action based on athreshold, such as the Compensation and Benefits dictionary.

Task


2 Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose scoreyou want to change.

3 In dictionary threshold, type the score on which you want the rule to trigger, and click OK.

Task — Create a rule to monitor or block at a thresholdFor score-based dictionaries you might want to monitor triggers that reach a low threshold, and onlyblock the email when a high threshold is achieved.

Task


2 Click Create new rule, type a name for it such as Discontent - Low, and click Next.

3 Select the Discontent dictionary, and in Threshold, type 20.

4 Click Next, and Next again.

5 In If the compliance rule is triggered, accept the default action.

6 Click Finish.

7 Repeat steps 2 through 4 to create another new rule but name it Discontent - High and assign ita threshold of 40.

8 In If the compliance rule is triggered, select Deny connection (Block).

9 Click Finish.

10 Click OK and apply the changes.

Task — Add a dictionary to a ruleUse this task to add a new dictionary to an existing rule.

Task


2 Expand the rule that you want to edit.

3 Select Add dictionaries.

4 Select the new dictionary that you want to include, and click OK.

Task — Create a complex custom ruleUse this task to create a complex rule that triggers when both Dictionary A and Dictionary B aredetected, except when Dictionary C is also detected.



Task

1 Select Email | Email Policies | Scanning Policies and select Compliance.

2 On the Default Compliance Settings dialog box, click Yes to enable the policy.

3 Click Create new rule to open the Rule Creation Wizard.

4 Type a name for the rule, and click Next.

5 Select two dictionaries to include in the rule, and click Next.

6 Select a dictionary that you want to exclude from the rule in the exclusion list.

7 Select the action that you want to take place if the rule triggers.

8 From the And conditionally drop down box, select All, and click Finish.

Task — Create a simple custom ruleUse this task to create a simple custom rule that blocks messages that contain social security numbers.

Task



3 Click Create new rule to open the Rule Creation Wizard.

4 Type a name for the rule, and click Next.

5 In the Search field, type social.

6 Select the Social Security Number dictionary, and click Next twice.

7 Select the Deny connection (Block) action, and click Finish.

Task — Block messages that violate a policyUse this to task to block messages that violate a threatening language policy.

Task



3 Click Create new rule from template to open the Rule Creation Wizard.

4 Select the Acceptable Use - Threatening Language policy, and click Next.

5 Optionally change the name of the rule, and click Next.

6 Change the primary action to Deny connection (Block), and click Finish.

7 Click OK and apply the changes.



Data Loss Prevention settings Use this page to create a policy that assigns data loss prevention actions against the registereddocument categories.

Email | Email Policies | Compliance | Data Loss Prevention

Benefits of using Data Loss Prevention (DLP)You can choose to restrict the flow of sensitive information sent in email messages by SMTP throughthe appliance using the Data Loss Prevention feature. For example, by blocking the transmission of asensitive document such as a financial report that is to be sent outside of your organization. Detectionoccurs whether the original document is sent as an email attachment, or even as just a section of texttaken from the original document.

Configuring DLP takes place in two phases:

• Registering the documents that you want to protect.

• Setting the DLP policy to action, and control the detection (this topic)

If an uploaded registered document contains embedded documents, their content is also fingerprintedso the combined content is used when calculating the percentage match at scan time. To haveembedded documents treated individually, they must be registered separately.

Task — Prevent a sensitive document from being leakedUse this task to block sensitive financial documents from being sent outside your organization.

Before you begin

This example assumes that you have already created a Finance category.

Task

1 Select Email | Email Policies | Compliance | Data Loss Prevention.

2 On the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.

3 Click Create new rule, select the Finance category, and click OK to have the category appear in theRules list.

4 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.

5 Click OK again, and apply the changes.

Task — Block a section of the documentUse this task to block just a small section of the document from being sent outside your organization.

Task



3 Enable the consecutive signatures setting, and type the number of consecutive signatures againstwhich the DLP policy will trigger a detection. The level is set to 10 by default.



4 Click Create new rule, select the Finance category, and click OK to have the category appear in theRules list.

5 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.


Task — Exclude a specific document for a policyUse this task to prevent a specific financial document from triggering the DLP policy settings.

Task



3 Click Create document exclusion, select the document you want to ignore for this policy, and click OK.




7 Additional Configuration Options

This information gives some best practice tips and some advanced configuration options.

Contents

Task — Upgrading to Email Gateway Virtual Appliance 7.0 Task — Change the default Power Off and Reset actions Task — Configure the shutdown and restart option

Task — Upgrading to Email Gateway Virtual Appliance 7.0Use this task to upgrade to McAfee Email Gateway Virtual Appliance 7.0 from Email and Web SecurityVirtual Appliance 5.6 or Email Security Virtual Appliance 5.6 using the software .ISO image.

Before you begin

You must have Email and Web Security Virtual Appliance 5.6 or Email Security VirtualAppliance 5.6 installed already.

After an operating system is installed on a virtual appliance, the virtual machine always starts fromthe hard disk first. To work around this feature, you have to shut down the virtual machine andconfigure a power-on-boot delay so that you have enough time to access the Boot menu and tell it tostart from the installation CD instead.

Task

1 Download the McAfee Email Gateway Virtual Appliance 7.0 .ISO upgrade file from the McAfeedownload site and extract it.

2 Shut down the virtual appliance.

a Log on to the virtual appliance user interface and select System | System Administration | SystemCommands.

b Enter the password.

c Select Shutdown Appliance.

3 Log on to VMware ESX Server, or use the VMware Infrastructure Client or the VMware vSphereClient to log on to VMware Virtual Center Server.

4 Enable a Power-on-Boot delay to get enough time to force the virtual machine to boot from CD:

a Select the virtual appliance in the Inventory list and click Summary.

b Select Edit Settings | Options | Boot Options.

c In Power-on-Boot delay, type 10,000 in the text box, and click OK.

7


5 Turn on the virtual appliance.

6 Make sure the cursor focus is on the Virtual Appliance console. Then press the ESC key to open theBoot Menu.

Do not select any options yet.

7 Release the cursor from the console and select Connect CD/DVD1.

8 Browse to the folder where you downloaded the McAfee Email Gateway Virtual Appliance 7.0 .ISOfile and double-click <McAfee-MEG 7.0-<build-number>.VMbuy.iso>.

9 When the .ISO file is connected, click back on to the console screen. Select CD-ROM Drive and pressthe ENTER key.

10 The virtual appliance starts from the .ISO file.

11 Press y to agree to the terms of the license agreement.

12 Select the upgrade option that you want, and press the ENTER key to perform the upgrade.

13 Type y to confirm that you want to continue.

Task — Change the default Power Off and Reset actionsUse this task to change the Power Off and Reset actions in VMware vSphere so the McAfee Email GatewayVirtual Appliance 7.0 can shut down without corrupting the virtual machine file system.

Task

1 Within VMware vSphere Client, right-click the McAfee Email Gateway Virtual Appliance 7.0 and select EditSettings.

2 Select the Options tab and select VMware Tools.

3 Set the option next to the red square to Shut Down Guest.

4 Next to the Reset icon (red and green arrow), set the option to Restart Guest.

Task — Configure the shutdown and restart optionUse this task to configure the McAfee Email Gateway Virtual Appliance 7.0 to shut down automaticallyand restart if you restart VMware vSphere.

Task

1 Select the vSphere Host and click the Configuration tab.

2 Select Virtual Machine Startup/Shutdown in the Software box, click Properties, and do the following:

• Enable the Allow virtual machines to start and stop automatically with the system option.

• Change the Shutdown Action to Guest Shutdown.

3 Select the McAfee Email Gateway Virtual Appliance 7.0 in the list and click Move Up until it appearsas the first item in the list.

4 Click Edit.

7 Additional Configuration OptionsTask — Change the default Power Off and Reset actions


5 In Virtual Machine Autostart Settings, within the Shutdown Settings box, select the Use specified settings optionand choose Guest Shutdown next to Perform shutdown action.

6 Click OK twice to shut down the configuration screen.

The virtual appliance now appears in the list underneath the Automatic Startup heading and the value inthe Shutdown column is Shut down guest.

Additional Configuration OptionsTask — Configure the shutdown and restart option 7


Index

A

about this guide 5

B

Basic SettingsCustom Setup Wizard 35, 46

Encryption Only Wizard 53

benefits of data loss prevention 71

benefits of DLP 71

C

cluster configurationstatistics 59

virtual network address 35

Cluster ManagementSetup Wizard 40, 47

Cluster ModeSetup Wizard 35, 46

compliance 68

Compliancebenefits of 68

scanning for 68

configuration change messages 59

Configuration console 31

configure the virtual appliance 30

conventions and icons used in this guide 5Custom setup wizard 34

D

Dashboard 59

data loss preventionbenefits 71

data loss prevention (DLP) 71

demilitarized zoneSMTP configuration 21

demilitarized zone (DMZ) 21

detectionsrates and statistics 59

DHCP 31

dictionariesadding to policies 68

editing scores and terms 68

DLPbenefits 71

DLP (data loss prevention) 71

DMZSMTP configuration 21

documentationaudience for this guide 5product-specific, finding 7typographical conventions and icons 5

download package 12

E

Email Gatewaypackage contents 12

email policiescompliance 68

email queues 59

email status 59

encryption 65

Encryption OnlySetup Wizard 53

ePolicy Orchestratorsetup 32

explicit proxy mode 14

F

feature descriptions 9firewall rules

explicit proxy mode 14

G

graphsemail and network statistics 59

I

improve performance 30

installationbest practices 27

configure the virtual appliance 30

improve performance 30

on VMware vSphere 29

process overview 27


installation optionsconvert from VMtrial 28

custom setup 34

setup wizard 32

standard setup 32

L

least used 40, 47

M

mail gatewaywith a DMZ 21

mail relayin a DMZ 21

McAfee Global Threat Intelligence 59

McAfee ServicePortal, accessing 7

N

network modesexplicit proxy mode 14

installation best practices 27

introduction 13

transparent bridge mode 16

network status 59

O

operating modesexplicit proxy mode 14

installation best practices 27

options 32

transparent bridge mode 16

P

performanceimprove 30

policiesintroduction to 65

status 59

product features 9

S

Scanningfor compliance 68

ServicePortal, finding product documentation 7setup options

custom and standard 32

encryption only 32

ePO 32

restore from a file 32

Setup wizardcustom 34

standard 32

Setup Wizardinstallation options 32

Basic Settings (Custom) 35, 46

Basic Settings (Encryption Only) 53

Cluster Management 40, 47

Cluster Mode 35, 46

Encryption Only 53

Standard setup wizard 32

statisticsDashboard 59

system requirements 23

T

Technical Support, finding product information 7threat feedback 59

transparent bridge modesystem requirements 23

transparent modesinstallation best practices 27

V

virtual applianceinitial configuration 30

VMtrialconvert to virtual appliance 28

VMware vSphereinstallation steps 29

W

warning messagesDashboard 59

web policiescompliance 68

Index


700-3349A00

mcafee email gateway 7.0 virtual appliance installation...

Documents