mcafee email gateway 7.6.400 vmtrial appliances...

Installation GuideRevision D

McAfee Email Gateway 7.6.400 VMtrialAppliancesfor use in Microsoft Hyper-V and VMware vSphere environments

COPYRIGHT

Copyright © 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guidefor use in Microsoft Hyper-V and VMware vSphere environments

http://www.intelsecurity.com

Contents

1 Introducing McAfee Email Gateway (VMtrial) 5Description of McAfee Email Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . 5Supported platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5McAfee Email Gateway features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Evaluation period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9What you get . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2 Installing VMtrial 11Decide how you want to use the evaluation . . . . . . . . . . . . . . . . . . . . . . . 11Considerations before installing VMtrial . . . . . . . . . . . . . . . . . . . . . . . . 11Network information you need to collect . . . . . . . . . . . . . . . . . . . . . . . . 12System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Task - Install Email Gateway (VMtrial) on Hyper-V using PowerShell . . . . . . . . . . . . . 12

Task - Run the Email Gateway (VMtrial) installation script . . . . . . . . . . . . . . 13Task - Install Email Gateway (VMtrial) . . . . . . . . . . . . . . . . . . . . . . 14

Task - Install VMtrial on Hyper-V using SCVMM . . . . . . . . . . . . . . . . . . . . . . 14Task - Import the Email Gateway (VMtrial) installation files . . . . . . . . . . . . . . 14Task - Import the virtual machine template . . . . . . . . . . . . . . . . . . . . 15Task - Create a virtual machine . . . . . . . . . . . . . . . . . . . . . . . . . 15Task - Run the Email Gateway (VMtrial) . . . . . . . . . . . . . . . . . . . . . . 16

Install VMtrial on VMware vSphere . . . . . . . . . . . . . . . . . . . . . . . . . . 16Install VMtrial on VMware Player . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Task - Configure the Email Gateway (VMtrial) . . . . . . . . . . . . . . . . . . . . . . 18

3 Getting started with VMtrial 21The Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Benefits of using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . 22Dashboard portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Testing the configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Task — Test connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Task — Update the DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Using the test email generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Benefits of using the test email generator . . . . . . . . . . . . . . . . . . . . 24Generate test email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Task — Generate a stream of test email messages . . . . . . . . . . . . . . . . . 25Task — View a summary of scanned email traffic . . . . . . . . . . . . . . . . . . 25Task — Find specific test email messages . . . . . . . . . . . . . . . . . . . . . 26

Exploring the appliance features . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Introduction to policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Compliance Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Data Loss Prevention settings . . . . . . . . . . . . . . . . . . . . . . . . . 32Task — Identify quarantined email messages . . . . . . . . . . . . . . . . . . . 33

McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guidefor use in Microsoft Hyper-V and VMware vSphere environments

3

Index 35

Contents


1 Introducing McAfee Email Gateway(VMtrial)

McAfee®

Email Gateway virtual trial (VMtrial) lets you evaluate the latest McAfee Email Gatewaysoftware.

Contents Description of McAfee Email Gateway Supported platforms McAfee Email Gateway features Evaluation period Performance What you get

Description of McAfee Email GatewayMcAfee Email Gateway delivers comprehensive, enterprise-class protection against email threats in anintegrated and simple-to-manage appliance for SMTP and POP3.

If you purchase the McAfee Email Gateway after this evaluation, McAfee can either supply the relevanthardware and other items that accompany an appliance, or you can access the software using a virtualappliance.

Supported platforms McAfee Email Gateway (VMtrial) works on the following virtual platforms:

• VMware vSphere 4.x or higher

• VMware vSphere Hypervisor (ESXi™) 4.x or higher

• Microsoft Hyper-V installations running on:

• Microsoft Windows 8 Pro • Microsoft Windows 8.1 Enterprise

• Microsoft Windows 8 Enterprise • Microsoft Windows Server 2012

• Microsoft Windows 8.1 Pro • Microsoft Windows Server 2012 R2

1


5

McAfee Email Gateway features This information describes the features of the product and where to locate them in the productinterface.

Email scanning features

Feature Description

Comprehensivescanningprotection

Offers anti-virus and anti-spam protection for the following network protocols:• SMTP

• POP3

Anti-virusprotection

Email | Email Policies | Anti-Virus

Reduce threats to all protocol traffic using:• Anti-virus settings to identify known and unknown threats in viruses in

archives files, and other file types

• Other threat detection settings to detect viruses, potentially unwantedprograms, packers, and other malware

• McAfee Global Threat Intelligence file reputation to complement theDAT-based signatures by providing the appliances access to millions ofcloud-based signatures; this reduces the delay between McAfee detecting anew malware threat and its inclusion in DAT files, providing broader coverage

Anti-spamprotection

Email | Email Policies | Spam

Reduce spam in SMTP and POP3 email traffic using:

• Anti-spam engine, the anti-spam, and anti-phishing rule sets

• Lists of permitted and denied senders

• McAfee Global Threat Intelligence message reputation to identifysenders of spam email messages

• Permit and deny lists that administrators and users can create using aMicrosoft Outlook plug-in (user-level only)

Detect phishing attacks and take the appropriate action.

Encryption Email | EncryptionThe McAfee Email Gateway includes several encryption methodologies:• Server-to-server encryption

• Secure Web Mail

• Pull delivery

• Push delivery

The encryption features can be set up to provide encryption services to theother scanning features, or can be set up as an encryption-only server usedjust to encrypt email messages.

1 Introducing McAfee Email Gateway (VMtrial)McAfee Email Gateway features


Feature Description

McAfee GlobalThreatIntelligencefeedback

Email | Email Policies | Policy Options | McAfee GTI feedback

System | Setup Wizard

McAfee analyzes data about detections and alerts, threat details, and usagestatistics from a broad set of customers to combat electronic attacks, protectvulnerable systems from exploit, and thwart cyber crime. By enabling thisfeedback service in your product, you will help us improve McAfee Global ThreatIntelligence, thereby making your McAfee products more effective, as well ashelp us work with law enforcement to address electronic threats.

ComplianceSettings

Email | Email Policies | Compliance

This release of the product includes enhancements to the way the applianceuses compliance rules:• In the Compliance policy, use the Rule Creation wizard to specify the inbuilt

dictionaries that you want to comply with, or create the a new rule using anexisting rule as a template.

• Use the Mail size filtering and File filtering policies to check SMTP email messagesfor true file types and take action on email based on size and number ofattachments.

Data LossPrevention

Email | DLP and Dictionaries

Use the Data Loss Prevention policy to upload and analyze your sensitive documents— known as training — and to create a fingerprint of each document.

Message Search Reports | Message search

From a single location within the user interface, Message Search allows you toconfirm the status of email messages that have passed through the appliance.It provides you with information about the email, including whether it wasdelivered or blocked, if the message bounced, if it was quarantined, or held in aqueue pending further action.

Quarantinefeatures

Email | Quarantine Configuration | Quarantine Options

• Quarantine digests — Allow users to handle quarantined items without involvingthe email administrator.

• McAfee Quarantine Manager — Consolidate quarantine management for McAfeeproducts.

Message TransferAgent

• Reroute traffic on-the-fly based on criteria set by the administrator. Forexample, encrypted mail can be rerouted for decryption.

• Allow the administrator to determine the final status of each message.

• See a quick view summary of inbound email messages by domain withdrill-down facilities per domain and undeliverable email by domain.

• Prioritize the redelivery of undeliverable email based on domain.

• Pipeline multiple email deliveries to each domain.

• Rewrite an email address on inbound and outbound email based on regularexpressions defined by the administrator.

• Strip email headers on outbound messages to hide internal networkinfrastructure.

• Deliver messages using TLS.

• Manage certificates.

Introducing McAfee Email Gateway (VMtrial)McAfee Email Gateway features 1


7

Reporting and System features

Feature Description

ScheduledReports

Reports | Scheduled Reports

Schedule reports to run on a regular basis and send them to one or more emailrecipients.

Logging options System | Logging, Alerting and SNMP

You can configure the appliance to send emails containing information aboutviruses and other detected threats, and to use SNMP to transfer informationfrom your appliance.

Dashboardstatistics

Dashboard

The Dashboard provides a single location for you to view summaries of theactivities of the appliance, such as the email flowing through the appliance, andthe overall system health of the appliance. You can also go directly to areas ofthe user interface that you often use.

ePolicyOrchestratormanagement ofappliances

System | Setup Wizard

Choose the ePO Managed Setup option to monitor the status of your appliances andalso manage your appliance from ePolicy Orchestrator.

You can directly manage your appliances from ePolicy Orchestrator, withoutneeding to launch the interface for each appliance.

In ePolicy Orchestrator, the user interface pages that you use to configure andmanage your appliance have a familiar look-and-feel to the pages that you findwithin the appliances.

ClusterManagement

System | System Administration | Cluster Management

Cluster management enables you to set up groups of appliances that worktogether to share your scanning workloads, and to provide redundancy in theevent of hardware failure.

From these pages you can back up and restore your configurations, pushconfigurations from one appliance to others, and set up load balancing betweenyour appliances.

Virtual Hosts System | Virtual Hosting | Virtual Hosts

For the SMTP protocol, you can specify the addresses where the appliancereceives or intercepts traffic on the Inbound Address Pool.

Using virtual hosts, a single appliance can appear to behave like severalappliances. Each appliance can manage traffic within specified pools of IPaddresses, enabling the appliance to provide scanning services to traffic frommany customers.

Role-basedAccess Control

System | Users | Users and Roles

System | Users | Login Services

In addition to the Kerberos authentication method, RADIUS authentication isalso available.

Evaluation periodDuring the evaluation period, you get unlimited access to McAfee® Email Gateway Appliance (VMtrial)features that can protect your organization from spam, phishing, viruses, undesirable content, dataloss, and other threats.

1 Introducing McAfee Email Gateway (VMtrial)Evaluation period


The evaluation period lasts for 30 days, after which time the virtual appliance will cease to function.When the evaluation period ends, an Expiry Information dialog box on the VMtrial logon page tells you"The trial has now expired." All functionality stops working. Traffic continues to pass through theVMtrial appliance but is not scanned.

If you run out of time to complete your evaluation before it expires, you can save your configuration,begin another evaluation, and apply your original configuration settings.

To purchase the product based on your evaluation, contact your preferred reseller. To locate a reseller,go to http://www.mcafee.com to find a Reseller or Distribution Partner or contact a salesrepresentative.

PerformanceUsing virtual software to simulate a McAfee appliance impacts appliance performance and trafficthroughput.

Scanning throughput during the evaluation is not representative of the performance that would beachieved on a McAfee appliance with a similar hardware specification. Performance and trafficthroughput are also affected by the host computer specification and the size of your Internetconnection.

What you getThe VMtrial versions of Email Gateway are provided as zip files specific to your chosen virtualenvironment

In the evaluation .zip file, you have the following items:

• McAfee Email Gateway (VMtrial) installation files

• McAfee Email Gateway (VMtrial) Installation Guide

Sources of information

You can find installation and configuration information in the following locations:

• Online Help• The configuration console contains page-sensitive Help information to guide you through the

installation process.

• After installation, detailed context-sensitive Help with Search and Index features is available fromthe product interface. It provides an introduction to the product and its features, detailedinstructions for configuring the software, information on recurring tasks, and operatingprocedures.

Introducing McAfee Email Gateway (VMtrial)Performance 1


9

http://www.mcafee.com

• KnowledgeBase — Use the McAfee KnowledgeBase for answers to questions about McAfee EmailGateway.

Go to https://support.mcafee.com/ and click Browse the KnowledgeBase. From the Product list, selectEmail Gateway.

• Documentation — You have access to the latest version of the McAfee Email Gatewaydocumentation.

Go to https://support.mcafee.com/, click Product Documentation, and select Email Gateway.

For help with your virtual environment, go to your chosen suppliers website, http://www.vmware.com or http://www.microsoft.com.

1 Introducing McAfee Email Gateway (VMtrial)What you get


https://support.mcafee.com/

https://support.mcafee.com/

http://www.vmware.com

http://www.vmware.com

http://www.microsoft.com

2 Installing VMtrial

This information helps you prepare your evaluation environment and presents topics to considerbefore you install McAfee Email Gateway Appliance (VMtrial).

Contents Decide how you want to use the evaluation Considerations before installing VMtrial Network information you need to collect System requirements Task - Install Email Gateway (VMtrial) on Hyper-V using PowerShell Task - Install VMtrial on Hyper-V using SCVMM Install VMtrial on VMware vSphere Install VMtrial on VMware Player Task - Configure the Email Gateway (VMtrial)

Decide how you want to use the evaluationBefore you start to install the evaluation, you must decide whether you want to:

• Use McAfee Email Gateway Appliance (VMtrial) to scan email traffic on your network.

• Just evaluate the McAfee Email Gateway Appliance features and interface options.

Considerations before installing VMtrialIf you want McAfee Email Gateway (VMtrial) to scan email traffic on your network, consider thefollowing before you start the installation process:

• Which protocols do you want to scan? Choose from SMTP and POP3.

• Do you want to scan these protocols without changing settings on clients or servers?

• Does your network have a DMZ? If so, which servers are located in it?

• Do you have an internal DNS server?

• The operational mode that you want to use. Choose from explicit proxy mode, transparent bridgemode, or transparent router mode. Information about the features of each operating mode can befound in the McAfee Email Gateway Virtual Appliance Installation Guide available from https://support.mcafee.com.

2


11

https://support.mcafee.com


Network information you need to collectGather the following information before you start the installation process:

• Protocols to scan (SMTP, POP3)

• Host name

• Domain name

• Default gateway

• Choose your operational mode: explicit proxy, transparent router, transparent bridge.

Information about the operational modes can be found in the McAfee Email Gateway VirtualAppliance Installation Guide available from https://support.mcafee.com.

• LAN1 port IP address and subnet mask

• LAN2 port IP address and subnet mask

• DNS server IP address

• Any onward email server IP address

System requirementsIf you use McAfee Email Gateway (VMtrial) in your production environment, the traffic throughput andperformance is slower than an appliance with a similar hardware specification.

Component Value

Processor 2.8 GHz Pentium 4 processor with Physical Address Extension (PAE) support

Available memory 1 GB

Free hard disk space 50 GB

File system Automatically selected during the installation process

Virtual environment Ensure that your chosen virtual environment is set up and running on suitablehardware, and that you have sufficient Network Interface Controllers attachedto the system.

Task - Install Email Gateway (VMtrial) on Hyper-V usingPowerShell

You can install an Email Gateway (VMtrial) onto a Microsoft Hyper-V virtual environment by running aPowerShell script.

Before you beginMcAfee recommends that you configure the required virtual switches within your Hyper-Vhost system before you install the virtual appliance.

2 Installing VMtrialNetwork information you need to collect



Ensure that you have downloaded the installation files and have saved them to a locationyou can reach from within your Hyper-V environment.

• Download the Email Gateway (VMtrial) package (McAfee-MEG-< version.number >-<build.number >.HyperV_Trial.zip) file from the McAfee download site. Whendownloaded, extract the package to a location where it can be accessed from theHyper-V host.

• Install either a fully licensed, or an evaluation copy, of Microsoft Hyper-V on acompatible Microsoft operating system.

See also Task - Configure the Email Gateway (VMtrial) on page 18

Task - Run the Email Gateway (VMtrial) installation scriptRun the PowerShell script file to create and set up the Email Gateway (VMtrial) within your Hyper-Venvironment without using SCVMM.

Before you begin• Download the Email Gateway (VMtrial) package (McAfee-MEG-< version.number >-<

build.number >.HyperV_Trial.zip) file from the McAfee download site. Whendownloaded, extract the package to a location where it can be accessed from theHyper-V host.

• Install either a fully licensed, or an evaluation copy, of Microsoft Hyper-V on acompatible Microsoft operating system.

Task1 From the computer hosting your Hyper-V installation, browse to the folder containing the Email

Gateway (VMtrial) installation files.

2 Right-click the MEG_VMinstall.ps1 file and select Run with PowerShell.

You need administrator or equivalent permissions to execute this PowerShell script.

If prompted with an Execution Policy Change dialog box, type Y to continue running the installationscript.

3 From the displayed dialog box, click Browse.

4 Select the folder into which the Email Gateway (VMtrial) virtual hard disks are installed.

5 Select the required interfaces for LAN1, LAN2 and (if necessary) OOB.

6 Click OK.

7 Type y and press Enter.

The installation takes several minutes as the separate drives are created. When the Email Gateway(VMtrial) drives have been created, a "deployment complete" message is displayed.

Installing VMtrialTask - Install Email Gateway (VMtrial) on Hyper-V using PowerShell 2


13

Task - Install Email Gateway (VMtrial)Within the Hyper-V virtual machine, start the Email Gateway (VMtrial) and install the software.

Task1 From the computer hosting your Hyper-V installation, view the Virtual Machines.

2 Right-click the newly created virtual machine and select Start.

The Virtual Machine Connection window opens and displays the progress of the virtual machine.

3 From the Virtual Machine Connection window within Hyper-V Manager, follow the installation stepsdetailed in Configure the Email Gateway (VMtrial).

Task - Install VMtrial on Hyper-V using SCVMMThe following sub-tasks describe a method of installing your Email Gateway (VMtrial), using theMicrosoft System Center Virtual Machine Manager.

McAfee recommends that you configure the required virtual switches within your Hyper-V host systembefore you install the Email Gateway (VMtrial).


Task - Import the Email Gateway (VMtrial) installation filesEnsure that you have imported the Email Gateway (VMtrial) installation files into the library of yourMicrosoft System Center Virtual Machine Manager (SCVMM).

Before you beginMake sure that you have the Email Gateway (VMtrial) installation package (McAfee-MEG-<version.number >-< build.number >.HyperV_Trial.zip ) for Hyper-V hosts, and that youcan access this package from within SCVMM.

Import the installation files so that they are available for the installation of your Email Gateway(VMtrial).

Task1 Start the Microsoft System Center Virtual Machine Manager.

2 Navigate to Library and your relevant Library Server.

3 From the top toolbar, click Import Physical Resource.

4 Click Add resource and browse to the folder containing the extracted McAfee-MEG-< version.number>-< build.number >.HyperV_Trial.zip package files.

5 Click Open.

6 Select all virtual hard disk (.vhdx) files.

7 Click Open.

8 Select the destination for the imported files. Click OK.

9 Click Import.

2 Installing VMtrialTask - Install VMtrial on Hyper-V using SCVMM


The virtual hard disks required for the installation of your Email Gateway (VMtrial) are imported to theSCVMM library.

Task - Import the virtual machine templateA template is provided within the installation package to simplify the process of creating virtualmachines on which to run the Email Gateway (VMtrial).


2 Navigate to Library and your relevant Library Server.

3 From the top toolbar, click Import Template.

4 Browse to the extracted McAfee-MEG-< version.number >-< build.number >.HyperV_Trial.zippackage files, and select the template (HyperV_Trial.xml) file.

5 Click Open.

6 Click Next. Optionally, enter a descriptive name for the template.

7 Click Next.

8 Click Import.

The template is imported to Microsoft System Center Virtual Machine Manager, and appears withinTemplates | VM Templates .

Task - Create a virtual machineBefore you can install a Email Gateway (VMtrial), you must create a virtual machine on your Hyper-Vsystem.


2 Navigate to VMs and Services and select VMs from the top toolbar.

3 Choose the Hyper-V host onto which you want to deploy the Email Gateway (VMtrial).

4 Right-click the selected host and select Create Virtual Machine.

5 Select Use an existing virtual machine, VM template, or virtual hard disk, browse to locate the virtual machinetemplate you installed, and click OK

6 Click Next.

7 Type a name for the virtual machine. Optionally, provide a description for this virtual machine.

8 Click Next. The summary screen for the virtual machine configuration is displayed.

9 Click Next.

10 You can change the host upon which the virtual machine is installed. A list of the available hosts isdisplayed, together with a rating for each, to help you decide the best host to use.

11 Click Next .You can review the selected options and settings before creating the virtual machine.

12 Select the required network adaptors from the list.

Installing VMtrialTask - Install VMtrial on Hyper-V using SCVMM 2


15

13 Click Next.

14 Click Create.

The virtual machine is created using the settings within the template file and the information youselected. The virtual hard drive files are copied to the virtual machine, to be used during the EmailGateway (VMtrial) installation.

Task - Run the Email Gateway (VMtrial)Turn on the imported Email Gateway (VMtrial) from Hyper-V manager or the SCVMM console.

Before you beginIf you installed your virtual machine on a different host to that running SCVMM, navigate tothe relevant Hyper-V host and open Hyper-V Manager.

Depending on the options selected during the creation of the virtual machine, you mightneed to manually start the virtual machine. To manually start the virtual machine,right-click the relevant virtual machine and select Start.

Once the Email Gateway (VMtrial) software has been installed within Hyper-V, ensure the virtualmachine is powered on before continuing with the installation process.

Task1 Start Hyper-V Manager.

2 Make sure the virtual machine running the Email Gateway (VMtrial) is running.

3 Select the virtual machine, and click Connect from within Actions. The Virtual Machine Connection window isdisplayed.

4 From the Virtual Machine Connection window within Hyper-V Manager, follow the installation stepsdetailed in Configure the Email Gateway (VMtrial).

Install VMtrial on VMware vSphereUse this task to install McAfee Email Gateway Appliance (VMtrial) onto a host computer runningVMware vSphere 4.x or VMware vSphere Hypervisor (ESXi) 4.x.

Before you begin• Download the McAfee Email Gateway Appliance (VMtrial) package .zip file from the

McAfee download site and extract it to a location where the VMware vSphere Client cansee it.

• Install a fully licensed copy of VMware vSphere 4.x or VMware vSphere Hypervisor(ESXi) 4.x.

The McAfee Email Gateway Appliance (VMtrial) performs automatic configuration using DHCP for thefollowing parameters:

• Host name

• Domain name

• Default gateway

• DNS server

2 Installing VMtrialInstall VMtrial on VMware vSphere


The console appears when the appliance restarts until you complete the settings.

Task1 Start the VMware vSphere Client application.

2 Log on to the VMware vSphere server, or the vCenter Server.

3 From the Inventory list, select the host or cluster onto which you want to import the virtual appliancesoftware.

4 Click File | Deploy OVF Template | Deploy From File, and click Browse to go to where you extracted the .zip fileyou downloaded from the McAfee download site.

5 Open the VMtrial subfolder from the .zip file, and select the McAfee_MEG_VMtrial.vSphere_ESX.ovf file, andclick Open.

6 Click Next twice, and optionally type a new name.

7 Select the resource pool that you want to use if you have any configured.

8 Select the datastore that you want to use, and click Next.

9 Select the virtual networks to which the virtual appliance NICs will be connected.

10 Click Next, read the summary, then click Finish and wait for the import process to finish.

You can install the virtual appliance on more than one VMware vSphere server.


Install VMtrial on VMware PlayerUse this task to install McAfee Email Gateway Appliance (VMtrial) onto a host computer runningVMware Player.

Before you beginDownload the McAfee Email Gateway Appliance (VMtrial) package .zip file from the McAfeedownload site and extract it to the computer on which you plan to run the evaluation.

Download VMware Player from http://www.vmware.com/go/get-player.

The McAfee Email Gateway Appliance (VMtrial) performs automatic configuration using DHCP for thefollowing parameters:

• Host name

• Domain name

• Default gateway

• DNS server

The console appears when the appliance restarts until you complete the settings.

Installing VMtrialInstall VMtrial on VMware Player 2


17

http://www.vmware.com/go/get-player

Task1 Log on to the computer as an administrator.

2 Install VMware Player:

a Double-click the VMware Player installation file and click Run to start the installer.

b Click Next and continue through the installer selecting the desired options.

c On the last page, click Continue to begin the installation.

The computer must be restarted before you can run McAfee Email Gateway Appliance (VMtrial).

3 Run the VMtrial installation file:

a Browse to the folder where you extracted the McAfee Email Gateway Appliance (VMtrial)package .zip file.

b Open the VMtrial folder.

c Double-click the McAfee_MEG_VMtrial.VMware_Player.vmx file.

VMware Player starts, and the installation begins.

You can install the virtual appliance on more than one VMware Player server.


Task - Configure the Email Gateway (VMtrial)Use this task to configure the Email Gateway (VMtrial).

Before you beginEnsure your virtual environment is installed and running correctly.

Task1 Start the Email Gateway (VMtrial). The installation starts automatically.

2 Read the End-User License Agreement to continue with the installation, then click y to accept it andstart the installation.

3 At the installation menu, select a to perform a full installation and y to continue.

4 When the installation is complete, the Email Gateway (VMtrial) restarts.

5 On the Welcome screen, choose the language that you want to use.

6 Accept the terms of the license agreement.

7 Configure the Email Gateway (VMtrial) from the graphical configuration wizard.

2 Installing VMtrialTask - Configure the Email Gateway (VMtrial)


8 Apply the configuration to the Email Gateway (VMtrial). Depending on the settings you entered, itmight restart. You can install the Email Gateway (VMtrial) on more than one virtual environment.To do so:

a Follow the steps in this task on another virtual environment.

b Return to the previously installed Email Gateway (VMtrial) user interface.

c Select System | System Administration | Configuration Push to send the configuration details to thesecond Email Gateway (VMtrial).

Installing VMtrialTask - Configure the Email Gateway (VMtrial) 2


19

2 Installing VMtrialTask - Configure the Email Gateway (VMtrial)


3 Getting started with VMtrial

This information introduces you to the interface elements that make up McAfee Email GatewayAppliance (VMtrial).

Contents The Dashboard Testing the configuration Using the test email generator Exploring the appliance features

The DashboardThe Dashboard provides a summary of the activity of the appliance.

Dashboard

On a cluster master appliance, use this page also to see a summary of activity on the cluster ofappliances.

3


21

Benefits of using the DashboardThe Dashboard provides a single location for you to view summaries of the activities of the appliancethrough a series of portlets.

Figure 3-1 Dashboard portlets

Some portlets display graphs that show appliance activity over the following periods of time:

• 1 hour • 2 weeks

• 1 day (the default) • 4 weeks

• 1 week

Within the Dashboard, you can make some changes to the information and graphs displayed:

• Expand and collapse the portlet data using the and buttons in the portlet's top right-handcorner.

• Drill down to specific data using the and buttons.

• See a status indicator that shows whether the item needs attention:

• Healthy — The reported items are functioning normally.

• Requires Attention — A warning threshold has been exceeded.

• Requires Immediate Attention — A critical threshold has been exceeded.

• Disabled — A service is not enabled.

• Use and to zoom in and zoom out of a timeline of information. There is a short delay whilethe view is updated. By default, the Dashboard shows data relating to the previous one day.

• Move a portlet to another location on the Dashboard.

3 Getting started with VMtrialThe Dashboard


• Double-click the top bar of a portlet to expand it across the top of the Dashboard.

• Set your own alert and warning thresholds to trigger events. To do so, highlight the item and clickit, edit the alert and warning threshold fields, and click Save. When the item exceeds the thresholdyou set, an event is triggered.

Depending on the browser used to view the McAfee Email Gateway user interface, the Dashboard"remembers" the current state of each portlet (whether it is expanded or collapsed, and if you havedrilled down to view specific data), and attempts to re-create that view if you navigate to another pagewithin the user interface and then return to the Dashboard within the same browsing session.

Dashboard portletsThe McAfee Email Gateway Dashboard portlets provide information about the state of email traffic,recent detections and the current status of your McAfee Email Gateway.

Option Definition

Inbound MailSummary

Displays the delivery and status information about messages sent to yourorganization.

Outbound MailSummary

Displays the delivery and status information about messages sent from yourorganization.

SMTP Detections Displays the total number of messages that triggered a detection based on thesender or connection, the recipient, or the content, and to view data specific toeither inbound or outbound SMTP traffic.

POP3 Detections Displays how many messages triggered a detection based on threats such asviruses, packers, or potentially inappropriate images.

System Summary Displays information about load balancing, the disk space used for each partition,total CPU usage, used and available memory, and swap details.

Hardware Summary Status indicators to show the status of network interfaces, UPS servers, bridgemode (if enabled), and RAID status.

Network Summary Provides information about the status of your connections, network throughputand counters relating to Kernel Mode Blocking

Services Displays update and service status statistics based on protocol and externalservers used by the appliance.

Clustering Provides information about the entire cluster when appliance is part of a cluster oryou are using the blade server hardware.

Tasks Links directly to the areas of the user interface that search the message queue,view reports, manage policies, configure mail protocol settings and network andsystem settings, and access troubleshooting features.

Testing the configurationThis information describes how to test that the appliance is functioning correctly after installation.

Contents Task — Test connectivity Task — Update the DAT files

Task — Test connectivityUse this task to confirm basic connectivity.The McAfee Email Gateway checks that it can communicate with the gateway, update servers and DNSservers. It also confirms that the appliance name and domain name are valid.

Getting started with VMtrialTesting the configuration 3


23

Task

1 From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from theTasks area.

2 Click the Tests tab.

3 Click Start Tests.

Each test should return positively.

Task — Update the DAT filesUse this task to ensure that the McAfee Email Gateway has the most up-to-date detection definition(DAT) files. We recommend updating them before you configure the scanning options.As you progress using the McAfee Email Gateway, you can choose to update individual types ofdefinition file and change the default scheduled updates to suit your requirements.

Task

1 Select System | Component Management | Update Status .

2 To update the anti-virus engine and anti-virus database, click Update Now.

To check that the update applied correctly, open the Services portlet in the Dashboard, and expandthe Updates status. The Anti-virus components will have a green status.

Using the test email generator McAfee® Email Gateway Appliance (VMtrial) includes a test email generator to allow you to fully testyour trial of the software, without needing to configure external infrastructure to send and receiveemail messages.

Troubleshoot | Tools | Generate Test Email

Benefits of using the test email generator The test email generator demonstrates the reporting and detection capabilities of the McAfee EmailGateway Appliance (VMtrial) by simulating the continual sending and receiving various types of emailtraffic.

The content of the emails is randomized and consists of a selection of detection types and legitimatedata. The detections trigger defined actions for viral content, spam content, compliance or Data LossPrevention (DLP) actions.

These test emails do not contain any viral content, rather, they contain test strings designed specificallyto ensure the anti-virus detections are working correctly.

When you enable the test email generator, policies are automatically created. These policies are usedto define the settings that are applied to the test email traffic as it is scanned by the appliance.

The connection and envelope properties of the generated email messages are also randomized, toensure that different policies are triggered when the messages are scanned.

You can edit the policies created to test the email traffic. Doing so might affect the results of thescanned test email traffic.

3 Getting started with VMtrialUsing the test email generator


Generate test emailGenerate a stream of messages to test the effects of the scanning policies.

Table 3-1 Option definitions — Diagnostics: Generate continuous test email

Option Definition

Enable Continuous Generation /Reset Continuous Generation

Creates new policies to define the configuration used to scan the testemail messages generated using continuous generation.After you have enabled continuous generation and created thepolicies, you can reset these policies to their initial state by clickingReset Continuous Generation.

Start Continuous Generation Creates test email traffic.

Disable Status Window Reminder When test email traffic is being generated, a reminder message isdisplayed on the Status Window every minute. Click to disable thereminder messages.

Stop Continuous Generation Stops the flow of test email traffic.

Task — Generate a stream of test email messagesConfigure the McAfee Email Gateway Appliance (VMtrial) software to generate a continuous stream oftest email messages.

To fully evaluate and understand some features within McAfee Email Gateway, it is necessary for theappliance to scan email messages. Use Generate Test Email | Diagnostics: Generate continuous test email to createa continuous stream of test email messages to be scanned by the appliance.

Task1 Select Troubleshoot | Tools | Generate Test Email.

2 Click Enable Continuous Generation.

3 Click OK to accept the notice about your policy customizations being overwritten.

The enabling of email generation and the creation of the required scanning policies takes severalminutes to complete.

New policies are created. These are used to configure the scanning for the test email messagestream.

4 Click Start Continuous Generation.

Your McAfee Email Gateway Appliance (VMtrial) starts generating a stream of email messages that arescanned by the appliance.

Task — View a summary of scanned email trafficUse the Dashboard to get an "at a glance" overview of the email traffic scanned by the McAfee® EmailGateway Appliance (VMtrial).

Before you beginEither arrange for external email to be delivered though the virtual appliance, or generate astream of test email messages using the Generate Test Email | Diagnostics: Generate continuous testemail feature.

Getting started with VMtrialUsing the test email generator 3


25

Task1 Select Dashboard.

2 View the counters shown within the Mail Summary portlets.

The counters increment as the email traffic is scanned.

Task — Find specific test email messagesUse Message Search to get detailed information about the email traffic scanned by the McAfee® EmailGateway Appliance (VMtrial).

Before you beginEither arrange for external email to be delivered though the virtual appliance, or generate astream of test email messages using the Generate Test Email | Diagnostics: Generate continuous testemail feature.

Task1 Select Reports | Message search.

2 Click Search / Refresh.

The appliance reads the current information from its database, and displays it on the page.

3 To view only information about specific actions taken, for example, email messages that have beenquarantined or bounced, use the available filtering options before clicking Search / Refresh.

Detailed information about the scanned email traffic is displayed. For further information, see theonline Help for Message Search.

Exploring the appliance featuresThis information contains tasks to demonstrate the McAfee Email Gateway scanning features in action.It provides step-by-step instructions to create and test some sample policies and tells you how togenerate applicable reports.

Contents Introduction to policies Encryption Compliance Settings Data Loss Prevention settings Task — Identify quarantined email messages

3 Getting started with VMtrialExploring the appliance features


Introduction to policiesThe appliance uses policies which describe the actions that the appliance must take against threatssuch as viruses, spam, unwanted files, and the loss of confidential information.

Email | Email Policies

Figure 3-2 Email Policies

Policies are collections of rules or settings that can be applied to specific types of traffic or to groups ofusers.

EncryptionThe Encryption pages enable you to set up McAfee Email Gateway to use the supported encryptionmethods to securely deliver your email messages.

Email | Encryption

The McAfee Email Gateway includes several encryption methodologies, and can be set up to provideencryption services to the other scanning features, or can be set up as an encryption-only server usedjust to encrypt email messages.

Task — Encrypt all email traffic to a specific customerA common use of the encryption features is to configure a policy to use encryption for email messagesgoing to a specific customer.

This group of tasks show how to configure your McAfee Email Gateway so that all email messagesbeing sent to s specific customer are sent using encryption.

Getting started with VMtrialExploring the appliance features 3


27

Task — Create a new scanning policyLearn how to create a new scanning policy.

Your appliance uses the policies you create to scan the email messages sent through the appliance.You can create multiple policies to control the way different users use email, or to specify differentactions based on specific circumstances.

Task

1 Select Email | Email Policies | Scanning Policies.

2 Select the required protocol using steps in Task — View policies for SMTP, POP3 or McAfee SecureWeb Mail.

3 Click Add policy.

4 In the Scanning Policies — New Policy page, enter the following information:

a Name for the policy.

b Write an optional description for the new policy.

c Specify where the new policy inherits its settings from.

If you have a similar policy already set up, select this to allow its settings to be inherited by thenew policy.

d Choose if the policy is to apply to inbound or outbound email traffic. (SMTP only)

e Select the required Match logic for the policy.

f Select the type of rule, how it should match, and the value that the rule tests against.

g If required, add additional rules, and use the and buttons to correctly order the rules.

5 Click OK.

The new policy is added to the top of the list of policies.

Task — Configure the encryption settingsConfigure your McAfee Email Gateway to use encryption.

Task

1 Select Email | Encryption | Secure Web Mail | Basic Settings.

2 Select Enable the Secure Web Mail Client.

3 Select Email | Encryption | Secure Web Mail | User Account Settings.

Recipients are automatically enrolled, and receive a digitally signed notification in HTML format. Theadministrator chooses whether to do push and/or pull encryption.

4 Select Email | Encryption | Secure Web Mail | Password Management.

The minimum password length is eight characters. The password expires after 365 days.

Task — Enable Encryption for messages matching a compliance ruleEnable the required encryption features on your McAfee Email Gateway for messages that match acompliance rule.

In this example, email messages that match the HIPAA Compliance rules will be encrypted.



Task1 Select Email | Email Policies | Compliance.

2 Click Enable compliance, and select Create new rule from template.

3 Search for the HIPAA Compliance rule and select it.

4 Click Next to progress through the wizard.

5 Select the primary action to Allow Through (Monitor).

6 In And also, select Deliver message using encryption.

7 Click Finish, and click OK to close the dialog box.

8 Select Email | Email Policies | Policy Options | Encryption.

9 In When to Encrypt, select Only when triggered from a scanner action.

10 In On-box Encryption Options, select Secure Web Mail, and click OK.

11 Apply the changes.

Compliance Settings Use this page to create and manage compliance rules.

Email | Email Policies | Compliance | Compliance

Benefits of the compliance settings Use compliance scanning to assist with conformance to regulatory compliance and corporate operatingcompliance. You can choose from a library of predefined compliance rules, or create your own rulesand dictionaries specific to your organization.

Compliance rules can vary in complexity from a straightforward trigger when an individual term withina dictionary is detected, to building on and combining score-based dictionaries which will only triggerwhen a certain threshold is reached. Using the advanced features of compliance rules, dictionaries canbe combined using logical operations of any of, all of, or except.

Task — Restrict the score contribution of a dictionary termUse this task to restrict the score contribution of a dictionary term.

Before you beginThis task assumes that your rule includes a dictionary which triggers the action based on athreshold score, such as the Compensation and Benefits dictionary.

You can restrict how many times a term can contribute to the overall score.

For example, if ’testterm’ within a dictionary has a score of 10 and is seen five times within an email,it will add 50 to the overall score. Alternatively you can restrict this, for example to contribute onlytwice by setting ‘Maximum term count’ to 2.



29


2 Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose scoreyou want to change.

3 In Maximum term count, type the maximum number of times that you want a term to contribute to thescore.

Task — Edit the threshold associated with an existing ruleUse this task to edit the threshold associated with an existing rule.

Before you beginThis task assumes that your rule includes a dictionary which triggers the action based on athreshold, such as the Compensation and Benefits dictionary.


2 Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose scoreyou want to change.

3 In dictionary threshold, type the score on which you want the rule to trigger, and click OK.

Task — Create a rule to monitor or block at a thresholdFor score-based dictionaries you might want to monitor triggers that reach a low threshold, and onlyblock the email when a high threshold is achieved.


2 Click Create new rule, type a name for it such as Discontent - Low, and click Next.

3 Select the Discontent dictionary, and in Threshold, type 20.

4 Click Next, and Next again.

5 In If the compliance rule is triggered, accept the default action.

6 Click Finish.

7 Repeat steps 2 through 4 to create another new rule but name it Discontent - High and assign ita threshold of 40.

8 In If the compliance rule is triggered, select Deny connection (Block).

9 Click Finish.

10 Click OK and apply the changes.



Task — Add a dictionary to a ruleUse this task to add a new dictionary to an existing rule.


2 Expand the rule that you want to edit.

3 Select Add dictionaries.

4 Select the new dictionary that you want to include, and click OK.

Task — Create a complex custom ruleUse this task to create a complex rule that triggers when both Dictionary A and Dictionary B aredetected, except when Dictionary C is also detected.

Task1 Select Email | Email Policies | Scanning Policies and select Compliance.

2 In the Default Compliance Settings dialog box, click Yes to enable the policy.

3 Click Create new rule to open the Rule Creation Wizard.

4 Type a name for the rule, and click Next.

5 Select two dictionaries to include in the rule, and click Next.

6 Select a dictionary that you want to exclude from the rule in the exclusion list.

7 Select the action that you want to take place if the rule triggers.

8 From the And conditionally drop-down list, select All, and click Finish.

Task — Create a simple custom ruleUse this task to create a simple custom rule that blocks messages that contain social securitynumbers.



3 Click Create new rule to open the Rule Creation Wizard.

4 Type a name for the rule, and click Next.

5 In the Search field, type social.

6 Select the Social Security Number dictionary, and click Next twice.

7 Select the Deny connection (Block) action, and click Finish.



31

Task — Block messages that violate a policyUse this to task to block messages that violate a threatening language policy.



3 Click Create new rule from template to open the Rule Creation Wizard.

4 Select the Acceptable Use - Threatening Language policy, and click Next.

5 Optionally change the name of the rule, and click Next.

6 Change the primary action to Deny connection (Block), and click Finish.

7 Click OK and apply the changes.

Data Loss Prevention settings Use this page to create a policy that assigns data loss prevention actions against the registereddocument categories.

Email | Email Policies | Compliance | Data Loss Prevention

Benefits of using Data Loss Prevention (DLP)You can choose to restrict the flow of sensitive information sent in email messages by SMTP throughthe appliance using the Data Loss Prevention feature. For example, by blocking the transmission of asensitive document such as a financial report that is to be sent outside of your organization. Detectionoccurs whether the original document is sent as an email attachment, or even as just a section of texttaken from the original document.

Configuring DLP takes place in two phases:

• Registering the documents that you want to protect

• Setting the DLP policy to action, and control the detection (this topic)

If an uploaded registered document contains embedded documents, their content is also fingerprintedso the combined content is used when calculating the percentage match at scan time. To haveembedded documents treated individually, they must be registered separately.

Task — Prevent a sensitive document from being leakedUse this task to block sensitive financial documents from being sent outside your organization.

Before you beginThis example assumes that you have already created a Finance category.

Task1 Select Email | Email Policies | Compliance | Data Loss Prevention.

2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.

3 Click Create new rule, select the Finance category, and click OK to have the category appear in the Ruleslist.



4 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.

5 Click OK again, and apply the changes.

Task — Block a section of the documentUse this task to block just a small section of the document from being sent outside your organization.

Task

1 Select Email | Email Policies | Compliance | Data Loss Prevention.


3 Enable the consecutive signatures setting, and type the number of consecutive signatures againstwhich the DLP policy will trigger a detection. The level is set to 10 by default.

4 Click Create new rule, select the Finance category, and click OK to have the category appear in theRules list.

5 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.


Task — Exclude a specific document for a policyUse this task to prevent a specific financial document from triggering the DLP policy settings.

Task

1 Select Email | Email Policies | Compliance | Data Loss Prevention.


3 Click Create document exclusion, select the document you want to ignore for this policy, and click OK.


Task — Identify quarantined email messagesUse this task to discover which email messages have been quarantined by your McAfee Email GatewayAppliance.

To view a list of all messages that have been quarantined:

Task

1 Click Reports | Message Search.

2 Select Quarantined from the Message status drop-down list.

3 Click Search/Refresh.

All messages that have been quarantined are displayed in the lower part of the page.

Tasks• Task — Refine the search on page 34

• Task — View a specific email message on page 34

• Task — Release a quarantined email message on page 34After viewing the email message that has been quarantined, you may want to release themessage from Quarantine. This task allows you to do this.



33

Task — Refine the searchYou can further refine your search for quarantined email messages to show only those that have beenquarantined due to specific triggers. In this example, to find those email messages quarantined due tocompliance issues:

Task1 Complete the steps in Task — Find out which email messages are quarantined.

2 Select Compliance from the Category drop-down list.

3 Click Search/Refresh.

The lower part of the screen is refreshed to show only the messages that have been quarantined dueto compliance issues.

Task — View a specific email messageYou can view the content of a quarantined email message.

Task1 Complete the steps in Task — Refine the search.

2 Select the relevant quarantined message using the checkbox to the left of the page.

3 Click View Message.

The selected message is displayed in a new window. From this window, you can view the content ofthe email message. You can also choose to view the detailed email header information. After you haveviewed the message, by clicking the relevant buttons, you can choose further actions to perform onthe email message.

Task — Release a quarantined email messageAfter viewing the email message that has been quarantined, you may want to release the messagefrom Quarantine. This task allows you to do this.

To release a selected message from quarantine:

Task1 Complete the steps in Task — View a specific email message.

2 Click Release Selected.

The selected email message is released from quarantine.

Email messages that contain viral content cannot be released from quarantine, as to do so would riskcausing damage to your systems.



Index

Bbenefits of data loss prevention 32

benefits of DLP 32

Ccluster configuration

statistics 21

compliance 29

Compliancebenefits of 29

scanning for 29

configuration change messages 21

DDashboard 21

data loss preventionbenefits 32

data loss prevention (DLP) 32

detectionsrates and statistics 21

dictionariesadding to policies 29

editing scores and terms 29

DLPbenefits 32

DLP (data loss prevention) 32

Eemail generator 24

email policiescompliance 29

email queues 21

email status 21

encryption 27

environmentsupported platforms 5

Ffeature descriptions 6

Ggraphs

email and network statistics 21

MMcAfee Global Threat Intelligence 21

Nnetwork status 21

Ppolicies

introduction to 27

status 21

product features 6

SScanning

for compliance 29

statisticsDashboard 21

supported platforms 5

Ttest email generator 24

benefits 24

threat feedback 21

Vvirtual platforms

supported 5

Wwarning messages

Dashboard 21

web policiescompliance 29


35

mcafee email gateway 7.6.400 vmtrial appliances...

Documents