McAfee Email Gateway version 7.0 Appliances Installation Guide

Draft only - 9.13.11Installation GuideMcAfee ® Email Gateway 7.0 Appliances

ContentsDraft only - 9.13.11Benefits of using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . 53Dashboard portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544 Testing the configuration 57Task — Test connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Task — Update the DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Task — Test mail traffic and virus detection . . . . . . . . . . . . . . . . . . . . . . . 58Task — Testing spam detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585 Exploring the appliance features 59Introduction to policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Task — Identify quarantined email messages . . . . . . . . . . . . . . . . . . . 61Compliance Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Data Loss Prevention settings . . . . . . . . . . . . . . . . . . . . . . . . . 65Index 674 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11PrefaceContentsAbout this guideFinding product documentationAbout this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.AudienceMcAfee documentation is carefully researched and written for the target audience.The information in this guide is intended primarily for:• Administrators — People who implement and enforce the company's security program.ConventionsThis guide uses the following typographical conventions and icons.Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.BoldUser input or PathCodeText that is strongly emphasized.Commands and other text that the user types; the path of a folder or program.A code sample.User interfaceHypertext blueWords in the user interface including options, menus, buttons, and dialogboxes.A live link to a topic or to a website.Note: Additional information, like an alternate method of accessing an option.Tip: Suggestions and recommendations.Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.Warning: Critical advice to prevent bodily harm when using a hardwareproduct.McAfee ® Email Gateway 7.0 Appliances Installation Guide 5

PrefaceAbout this guideDraft only - 9.13.11Graphical conventionsUse this information to understand the graphical symbols used within this document.ApplianceInternet or external networksMail ServerOther servers (such as DNSservers)User or client computerRouterSwitchFirewallNetwork zone (DMZ or VLAN)NetworkActual data pathPerceived data pathDefinition of terms used in this guideUse this information to understand some of the key terms used in this document.Termdemilitarized zone(DMZ)DAT filesoperational modepolicyReputationService checkDefinitionA computer host or small network inserted as a buffer between a private networkand the outside public network to prevent direct access from outside users toresources on the private network.Detection definition (DAT) files, also called signature files, containing thedefinitions that identify, detect, and repair viruses, Trojan horses, spyware,adware, and other potentially unwanted programs (PUPs).Three operating modes for the product: explicit proxy mode, transparent bridgemode, and transparent router mode.A collection of security criteria, such as configuration settings, benchmarks, andnetwork access specifications, that defines the level of compliance required forusers, devices, and systems that can be assessed or enforced by a McAfeesecurity application.Part of sender authentication. If a sender fails the Reputation Service check, theappliance is set to close the connection and deny the message. The sender's IPaddress is added to a list of blocked connections and is automatically blocked infuture at the kernel level.How to use this guideThis topic gives a brief summary of the information contained within this document.This guide helps you to:• Plan and perform your installation.• Become familiar with the interface.6 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11PrefaceFinding product documentation• Test that the product functions correctly.• Apply the latest detection definition files.• Explore some scanning policies, create reports, and get status information.• Troubleshoot basic issues.You can find additional information about the product's scanning features in the online help within theproduct and the McAfee Email Gateway 7.0 Administrators Guide.Finding product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and troubleshooting. After a product is released, information about the productis entered into the McAfee online KnowledgeBase.Task1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.2 Under Self Service, access the type of information you need:To access...User documentationDo this...1 Click Product Documentation.2 Select a product, then select a version.3 Select a product document.KnowledgeBase• Click Search the KnowledgeBase for answers to your product questions.• Click Browse the KnowledgeBase for articles listed by product and version.McAfee ® Email Gateway 7.0 Appliances Installation Guide 7

PrefaceFinding product documentationDraft only - 9.13.118 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.111Preparing1to installTo ensure the safe operation of McAfee ® Email Gateway 7.0, consider the following before you beginthe installation.• Familiarize yourself with its operational modes and capabilities. It is important that you choose avalid configuration.• Decide how to integrate the appliance into your network and determine what information you needbefore you start. For example, the name and IP address for the device.• Unpack the product as close to its intended location as possible.• Remove the product from any protective packaging and place it on a flat surface.• Observe all provided safety warnings.Review and be familiar with all provided safety information.ContentsWhat's in the boxPlan the installationInappropriate useOperating conditionsPositioning the applianceConsiderations about network modesDeployment strategies for using the device in a DMZWhat's in the boxUse this information to ensure that you have a complete shipment for your product.To check that all components are present, refer to the packing list supplied with your product.Generally, you should have:• An appliance • McAfee Email Gateway installation and recovery CD• Power cords • Linux source code CD• Network cables • Documentaiton CDIf an item is missing or damaged, contact your supplier.McAfee ® Email Gateway 7.0 Appliances Installation Guide 9

1Preparing to installPlan the installationDraft only - 9.13.11Plan the installationUse this information when planning the installation of your device.Before unpacking your McAfee Email Gateway, it is important to plan the installation and deployment.Consider the following:• Environmental requirements.Information on environmental site requirements, including temperature, airflow, and spacerequirements.• Power requirements and considerations.Power requirements and electrical factors that must be considered before installation.• Hardware specifications and requirements.• Configuration scenarios.• Preparing for installation.Inappropriate useUse this information to avoid using this product inappropriately.McAfee ® Email Gateway is:• Not a firewall. — You must use it within your organization behind a correctly configured firewall.• Not a server for storing extra software and files. — Do not install any software on the deviceor add any extra files to it unless instructed by the product documentation or your supportrepresentative.The device cannot handle all types of traffic. If you use explicit proxy mode, only protocols that are tobe scanned should be sent to the device.Operating conditionsUse this information to understand the environmental conditions needed for your McAfee EmailGateway.TemperatureRelative humidity10 to 35°C (50 to 95°F).20% to 80% (non-condensing) with a maximum humidity gradient of 10% perhour.Maximum vibration 0.25 G at 3–200 Hz for 15 minutes.Maximum shock One shock pulse in the positive z axis (one pulse on each side of the unit) of 31G for up to 2.6 ms.Altitude-16 to 3,048 m (-50 to 10,000 ft.).10 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Preparing to installPositioning the appliance 1Positioning the applianceUse this information to understand where the McAfee Email Gateway should be placed before settingup and using it.Select the final position for the appliance and install it so that it meets the operating conditions, sothat you can control physical access to the appliance, and so that you can access all ports andconnections on both the front and the rear panels..A rack-mounting kit is supplied with the appliance, allowing you to install the appliance in a 19-inch rack.Considerations about network modesUse this information to gain an understanding of the operational (or network) modes in which thedevice can operate.Before you install and configure your McAfee Email Gateway, you must decide which network mode touse. The mode you choose determines how you physically connect your appliance to your network.You can choose from the following network modes:• Transparent bridge mode — The device acts as an Ethernet bridge.• Transparent router mode — The device acts as a router.• Explicit proxy mode — The device acts as a proxy server and a mail relay.If you are still unsure about the mode to use after reading this and the following sections, consult yournetwork expert.Architectural considerations about network modesThe main considerations regarding the network modes are:• Whether communicating devices are aware of the existence of the device. That is, if the device isoperating in one of the transparent modes.• How the device physically connects to your network.• The configuration needed to incorporate the device into your network.• Where the configuration takes place in the network.Considerations before changing network modesIn explicit proxy and transparent router modes, you can set up the device to sit on more than onenetwork by setting up multiple IP addresses for the LAN1 and LAN2 ports.If you change to transparent bridge mode from explicit proxy or transparent router mode, only theenabled IP addresses for each port are carried over.After you select a network mode, McAfee recommends not changing it unless you move the device orrestructure your network.Transparent bridge modeUse this information to better understand Transparent bridge mode on your McAfee Email Gateway.In transparent bridge mode, the communicating servers are unaware of the device — the device’soperation is transparent to the servers.McAfee ® Email Gateway 7.0 Appliances Installation Guide 11

1Preparing to installConsiderations about network modesDraft only - 9.13.11In the figure, the external mail server (A) sends email messages to the internal mail server (C). Theexternal mail server is unaware that the email message is intercepted and scanned by the device (B).The external mail server seems to communicate directly with the internal mail server — the path isshown as a dotted line. In reality, traffic might pass through several network devices and beintercepted and scanned by the device before reaching the internal mail server.What the device does in transparent bridge modeIn transparent bridge mode, the device connects to your network using the LAN1 and LAN2 ports. Thedevice scans the traffic it receives, and acts as a bridge connecting two network segments, but treatsthem as a single logical network.Configuration in transparent bridge modeTransparent bridge mode requires less configuration than transparent router and explicit proxy modes.You do not need to reconfigure all your clients, default gateway, MX records, Firewall NAT or mailservers to send traffic to the device. Because the device is not a router in this mode, you do not needto update a routing table.Where to place the device when using transparent bridge modeFor security reasons, you must use the device inside your organization, behind a firewall.In transparent bridge mode, position the device between the firewall and your router, as shown.In this mode, you physically connect two network segments to the device, and the device treats themas one logical network. Because the devices — firewall, device, and router — are on the same logicalnetwork, they must all have compatible IP addresses on the same subnet.Devices on one side of the bridge (such as a router) that communicate with devices on the other sideof the bridge (such as a firewall) are unaware of the bridge. They are unaware that traffic isintercepted and scanned, therefore the device is said to operate as a transparent bridge.Transparent router modeUse this information to better understand Transparent router mode on your McAfee Email Gateway.In transparent router mode, the device scans email traffic between two networks. The device has oneIP address for outgoing scanned traffic, and must have one IP address for incoming traffic.The communicating network servers are unaware of the intervention of the device — the device’soperation is transparent to the devices.What the device does in transparent router modeIn transparent router mode, the device connects to your networks using the LAN1 and LAN2 ports.The device scans the traffic it receives on one network, and forwards it to the next network device ona different network. The device acts as a router, routing the traffic between networks, based on theinformation held in its routing tables.12 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Preparing to installConsiderations about network modes 1Configuration in transparent router modeUsing transparent router mode, you do not need to explicitly reconfigure your network devices to sendtraffic to the device. You need only configure the routing table for the device, and modify some routinginformation for the network devices on either side of it (the devices connected to its LAN1 and LAN2ports). For example, you might need to make the device your default gateway.In transparent router mode, the device must join two networks. The device must be positioned insideyour organization, behind a firewall.Transparent router mode does not support Multicast IP traffic or non-IP protocols, such as NETBEUI andIPX.Firewall rulesIn transparent router mode, the firewall connects to the physical IP address for the LAN1/LAN2connection to the management blade.Where to place the deviceUse the device in transparent router mode to replace an existing router on your network.You need to:If you use transparent router mode and you do not replace an existing router, you must reconfigure partof your network to route traffic correctly through the device.• Configure your client devices to point to the default gateway.• Configure the device to use the Internet gateway as its default gateway.• Ensure your client devices can deliver email messages to the mail servers within your organization.Explicit proxy modeUse this information to better understand explicit proxy mode on your McAfee Email Gateway.In explicit proxy mode, some network devices must be set up explicitly to send traffic to the device.The device then works as a proxy or relay, processing traffic on behalf of the devices.Explicit proxy mode is best suited to networks where client devices connect to the device through asingle upstream and downstream device.This might not be the best option if several network devices must be reconfigured to send traffic to thedevice.Network and device configurationIf the device is set to explicit proxy mode, you must explicitly configure your internal mail server torelay email traffic to the device. The device scans the email traffic before forwarding it, on behalf ofthe sender, to the external mail server. The external mail server then forwards the email message tothe recipient.In a similar way, the network must be configured so that incoming email messages from the Internetare delivered to the device, not the internal mail server.The device scans the traffic before forwarding it, on behalf of the sender, to the internal mail server fordelivery, as shown.McAfee ® Email Gateway 7.0 Appliances Installation Guide 13

1Preparing to installDeployment strategies for using the device in a DMZDraft only - 9.13.11For example, an external mail server can communicate directly with the device, although traffic mightpass through several network servers before reaching the device. The perceived path is from theexternal mail server to the device.ProtocolsTo scan a supported protocol, you must configure your other network servers or client computers toroute that protocol through the device, so that no traffic bypasses the device.Firewall rulesExplicit proxy mode invalidates any firewall rules set up for client access to the Internet. The firewallsees only the IP address information for the device, not the IP addresses of the clients, so the firewallcannot apply its Internet access rules to the clients.Where to place the deviceConfigure the network devices so that traffic needing to be scanned is sent to the device. This is moreimportant than the location of the device.The router must allow all users to connect to the device.The device must be positioned inside your organization, behind a firewall, as shown in Figure 6:Explicit proxy configuration.Typically, the firewall is configured to block traffic that does not come directly from the device. If youare unsure about your network’s topology and how to integrate the device, consult your network expert.Use this configuration if:• The device is operating in explicit proxy mode.• You are using email (SMTP).For this configuration, you must:• Configure the external Domain Name System (DNS) servers or Network Address Translation (NAT)on the firewall so that the external mail server delivers mail to the device, not to the internal mailserver.• Configure the internal mail servers to send email messages to the device. That is, the internal mailservers must use the device as a smart host. Ensure that your client devices can deliver emailmessages to the mail servers within your organization.• Ensure that your firewall rules are updated. The firewall must accept traffic from the device, butmust not accept traffic that comes directly from the client devices. Set up rules to preventunwanted traffic entering your organization.Deployment strategies for using the device in a DMZUse this information to understand about demilitarized zones within your network, and how to usethem to protect your email servers.A demilitarized zone (DMZ) is a network separated by a firewall from all other networks, including theInternet and other internal networks. The typical goal behind the implementation of a DMZ is to lockdown access to servers that provide services to the Internet, such as email.Hackers often gain access to networks by identifying the TCP/UDP ports on which applications arelistening for requests, then exploiting known vulnerabilities in applications. Firewalls dramaticallyreduce the risk of such exploits by controlling access to specific ports on specific servers.14 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Preparing to installDeployment strategies for using the device in a DMZ 1The device can be added easily to a DMZ configuration. The way you use the device in a DMZ dependson the protocols you intend to scan.SMTP configuration in a DMZUse this information to understand how to configure SMTP devices within a demilitarized zone on yournetwork.The DMZ is a good location for encrypting mail. By the time the mail traffic reaches the firewall for thesecond time (on its way from the DMZ to the Internet), it has been encrypted.Devices which scan SMTP traffic in a DMZ are usually configured in explicit proxy mode.Configuration changes need only be made to the MX records for the mail servers.NOTE: You can use transparent bridge mode when scanning SMTP within a DMZ. However, if you do notcontrol the flow of traffic correctly, the device scans every message twice, once in each direction. Forthis reason, explicit proxy mode is usually used for SMTP scanning.Mail relayIf you have a mail relay already set up in your DMZ, you can replace the relay with the device.To use your existing firewall policies, give the device the same IP address as the mail relay.Mail gatewaySMTP does not provide methods to encrypt mail messages — you can use Transport Layer Security(TLS) to encrypt the link, but not the mail messages. As a result, some companies do not allow suchtraffic on their internal network. To overcome this, they often use a proprietary mail gateway, such asLotus Notes ® or Microsoft ® Exchange, to encrypt the mail traffic before it reaches the Internet.To implement a DMZ configuration using a proprietary mail gateway, add the scanning device to theDMZ on the SMTP side of the gateway.In this situation, configure:• The public MX records to instruct external mail servers to send all inbound mail to the device(instead of the gateway).• The device to forward all inbound mail to the mail gateway, and deliver all outbound mail usingDNS or an external relay.• The mail gateway to forward all inbound mail to the internal mail servers and all other (outbound)mail to the device.• The firewall to allow inbound mail that is destined for the device only.Firewalls configured to use Network Address Translation (NAT), and that redirect inbound mail tointernal mail servers, do not need their public MX records reconfigured. This is because they aredirecting traffic to the firewall rather than the mail gateway itself. In this case, the firewall must insteadbe reconfigured to direct inbound mail requests to the device.McAfee ® Email Gateway 7.0 Appliances Installation Guide 15

1Preparing to installDeployment strategies for using the device in a DMZDraft only - 9.13.11Firewall rules specific to Lotus NotesUse this information to identify specific considerations when protecting Lotus Notes systems.By default, Lotus Notes servers communicate over TCP port 1352. The firewall rules typically used tosecure Notes servers in a DMZ allow the following through the firewall:• Inbound SMTP requests (TCP port 25) originating from the Internet and destined for the device• TCP port 1352 requests originating from the Notes gateway and destined for an internal Notes server• TCP port 1352 requests originating from an internal Notes server and destined for the Notes gateway• SMTP requests originating from the device and destined for the InternetAll other SMTP and TCP port 1352 requests are denied.Firewall rules specific to Microsoft ExchangeUse this information to identify specific considerations when protecting Microsoft Exchange systems.A Microsoft Exchange-based mail system requires a significant workaround.When Exchange servers communicate with each other, they send their initial packets using the RPCprotocol (TCP port 135). However, once the initial communication is established, two ports are chosendynamically and used to send all subsequent packets for the remainder of the communication. Youcannot configure a firewall to recognize these dynamically-chosen ports. Therefore, the firewall doesnot pass the packets.The workaround is to modify the registry on each of the Exchange servers communicating across thefirewall to always use the same two “dynamic” ports, then open TCP 135 and these two ports on thefirewall.We mention this workaround to provide a comprehensive explanation, but we do not recommend it.The RPC protocol is widespread on Microsoft networks — opening TCP 135 inbound is a red flag tomost security professionals.If you intend to use this workaround, details can be found in the following Knowledge Base article onthe Microsoft website:http://support.microsoft.com/kb/q176466/Workload managementUse this information to learn about the workload management features of McAfee Email Gateway.The appliances includes its own internal workload management, distributing the scanning load evenlybetween all appliances configured to work together.You do not need to deploy an external load balancer.16 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.112Installingthe McAfee Email GatewayapplianceUse this information to understand the recommended process to install, connect and configure yourMcAfee Email Gateway.McAfee recommends that you consider installing the McAfee Email Gateway in the following order:1 Unpack the McAfee Email Gateway and confirm no parts are missing (check against parts lists inthe box)2 Rack-mount the McAfee Email Gateway3 Connect the peripherals and power (monitor, keyboard).4 Connect the McAfee Email Gateway to the network, noting deployment scenarios and intendednetwork mode.5 Install the software onto the McAfee Email Gateway6 Use the Configuration Console to carry out the basic configuration (server name, IP addresses,gateway, and so on).7 Connect to the administration interface.8 Run the Setup Wizard.9 Route test network traffic through the McAfee Email Gateway10 Test that the network traffic is being scanned.11 Configure policies and reporting.12 Route production traffic through the McAfee Email Gateway.Connecting the McAfee Email Gateway to your network can disrupt Internet access or other networkservices. Ensure that you have arranged network down-time for this, and that you schedule this duringperiods of low network usage.ContentsInstallation quick reference tablePorts and connectionsPhysically installing the applianceConnect to the networkSupplying power to the applianceOverview task — Installing the softwareUsing the Configuration ConsoleMcAfee ® Email Gateway 7.0 Appliances Installation Guide 17

2Installing the McAfee Email Gateway applianceInstallation quick reference tableDraft only - 9.13.11Installation quick reference tableUse this information as a quick reference when installing the McAfee Email Gateway.This step...... is describedhere.1. Unpack the pallet and check the contents against the parts lists in the box. Part List2. Connect the peripherals and power.3. Connect the appliance to the network.4. Install the software.5. Perform basic configuration.6. Connect to the administration interface.7. Route the test network traffic through the appliance.8. Test that the network traffic is being scanned.9. Configure policies and reporting.10. Configure production traffic through the system.Ports and connectionsInformation regarding the ports and connections are no longer held within this guide.For information about the ports and connections on your appliance, please refer to the McAfee EmailGateway Port Identification Guide.Physically installing the applianceUse this task to physically connect your appliance to your network.Task1 Remove the appliance from the protective packaging and place it on a flat surface.2 If you are going to install the appliance in a 19-inch rack, perform the steps in Mounting theappliance in a rack.3 Connect a monitor, keyboard and mouse to the appliance.4 Connect power leads to the monitor and the appliance, but do not connect to the power supplies yet.5 Connect the appliance to the network, taking into consideration your chosen operating mode.Mounting the appliance in a rackUse this information to mount your appliance into a rack.The rack kit enables you to install the appliance into a four-post rack. The kit can be used with mostindustry-standard 19-inch rack cabinets.18 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceConnect to the network 2The rack kit contains:• 2 mounting rails• 8 screws• 2 releasable tie wrapsYou will need a screwdriver that is suitable for use with the supplied screws.Make sure you follow the supplied safety warnings. Always load the rack from the bottom up. If you areinstalling multiple appliances, start with the lowest available position first.Connect to the networkLearn how to connect your Email Gateway to your network.This section describes how to connect the appliance to your network.The ports and cables that you use to connect the appliance to your network depend on how you aregoing to use the appliance. For information about network modes, see Considerations about networkmodes.Port numbersUse this information to understand some of the important ports used by your appliance.When you connect the appliance to your network, use the following port numbers:• For HTTPS, use Port 443. • For POP3, use port 110.• For HTTP, use Port 80. • For FTP, use Port 21.• For SMTP, use Port 25.Using Copper LAN connectionsUnderstand how to connect your Email Gateway to your network using copper connections.Using the LAN1 and LAN2 switch connections and the supplied network cables (or equivalent Cat 5e orCat 6 Ethernet cables), connect the appliance to your network according to the network mode youhave chosen.If you have DHCP configured on your network, the IP addresses for these ports are now automaticallyallocated.Transparent bridge modeUse the copper LAN cables (supplied) to connect the Email Gateway LAN1 and LAN2 switches to yournetwork so that the appliance is inserted into the data stream.Transparent router modeThe Email Gateway functions as a router. The LAN segments connected to its two network interfacesmust therefore be on different IP subnets. It must replace an existing router, or a new subnet must becreated on one side of the appliance. Do this by changing the IP address or the netmask used by thecomputers on that side.McAfee ® Email Gateway 7.0 Appliances Installation Guide 19

2Installing the McAfee Email Gateway applianceSupplying power to the applianceDraft only - 9.13.11Explicit proxy modeUse a copper LAN cable (supplied) to connect the LAN1 or LAN2 switch to your network. The cable is astraight-through (uncrossed) cable, and connects the appliance to a normal uncrossed RJ-45 networkswitch.In explicit proxy mode, the unused switch connection can be used as a dedicated management port.To manage the appliance locally, use a crossover Cat 5e Ethernet cable to connect the appliance toyour local computer’s network card.Using Fiber LAN connectionsUnderstand how to connect your Email Gateway to your network using fiber-optic connections.Using the LAN1 and LAN2 switch connections and the fiber cables, connect the appliance to yournetwork according to the network mode you have chosen.Transparent bridge modeUse the fiber cables to connect the LAN1 and LAN2 switches to your network.Transparent router modeUse the fiber cables to connect the LAN1 and LAN2 switches to different IP subnets.Explicit proxy modeUse a fiber cable to connect the appliance’s LAN1 switches to your network.In explicit proxy mode, the unused connector can be used as a dedicated management port. If yourmanagement computer has a compatible Network Interface Card (NIC), connect it to the remainingconnector for local management.Monitor, mouse and keyboardUse this information to connect a computer monitor, the mouse and the keyboard to your McAfeeEmail Gateway.Connect a computer monitor to the VGA connector on your McAfee Email Gateway.Connect the keyboard and mouse to USB connectors on the McAfee Email GatewaySupplying power to the applianceUse this task to supply power to the appliance and to switch it on.Task1 Connect the monitor and appliance power cables to power outlets.If the power cord is not suitable for the country of use, contact your supplier.2 Switch on the appliance by pushing the power button.After booting up, the Configuration Console appears on the monitor.20 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceOverview task — Installing the software 2Overview task — Installing the softwareUse this task as an overview of the software installation process for McAfee Email Gateway.Task1 From a computer with internet access, download the latest version of the Email and Web Securitysoftware from the McAfee download site. (You will need your Grant Number to do this.)2 Create a CD from this image.3 With the device switched on, insert the CD into the CD-ROM drive.4 Re-boot the device.As the McAfee Email Gateway reboots, the software is installed on the device.Tasks• Task — Downloading the installation software on page 21Use this task to download the most up-to-date version of the McAfee Email Gatewaysoftware.• Task — Creating a CD from the installation software image on page 22Use this task to create an installation CD from the downloaded software image.Task — Downloading the installation softwareUse this task to download the most up-to-date version of the McAfee Email Gateway software.Before you begin• Read your product installation guide.• Get the McAfee grant ID number that you received when you purchased McAfee EmailGateway.McAfee provides the software as an .iso file (for creating CDs for installation on physical appliances),available from the McAfee download website.Task1 Go to the McAfee website http://www.mcafee.com. Hover your cursor over your business type andclick Downloads.2 From My Products - Downloads, click Login.3 Type the McAfee grant ID number that you received when you purchased McAfee Email Gateway,and click Submit.4 From the list of products, select Email Gateway.5 Agree to the license terms, select the latest version and download it.McAfee recommends that you read the Release Notes that accompany the software image beforeyou continue with the installation.McAfee ® Email Gateway 7.0 Appliances Installation Guide 21

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11Task — Creating a CD from the installation software imageUse this task to create an installation CD from the downloaded software image.Before you begin• Download the software image in .iso file format.• Ensure that you have a method to validate the downloaded .iso file, by comparing theMD5 checksums.• Ensure that you have a suitable writable CD-ROM drive connected to your computersystem and suitable writeable CDs.• Ensure that you have suitable CD creation software — able to create a CD image froman .iso file — installed on your computer system,From a computer that can access the downloaded .iso image, carry out the following steps.Task1 Validate the downloaded .iso file, by generating an MD5 checksum, and comparing it with theinformation given on the download site.2 Following the instructions supplied with your CD Creation software, open the software.3 Following the workflow for your CD Creation software, select your writable CD-ROM drive, and theMcAfee Email Gateway .iso file and insert a blank writable CD into the CD-ROM drive..4 Create the installation CD.Using the Configuration ConsoleUnderstand how to use the configuration console to set up your McAfee Email Gateway.You can now configure your Email Gateway either from the Configuration Console, or from the SetupWizard within the user interface.The Configuration Console launches automatically at the end of the startup sequence after either:• an unconfigured Email Gateway starts,• or after a Email Gateway is reset to its factory defaults.When launched, the Configuration Console provides you with options to either configure your device inyour preferred language from the Email Gateway console, or provides instructions for you to connectto the Setup Wizard within the user interface from another computer on the same class C subnet. Bothmethods provide you with the same options to configure your Email Gateway.From the Configuration Console, you can configure a new installation of the appliance software.However, to configure your appliance using a previously saved configuration file, you need to log ontothe appliance user interface, and run the setup Wizard (System | Setup Wizard).This version of the software also introduces automatic configuration using DHCP for the followingparameters:• Host name • DNS server• Domain name • Leased IP address• Default gateway • NTP server22 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2WelcomeUse this page to select the type of installation that you want to follow.This is the first page of the Setup Wizard. Use this page to select the type of installation you want toperform.• Standard Setup (default) — use this option to set up your device in transparent bridge mode, andconfigure it to protect your network. The SMTP protocol is enabled by default. You can choose toenable scanning of POP3 traffic.Choosing Standard Setup forces the device to run in transparent bridge mode.• Custom Setup — use this option to select the operating mode for your device. You can choose toprotect mail traffic using SMTP and POP3 protocols. You should use this if you need to configureIPv6 and to make other changes to the default configuration.• Restore from a file — (not available from the Configuration Console) use this to set up your devicebased on a previously saved configuration. Following the import of the file you will be able to checkthe imported settings before finishing the wizard. If the file came from an earlier McAfee Email andWeb Security Appliance, some details are not available.• ePO Managed Setup — use this to set up your device so that it can be managed by your ePolicyOrchestrator server. Only minimal information is needed, as the device will get most of itsconfiguration information from your ePolicy Orchestrator server.• Encryption Only Setup — use this option to set up your appliance as a standalone encryption server.The appliance operates in one of the following modes — transparent bridge, transparent router, orexplicit proxy. The mode affects how you integrate the appliance into your network and how theappliance handles traffic. You will need to change the mode only if you restructure your network.Performing a Standard SetupUse this information to understand the purpose of the Standard Setup.Standard Setup enables you to quickly set up your McAfee Email Gateway using the most commonoptions. Use this option to set up your device in transparent bridge mode, and configure it to protectyour network. The SMTP protocol is enabled by default. You can choose to enable scanning of POP3traffic.Choosing Standard Setup forces the device to run in transparent bridge mode.For the Standard Setup, the wizard includes these pages:• Email Configuration• Basic Settings• SummaryMcAfee ® Email Gateway 7.0 Appliances Installation Guide 23

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11Email Configuration page (Standard Setup)This information describes the options available on this page.OptionEnable protection againstPotentially Unwanted ProgramsEnable McAfee Global ThreatIntelligence feedbackLocal relay domainDefinitionClick to activate protection against Potentially Unwanted Programs. Readthe advice from McAfee about the effects that activating this protectioncan have.Select this option to enable McAfee Global Threat feedback.Click What is this? to read about how the feedback is used, and view theMcAfee Privacy Policy.Enter both the IP address and netmask for your local relay domain.Basic Settings page (Standard Setup)Use this page in the Standard Setup wizard, to specify basic settings for the appliance in transparentbridge mode.OptionDevice nameDomain nameDefinitionSpecifies a name, such as appliance1.Specifies a name, such as domain1.com.IP address Specifies an address, such as 198.168.200.10.The fully qualified domain name (Device name.Domain name) must resolve to this IPaddress when the DNS server (specified here) is called. We recommend that this IPaddress resolves to the FQDN in a reverse lookup.Subnet Specifies a subnet address, such as 255.255.255.0.Gateway AddressDNS Server IPModeUser IDCurrent Password/New PasswordSpecifies an address, such as 198.168.10.1. This is likely to be a router or afirewall. You can test later that the appliance can communicate with this device.Specifies the address of a Domain Name Server that the appliance uses to convertwebsite addresses to IP addresses. This can be an Active Directory or a DomainName Service server. You can test later that the appliance can communicate withthis server.Specifies the mode — Transparent Bridge, Transparent Router or Explicit Proxy.The scmadmin user is the super administrator. You cannot change or disable thisaccount and the account cannot be deleted. However, you can add more loginaccounts after installation.The original default password is password. Specify the new password. Change thepassword as soon as possible to keep your appliance secure.You must type the new password twice to confirm it.Appliance TimezoneAppliance Time(UTC)Set NowClient TimeSpecifies the time zone of the appliance. You might need to set this twice each yearif your region observes daylight saving time. The zones are organized from west toeast to cover mid-Pacific, America, Europe, Asia, Africa, India, Japan, and Australia.Specifies the date and UTC time for the appliance. To select the date, click thecalendar icon. You can determine the UTC time from websites such as http://www.worldtimeserver.com.When clicked, applies the date and UTC time that you specified in this row.Displays the time according to the client computer from which your browser iscurrently connected to the appliance.24 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2OptionSynchronizeappliance with clientDefinitionWhen selected, the time in the Appliance Time (UTC) immediately takes its value fromClient Time. You can use this checkbox as an alternative to manual setting of ApplianceTime (UTC). The appliance calculates the UTC time based on the time zone that it findson the client's browser.Ensure that the client computer is aware of any daylight savings adjustments. To findthe setting on Microsoft Windows, right-click the time display in the bottom rightcorner of the screen.NTP server addressTo use Network Time Protocol (NTP) , specify the server address.Alternatively, you can configure NTP later.Summary page (Standard Setup)Use this page in the Standard Setup wizard, to review a summary of the settings that you have madefor the network connections and scanning of the network traffic.To change any value, click its blue link to display the page where you originally typed the value.After you click Finish, the setup wizard has completed, and the appliance is configured as a transparentbridge.Use the IP address shown here to access the interface. For example https://192.168.200.10.The address begins with https, not http.When you first log on to the interface, type the user name, admin and the password that you gave onthe Basic Settings page.Table 2-1Option DefinitionThe value is set according to best practice.The value is probably not correct. Although the value is valid, it is not set according to bestpractice. Check the value before continuing.No value has been set. The value has not been changed from the default. Check the valuebefore continuing.Performing a Custom SetupUse this information to understand the purpose of the custom setup.Use the Custom Setup to give you greater control in the options that you can select, including theoperating mode for your device. You can choose to protect mail traffic using SMTP and POP3 protocols.You should use this configuration option if you need to configure IPv6 and to make other changes tothe default configuration.For the Custom Setup, the wizard includes these pages:• Email Configuration • DNS and Routing• Basic Settings • Time Settings• Network Settings • Password• Cluster Management • SummaryMcAfee ® Email Gateway 7.0 Appliances Installation Guide 25

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11Basic Settings page (Custom Setup)Use this page when selecting the Custom Setup wizard, to specify basic settings for the appliance.The appliance tries to provide some information for you, and shows the information highlighted inamber. To change the information, click and retype.OptionCluster modeDefinitionDefines the options that appear on the Cluster Management page of the Setup Wizard.• Off — This is a standard appliance.• Cluster Scanner — The appliance receives its scanning workload from a master appliance.• Cluster Master — The appliance controls the scanning workload for several otherappliances.• Cluster Failover — If the master fails, this appliance controls the scanning workloadinstead.Device nameDomain nameDefault GatewayNext Hop RouterNetwork InterfaceSpecifies a name, such as appliance1.Specifies a name, such as domain1.com.Specifies an IPv4 address, such as 198.168.10.1. You can test later that the appliancecan communicate with this server.Specifies an IPv6 address, such as FD4A:A1B2:C3D4::1.Becomes available when you set the Next Hop Router for IPv6.Network Settings pageUse these options to view and configure the IP address and network speeds for the appliance. You canuse IPv4 and IPv6 addresses, separately or in combination.To prevent duplication of IP addresses on your network and to deter hackers, give the appliance newIP addresses, and disable the default IP addresses. The IP addresses must be unique and suitable foryour network. Specify as many IP addresses as you need.OptionNetwork Interface 1Network Interface 2Change NetworkSettingsView Network InterfaceLayoutDefinitionThe operating mode that you set during installation or in the Setup WizardExpands to show the IP address and netmask associated with Network Interface1, the auto-negotiation state, and the size of the MTU.Expands to show the IP address and netmask associated with Network Interface2, the auto-negotiation state, and the size of the MTUClick to open the Network Interface Wizard to specify the IP address and adaptersettings for NIC 1 and NIC 2, and change the chosen operating mode.Click to see the associated with LAN1, LAN2, and the out of band interfaceNetwork Interfaces WizardUse the Network Interfaces Wizard to change the chosen operating mode, and specify the IP addressand adapter settings for NIC 1 and NIC 2.The options you see in the Network Interfaces Wizard depend on the operating mode. On the firstpage of the wizard, you can choose to change the operating mode for the appliance. You can changethe settings by clicking Change Network Settings to start a wizard. Click Next to progress through the wizard.In Explicit Proxy mode, some network devices send traffic to the appliances. The appliance thenworks as a proxy, processing traffic on behalf of the devices.26 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2In Transparent Router or Transparent Bridge mode, other network devices, such as mail servers,are unaware that the appliance has intercepted and scanned the email before forwarding it. Theappliance's operation is transparent to the devices.If you have a standalone appliance running in transparent bridge mode, you will have the option to adda bypass device in case the appliance fails.If the appliance is operating in Transparent Bridge mode, and the Spanning Tree Protocol (STP) isrunning on your network, make sure that the appliance is configured according to STP rules.Additionally, you can set up a bypass device in transparent bridge mode.Network Interfaces Wizard — Explicit Proxy modeUse the Network Interfaces Wizard to change the chosen operating mode, and specify the IP addressand adapter settings for NIC 1 and NIC 2.This version of the Network Interfaces Wizard becomes available when you select the Explicit Proxymode.Specify the details for Network Interface 1, then use the Next button to set details for Network Interface2 as necessary.Network Interface 1 or Network Interface 2 pageOptionIP AddressDefinitionSpecifies network addresses to enable the appliance to communicate with yournetwork. You can specify multiple IP addresses for the appliance’s network ports. TheIP address at the top of a list is the primary address. Any IP addresses below it arealiases.You must have at least one IP address in both Network Interface 1 and NetworkInterface 2. However, you can deselect the Enabled option next to any IP addresses thatyou do not wish to listen on.Network MaskEnabledVirtualSpecifies the network mask. In IPv4, you can use a format such as 255.255.255.0, orCIDR notation, such as 24. In IPv6, you must use the prefix length, for example, 64.When selected, the appliance accepts connections on the IP address.When selected, the appliance treats this IP address as a virtual address.This option only appears in cluster configurations, or on a McAfee Content SecurityBlade Server.McAfee ® Email Gateway 7.0 Appliances Installation Guide 27

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11OptionNew Address/Delete SelectedAddressesNIC 1 AdapterOptions or NIC2 AdapterOptionsDefinitionAdd a new address, or remove a selected IP address.Expand to set the following options:• MTU size — specifies the Maximum Transmission Unit (MTU) size. The MTU is themaximum size (expressed in bytes) of a single unit of data (for example, anEthernet Frame) that can be sent over the connection. The default value is 1500 bytes.• Autonegotiation state — either:• On — allows the appliance to negotiate the speed and duplex state forcommunicating with other network devices.• Off — allows you to select the speed and duplex state.• Connection speed — provides a range of speeds. Default value is 100MB.• Duplex state — provides duplex states. Default value is Full duplex.• Enable IPv6 auto-configuration — Select this option to allow the appliance to automaticallyconfigure its IPv6 addresses and IPv6 default next-hop router, by receiving RouterAdvertisement messages sent from your IPv6 router.This option is unavailable by default if your appliance is running in transparent routermode, or is part of a cluster configuration, or running as part of a Blade Serverinstallation.Network Interfaces Wizard — Transparent Router modeUse the Network Interfaces Wizard to change the chosen operating mode, then specify the IP addressand adapter settings for NIC 1 and NIC 2.Network Interface 1 or Network Interface 2 pagesOptionIP AddressNetwork MaskEnabledVirtualDefinitionSpecifies network addresses to enable the appliance to communicate with yournetwork. You can specify multiple IP addresses for the appliance’s ports. The IPaddress at the top of a list is the primary address. Any IP addresses below it arealiases.Specifies the network mask, for example: 255.255.255.0. In IPv4, you can use aformat such as 255.255.255.0, or CIDR notation, such as 24. In IPv6, you must usethe prefix length, for example, 64.When selected, the appliance accepts connections on that IP address.When selected, the appliance treats this IP address as a virtual address. This optiononly appears in cluster configurations, or on a McAfee Content Security Blade Server.28 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2OptionNew Address/Delete SelectedAddressesNIC 1 AdapterOptions or NIC 2Adapter OptionsDefinitionAdd a new address, or remove a selected IP address.Expand to set the following options:• MTU size — specifies the Maximum Transmission Unit (MTU) size. The MTU is themaximum size (expressed in bytes) of a single unit of data (for example, anEthernet Frame) that can be sent over the connection. The default value is 1500 bytes.• Autonegotiation state — either:• On — allows the appliance to negotiate the speed and duplex state forcommunicating with other network devices.• Off — allows you to select the speed and duplex state.• Connection speed — provides a range of speeds. Default value is 100MB.• Duplex state — provides duplex states. Default value is Full duplex.• Enable IPv6 auto-configuration — select this option to allow the appliance automaticallyconfigure its IPv6 addresses and IPv6 default next-hop router, by receiving RouterAdvertisement messages sent from your IPv6 router.This option is unavailable by default if your appliance is running in transparent routermode, or is part of a cluster configuration, or running as part of a Blade Serverinstallation.• Enable sending IPv6 router advertisements on this interfaceNetwork Interfaces Wizard — Transparent Bridge modeUse the Network Interfaces Wizard to change the chosen operating mode, and specify the IP addressand adapter settings for NIC 1 and NIC 2.Specify the details for the Ethernet Bridge, then use the Next button to set details for the Spanning TreeProtocol and Bypass Device as necessary.Option definitions — Ethernet Bridge pageOptionSelect allIP AddressNetwork MaskEnabledNew Address/Delete SelectedAddressesDefinitionClick to select all the IP addresses.Specifies network addresses to enable the appliance to communicate with yournetwork. You can specify multiple IP addresses for the appliance’s ports. The IPaddresses are combined into one list for both ports. The IP address at the top of a listis the primary address. Any IP addresses below it are aliases.Use the Move links to reposition the addresses as necessary.Specifies the network mask, for example: 255.255.255.0. In IPv4, you can use aformat such as 255.255.255.0, or CIDR notation, such as 24. In IPv6, you must usethe prefix length, for example, 64.When selected, the appliance accepts connections on that IP address.Add a new address, or remove a selected IP address.McAfee ® Email Gateway 7.0 Appliances Installation Guide 29

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11OptionNIC AdapterOptionsDefinitionExpand to set the following options:• MTU size — specifies the Maximum Transmission Unit (MTU) size. The MTU is themaximum size (expressed in bytes) of a single unit of data (for example, an EthernetFrame) that can be sent over the connection. The default value is 1500 bytes.• Autonegotiation state — either:• On — allows the appliance to negotiate the speed and duplex state forcommunicating with other network devices.• Off — allows you to select the speed and duplex state.• Connection speed — provides a range of speeds. Default value is 100MB.• Duplex state — provides duplex states. Default value is Full duplex.• Enable IPv6 auto-configuration — select this option to allow the appliance to automaticallyconfigure its IPv6 addresses and IPv6 default next-hop router, by receiving RouterAdvertisement messages sent from your IPv6 router.This option is unavailable by default if your appliance is running in transparent routermode, or is part of a cluster configuration, or running as part of a Blade Serverinstallation.Option definitions — Spanning Tree Protocol Settings pageOptionEnable STPBridge priorityAdvancedparametersDefinitionSTP is enabled by default.Sets the priority for the STP bridge. Lower numbers have a higher priority. Themaximum number that you can set is 65535.Expand to set the following options. Change the settings only if you understand thepossible effects, or you have consulted an expert:• Forwarding delay• Hello interval (seconds)• Maximum age (seconds)• Garbage collection interval (seconds)• Ageing time (seconds)Option definitions — Bypass Device Settings pageOptionDefinitionThe bypass device inherits settings from those you entered in NIC Adapter OptionsSelect bypass deviceWatchdog timeout(seconds).Choose from two supported devices.30 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2OptionHeartbeat interval(seconds)Advanced parametersDefinitionSet to monitor heartbeat by default.This option becomes active when you select a bypass device.• Mode — choose to monitor the heartbeat or the heartbeat and the link activity.• Link activity timeout (seconds) — becomes active when you select Monitor heartbeat andlink activity in Mode• Enable buzzer — enabled by default.Cluster Management pageUse this page to specify cluster management balancing requirements.Depending on the cluster mode you selected on the Basic Settings page, the options that appear on theCluster Management page change.Cluster Management Configuration (Standard appliance)Do not use. Cluster management is disabled.Cluster Management (Cluster Scanner)OptionCluster identifierDefinitionIf you have more than one cluster or McAfee Content Security Blade Server on thesame subnet, assign each a different Cluster identifier to ensure the clusters do not conflict.The allowable range is 0-255.Cluster Management (Cluster Master)In explicit proxy mode or transparent router mode, you can enable failover between two appliances in acluster by assigning a virtual IP address to this appliance and configuring another appliance as a ClusterFailover appliance using the same virtual address. In transparent bridge mode, this is achieved bysetting a high STP priority for this appliance and configuring another appliance as a Cluster Failoverappliance with a lower STP priority.OptionAddress to use for load balancingCluster identifierDefinitionSpecifies the appliance address.If you have more than one cluster or McAfee Content Security BladeServer on the same subnet, assign each a different Cluster identifier toensure the clusters do not conflict.The allowable range is 0-255.Enable scanning on thisappliance (Not applicableon Content SecurityBlade Servers)If not selected, this appliance distributes all scanning workload to thescanning appliances.For a cluster of appliances, if you have only a master and a failoverappliance, with both configured to scan traffic, the master will send mostconnections to the failover appliance for scanning.McAfee ® Email Gateway 7.0 Appliances Installation Guide 31

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11Cluster Management (Cluster Failover)OptionAddress to use for loadbalancingCluster identifierEnable scanning on thisappliance (Not applicableon Content SecurityBlade Servers)DefinitionSpecifies the appliance address. Provides a list of all subnets assigned tothe appliance.If you have more than one cluster or McAfee Content Security Blade Serveron the same subnet, assign each a different Cluster identifier to ensure theclusters do not conflict.The allowable range is 0-255.If not selected, this appliance distributes all scanning workload to thescanning appliances.For a cluster of appliances, if you have only a master and a failoverappliance, with both configured to scan traffic, the master will send mostconnections to the failover appliance for scanning.DNS and Routing pageUse this page to configure the appliance's use of DNS and routes.Domain Name System (DNS) servers translate or "map" the names of network devices into IPaddresses (and the reverse operation). The appliance sends requests to DNS servers in the order thatthey are listed here.DNS server addressesTable 2-2 Option definitions — DNS ServersOptionServer AddressNew Server/ DeleteSelected ServersOnly send queriesto these serversDefinitionDisplays the IP addresses of the DNS servers. The first server in the list must beyour fastest or most reliable server. If the first server cannot resolve the request,the appliance contacts the second server. If no servers in the list can resolve therequest, the appliance forwards the request to the DNS root name servers on theInternet.If your firewall prevents DNS lookup (typically on port 53), specify the IP address ofa local device that provides name resolutionAdds a new server to the list, or removes one when, for example, when you need todecommission a server due to network changes.Selected by default. McAfee recommends that you leave this option selected becauseit might speed up DNS queries as the appliance sends the queries to the specifiedDNS servers only. If they don't know the address, they go to the root DNS serverson the Internet. When they get a reply, the appliance receives it and caches theresponse so that other servers that query that DNS server can get an answer morequickly.If you deselect this option, the appliance first tries to resolve the requests, or mightquery DNS servers outside your network.Routing settingsTable 2-3 Option definitions — RoutingOptionNetwork AddressDefinitionType the network address of the route.Mask Specifies how many hosts are on your network, for example, 255.255.255.0.GatewaySpecifies the IP address of the router used as the next hop out of the network. Theaddress 0.0.0.0 (IPv4), or :: (IPv6) means that the router has no default gateway.32 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2Table 2-3 Option definitions — Routing (continued)OptionMetricNew Route / DeleteSelected RoutesEnable dynamicroutingDefinitionSpecifies the preference given to the route. A low number indicates a highpreference for that route.Add a new route to the table, ore remove routes. Use the arrows to move routesup and down the list. The routes are chosen based on their metric value.Use this option in transparent router mode only. When enabled, the appliance can:• receive broadcast routing information received over RIP (default) that it appliesits routing table so you don't have to duplicate routing information on theappliance that is already present in the network.• broadcast routing information if static routes have been configured through theuser interface over RIP.Email Configuration page (Custom Setup)This information describes the options available on this page.Initial email configurationOptionEnable protection against PotentiallyUnwanted Programs...Enable McAfee Global Threat IntelligencefeedbackScan SMTP traffic / Scan POP3 trafficDefinitionClick to activate protection against Potentially Unwanted Programs.Read the advice from McAfee about the effects that activating thisprotection can have.Click What is this? to read about how the feedback is used, and viewthe McAfee Privacy Policy.Both protocols are selected by default. Deselect a protocol toprevent scanning occurring.Option definitions — Domains for which the appliance will accept or refuse emailUse these options to define how the appliance will relay email. After you complete the Setup Wizard,you can manage the domains from Email | Email Configuration | Receiving EmailOptionDomain Name/NetworkAddress/MXRecordTypeDefinitionDisplays the domain names, wildcard domain names, network addresses, and MXlookups from which the appliance will accept or refuse email.• Domain name — for example, example.dom. The appliance uses this to compare therecipient's email address and compare the connection against an A record lookup.• Network Address — for example, 192.168.0.2/32 or 192.168.0.0/24. The applianceuses this to compare the recipient's IP literal email address such asuser@[192.168.0.2], or the connection.• MX Record Lookup — for example, example.dom. The appliance uses this to compare theconnection against an MX record lookup.• Wildcard domain name — for example, *.example.dom. The appliance only uses thisinformation to compare the recipients email address.McAfee ® Email Gateway 7.0 Appliances Installation Guide 33

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11OptionCategoryAdd DomainDefinition• Local domain• Permitted domain• Denied domainClick to specify the domains that can relay messages through the appliance to therecipient. Choose from:• Local domain — These are the domains or networks for which email is accepted fordelivery. For convenience, you can import a list of your local domain names using theImport Lists and Export Lists options. McAfee recommends that you add all domains ornetworks that are allowed to relay messages as local domains.• Permitted domain — Email is accepted. Use permitted domains to manage exceptions.• Denied domain — Email is refused. Use denied domains to manage exceptions.Hold your mouse cursor over the field to see the recommended format.You must set up at least one local domain.Add MXLookupDeleteSelected ItemsClick to specify a domain that the appliance will use to identify all mail server IPaddresses from which it will deliver messages.Remove the selected item from the table. You must apply the changes before the item iscompletely removed from the appliance configuration.Option definitions — Domain RoutingConfigure hosts that the appliance will use to route email. After you complete the Setup Wizard, youcan manage the domains from Email | Email Configuration | Sending Email.OptionDomain name /NetworkAddress / MXRecordTypeDefinitionDisplays a list of domains.This list allows you to specify specific relays/sets of relays to be used to delivermessages destined for specific domains. Domains can be identified using exactmatches, or using pattern matches such as *.example.com.To specify multiple relays for a single domain, separate each with a space.If the first mail relay is accepting email, all email is delivered to the first relay. If thatrelay stops accepting email, subsequent email is delivered to the next relay in the list.• Domain name — for example, example.dom. The appliance uses this to compare therecipient's email address and compare the connection against an A record lookup.• Network Address — for example, 192.168.0.2/32 or 192.168.0.0/24. The applianceuses this to compare the recipient's IP literal email address such asuser@[192.168.0.2], or the connection.• MX Record Lookup — for example, example.dom. The appliance uses this to compare theconnection against an MX record lookup.• Wildcard domain name — for example, *.example.dom. The appliance only uses thisinformation to compare the recipients email address.Category• Local domain• Permitted domain• Denied domain34 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2OptionAdd Relay ListDefinitionClick to populate the Known domains and relay hosts table with a list of host names, or IPaddresses for delivery. Delivery will be attempted in the order specified unless youselect the Round-robin the above hosts option which will distribute the load between thespecified hosts.Host names/IP addresses may include a port number.Add MX LookupClick to populate the Known domains and relay hosts table with an MX record lookup todetermine the IP addresses for delivery.Delivery will be attempted to host names returned by the MX lookup in the order ofpriority given by the DNS server.Delete SelectedItemsEnable DNSlookup fordomains notlisted aboveRemove the selected item from the table. You must apply the changes before the itemis completely removed from the appliance configuration.If selected, the appliance uses DNS to route email for other, unspecified domains. DNSdelivery attempts an MX-record lookup. If there are no MX records, it does an A-recordlookup.If you deselect this checkbox, the appliance delivers email only to the domains that arespecified under Known domains and relay hosts.Time Settings pageUse this page to set the time and date, and any details for the use of the Network Time Protocol (NTP).OptionAppliance TimeZoneAppliance Time(UTC)Set NowClient TimeSynchronizeappliance withclientDefinitionSpecifies the time zone of the appliance. You might need to set this twice each yearif your region observes daylight saving time.Specifies the date and UTC time for the appliance. To select the date, click thecalendar icon. You can determine the UTC time from websites such as http://www.worldtimeserver.com.When clicked, applies the date and UTC time that you specified in this row.Displays the time according to the client computer from which your browser iscurrently connected to the appliance.When selected, the time in the Appliance Time (UTC) immediately takes its value fromClient Time. You can use this checkbox as an alternative to manual setting of ApplianceTime (UTC). The appliance calculates the UTC time based on the time zone that it findson the client's browser.Ensure that the client computer is aware of any daylight savings adjustments. To findthe setting on Microsoft Windows, right-click the time display in the bottom rightcorner of the screen.Enable NTPEnable NTP clientbroadcastsWhen selected, accepts NTP messages from a specified server or a networkbroadcast. NTP synchronizes timekeeping among devices in a network. SomeInternet Service Providers (ISPs) provide a timekeeping service. Because NTPmessages are not sent often, they do not noticeably affect the appliance'sperformance.When selected, accepts NTP messages from network broadcasts only. This method isuseful on a busy network but must trust other devices in the network.When deselected, accepts NTP messages only from servers specified in the list.McAfee ® Email Gateway 7.0 Appliances Installation Guide 35

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11OptionNTP ServerNew ServerDefinitionDisplays the network address or a domain name of one or more NTP servers that theappliance uses. For example, time.nist.gov.If you specify several servers, the appliance examines each NTP message in turn todetermine the correct time.Type the IP address of a new NTP Server.Password pageUse this page to specify a password for the appliance.For a strong password, include letters and numbers. You can type up to 15 characters.OptionUser IDPasswordDefinitionThis is admin. You can add more users later.Specifies the new password. Change the password as soon as possible to keep yourappliance secure.You must enter the new password twice to confirm it. The original default password ispassword.Summary pageUse this page to review a summary of the settings that you have made for the network connectionsand scanning of the email traffic.To change any value, click its blue link to display the page where you originally typed the value.After you click Finish, the Setup Wizard has completed.Use the IP address shown here to access the interface. For example https://192.168.200.10.The address begins with https, not http.When you first log on to the interface, type the user name, admin and the password that you gave onthe Password page.Option DefinitionThe value is set according to best practice.The value is probably not correct. Although the value is valid, it is not set according to bestpractice. Check the value before continuing.No value has been set. The value has not been changed from the default. Check the valuebefore continuing.Restoring from a fileUse this information to understand the purpose of restoring from a fileWhen configuring your device from the Setup Wizard within the user interface, using the Restore from a fileoption enables you to import previously saved configuration information and apply it to your device.After this information has been imported you can make changes before applying the configuration.The Restore from a file option is not available from within the Configuration Console. To make use of this option,you must log into the McAfee Email Gateway and select Restore from a file from the System | Setup Wizard menu.36 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2Once the configuration information has been imported, you are taken to the Custom Setup options withinthe Setup Wizard (see Performing a custom setup.) All imported options are shown on the wizard pages,giving you the opportunity to make any amendments before applying the configuration.When using the Restore from a file option, the wizard includes these pages:• Import Config• Values to RestoreOnce this information has been loaded, you are then taken to the Custom Setup pages, so that you canmake further changes before applying the new configuration:• Email Configuration • DNS and Routing• Basic Settings • Time Settings• Network Settings • Password• Cluster Management • SummaryBasic Settings page (Custom Setup)Use this page when selecting the Custom Setup wizard, to specify basic settings for the appliance.The appliance tries to provide some information for you, and shows the information highlighted inamber. To change the information, click and retype.OptionCluster modeDefinitionDefines the options that appear on the Cluster Management page of the Setup Wizard.• Off — This is a standard appliance.Device nameDomain nameDefault GatewayNext Hop RouterNetwork Interface• Cluster Scanner — The appliance receives its scanning workload from a master appliance.• Cluster Master — The appliance controls the scanning workload for several otherappliances.• Cluster Failover — If the master fails, this appliance controls the scanning workloadinstead.Specifies a name, such as appliance1.Specifies a name, such as domain1.com.Specifies an IPv4 address, such as 198.168.10.1. You can test later that the appliancecan communicate with this server.Specifies an IPv6 address, such as FD4A:A1B2:C3D4::1.Becomes available when you set the Next Hop Router for IPv6.Cluster Management pageUse this page to specify cluster management balancing requirements.Depending on the cluster mode you selected on the Basic Settings page, the options that appear on theCluster Management page change.Cluster Management Configuration (Standard appliance)Do not use. Cluster management is disabled.McAfee ® Email Gateway 7.0 Appliances Installation Guide 37

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11Cluster Management (Cluster Scanner)OptionCluster identifierDefinitionIf you have more than one cluster or McAfee Content Security Blade Server on thesame subnet, assign each a different Cluster identifier to ensure the clusters do not conflict.The allowable range is 0-255.Cluster Management (Cluster Master)In explicit proxy mode or transparent router mode, you can enable failover between two appliances in acluster by assigning a virtual IP address to this appliance and configuring another appliance as a ClusterFailover appliance using the same virtual address. In transparent bridge mode, this is achieved bysetting a high STP priority for this appliance and configuring another appliance as a Cluster Failoverappliance with a lower STP priority.OptionAddress to use for load balancingCluster identifierDefinitionSpecifies the appliance address.If you have more than one cluster or McAfee Content Security BladeServer on the same subnet, assign each a different Cluster identifier toensure the clusters do not conflict.The allowable range is 0-255.Enable scanning on thisappliance (Not applicableon Content SecurityBlade Servers)If not selected, this appliance distributes all scanning workload to thescanning appliances.For a cluster of appliances, if you have only a master and a failoverappliance, with both configured to scan traffic, the master will send mostconnections to the failover appliance for scanning.Cluster Management (Cluster Failover)OptionAddress to use for loadbalancingCluster identifierEnable scanning on thisappliance (Not applicableon Content SecurityBlade Servers)DefinitionSpecifies the appliance address. Provides a list of all subnets assigned tothe appliance.If you have more than one cluster or McAfee Content Security Blade Serveron the same subnet, assign each a different Cluster identifier to ensure theclusters do not conflict.The allowable range is 0-255.If not selected, this appliance distributes all scanning workload to thescanning appliances.For a cluster of appliances, if you have only a master and a failoverappliance, with both configured to scan traffic, the master will send mostconnections to the failover appliance for scanning.DNS and Routing pageUse this page to configure the appliance's use of DNS and routes.Domain Name System (DNS) servers translate or "map" the names of network devices into IPaddresses (and the reverse operation). The appliance sends requests to DNS servers in the order thatthey are listed here.38 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2DNS server addressesTable 2-4 Option definitions — DNS ServersOptionServer AddressNew Server/ DeleteSelected ServersOnly send queriesto these serversDefinitionDisplays the IP addresses of the DNS servers. The first server in the list must beyour fastest or most reliable server. If the first server cannot resolve the request,the appliance contacts the second server. If no servers in the list can resolve therequest, the appliance forwards the request to the DNS root name servers on theInternet.If your firewall prevents DNS lookup (typically on port 53), specify the IP address ofa local device that provides name resolutionAdds a new server to the list, or removes one when, for example, when you need todecommission a server due to network changes.Selected by default. McAfee recommends that you leave this option selected becauseit might speed up DNS queries as the appliance sends the queries to the specifiedDNS servers only. If they don't know the address, they go to the root DNS serverson the Internet. When they get a reply, the appliance receives it and caches theresponse so that other servers that query that DNS server can get an answer morequickly.If you deselect this option, the appliance first tries to resolve the requests, or mightquery DNS servers outside your network.Routing settingsTable 2-5 Option definitions — RoutingOptionNetwork AddressDefinitionType the network address of the route.Mask Specifies how many hosts are on your network, for example, 255.255.255.0.GatewayMetricNew Route / DeleteSelected RoutesEnable dynamicroutingSpecifies the IP address of the router used as the next hop out of the network. Theaddress 0.0.0.0 (IPv4), or :: (IPv6) means that the router has no default gateway.Specifies the preference given to the route. A low number indicates a highpreference for that route.Add a new route to the table, ore remove routes. Use the arrows to move routesup and down the list. The routes are chosen based on their metric value.Use this option in transparent router mode only. When enabled, the appliance can:• receive broadcast routing information received over RIP (default) that it appliesits routing table so you don't have to duplicate routing information on theappliance that is already present in the network.• broadcast routing information if static routes have been configured through theuser interface over RIP.Time Settings pageUse this page to set the time and date, and any details for the use of the Network Time Protocol (NTP).OptionAppliance TimeZoneAppliance Time(UTC)Set NowDefinitionSpecifies the time zone of the appliance. You might need to set this twice each yearif your region observes daylight saving time.Specifies the date and UTC time for the appliance. To select the date, click thecalendar icon. You can determine the UTC time from websites such as http://www.worldtimeserver.com.When clicked, applies the date and UTC time that you specified in this row.McAfee ® Email Gateway 7.0 Appliances Installation Guide 39

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11OptionClient TimeSynchronizeappliance withclientDefinitionDisplays the time according to the client computer from which your browser iscurrently connected to the appliance.When selected, the time in the Appliance Time (UTC) immediately takes its value fromClient Time. You can use this checkbox as an alternative to manual setting of ApplianceTime (UTC). The appliance calculates the UTC time based on the time zone that it findson the client's browser.Ensure that the client computer is aware of any daylight savings adjustments. To findthe setting on Microsoft Windows, right-click the time display in the bottom rightcorner of the screen.Enable NTPEnable NTP clientbroadcastsNTP ServerNew ServerWhen selected, accepts NTP messages from a specified server or a networkbroadcast. NTP synchronizes timekeeping among devices in a network. SomeInternet Service Providers (ISPs) provide a timekeeping service. Because NTPmessages are not sent often, they do not noticeably affect the appliance'sperformance.When selected, accepts NTP messages from network broadcasts only. This method isuseful on a busy network but must trust other devices in the network.When deselected, accepts NTP messages only from servers specified in the list.Displays the network address or a domain name of one or more NTP servers that theappliance uses. For example, time.nist.gov.If you specify several servers, the appliance examines each NTP message in turn todetermine the correct time.Type the IP address of a new NTP Server.Password pageUse this page to specify a password for the appliance.For a strong password, include letters and numbers. You can type up to 15 characters.OptionUser IDPasswordDefinitionThis is admin. You can add more users later.Specifies the new password. Change the password as soon as possible to keep yourappliance secure.You must enter the new password twice to confirm it. The original default password ispassword.Summary pageUse this page to review a summary of the settings that you have made for the network connectionsand scanning of the email traffic.To change any value, click its blue link to display the page where you originally typed the value.After you click Finish, the Setup Wizard has completed.Use the IP address shown here to access the interface. For example https://192.168.200.10.The address begins with https, not http.When you first log on to the interface, type the user name, admin and the password that you gave onthe Password page.40 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2Option DefinitionThe value is set according to best practice.The value is probably not correct. Although the value is valid, it is not set according to bestpractice. Check the value before continuing.No value has been set. The value has not been changed from the default. Check the valuebefore continuing.ePO Managed SetupUse this information to understand the purpose of the Standard Setup.McAfee ePolicy Orchestrator enables you to manage all your McAfee software and hardware appliancesfrom a single management console.Use the ePO Managed Setup to set up your device so that it can be managed by your ePolicyOrchestrator server.Only minimal information is needed, as the device will get most of its configuration information fromyour ePolicy Orchestrator server.Settings for ePO ManagementSelect ePO Managed Setup within the Setup Wizard to configure your appliance for management byMcAfee ePolicy Orchestrator.Table 2-6 Option definitionsOptionePO ExtensionsDefinitionDownload the ePolicy Orchestrator extensions for McAfee Gateway products, includingMcAfee ® Email Gateway 7.0.The file MEGv7.0_ePOextensions.zip contains both the EWG and the MEG ePOextensions.The EWG extension allows reporting from within ePolicy Orchestrator for the followingproducts:• McAfee Email and Web Security appliances• McAfee Web Gateway appliances• McAfee Email Gateway appliancesThe MEG Extension provides full ePolicy Orchestrator management for McAfee ® EmailGateway 7.0.For you to use ePolicy Orchestrator for either reporting or management, the ePOExtensions need to be installed on your ePolicy Orchestrator server.ePO HelpExtensionsImport ePOconnectionsettingsDownload the ePolicy Orchestrator help extensions.The file MEGv7.0_ePOhelpextensions.zip contains the online help information for theabove ePO Extensions.This file installs the help extensions relating to the ePolicy Orchestrator extensions forMcAfee Email and Web Gateway and McAfee ® Email Gateway 7.0 appliances onto yourePolicy Orchestrator server.Click to browse to the ePolicy Orchestrator connection settings file, to import theePolicy Orchestrator connection information into the appliance.McAfee ® Email Gateway 7.0 Appliances Installation Guide 41

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11Task — Configuring the appliance to work with ePolicy OrchestratorUse this task to set up the appliance to be managed by ePolicy Orchestrator:1 From your McAfee Email Gateway, on Settings for ePO Management, select ePO Extensions and click Save todownload the extension file.2 From your McAfee Email Gateway, on Settings for ePO Management, select ePO Help Extensions and click Saveto download the help extension file.3 On your ePO server, install these extensions using Menu | Software | Extensions | Install Extensions.4 On the ePO server, save the connections settings from Menu | Gateway Protection | Email and Web Gateway |Actions | Export Connection Settings.5 On the McAfee Email Gateway, return to the Settings for ePO Management page in the Setup Wizard, andclick Import ePO connection settings. Browse to the ePO connections settings file.6 Click Next to continue to the Basic Settings page in the Setup Wizard.Basic Settings page (ePO Managed Setup)Use this page to configure the basic settings for the appliance that will be managed by ePolicyOrchestrator.Table 2-7 Option definitionsOptionCluster modeDefinitionThe options are:• Off (Standard appliance)• Cluster scanner• Cluster Master• Cluster failoverDevice NameDomain NameDefault Gateway (IPv4)Next Hop Router (IPv6)Network InterfaceSpecifies a name, such as appliance1.Specifies a name, such as domain1.com.Specifies an IPv4 address, such as 198.168.10.1. You can test later that theappliance can communicate with this server.Specifies an IPv6 address, such as FD4A:A1B2:C3D4::1.Becomes available when you set the Next Hop Router for IPv6.Cluster Management page (ePO Managed Setup)Use this page to specify load-balancing requirements that apply to ePO Managed appliances.Cluster Management Configuration (Standard appliance)Do not use this page. Cluster management is disabled.Cluster Management (Cluster Scanner)Use this page to specify information for a scanning appliance.OptionDefinitionCluster identifier Specifies an identifier. Range is 0-255.42 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2Cluster Management (Cluster Master)Use this page to specify information for a master appliance.OptionAddress to use for load balancingDefinitionSpecifies the appliance address.Cluster identifier Specifies an identifier. Range is 0-255.Enable scanning on this applianceIf not selected, this appliance distributes all scanning workload to thescanning appliances.Cluster Management (Cluster Failover)Use this page to specify information for a failover appliance.OptionAddress to use for load balancingDefinitionSpecifies the appliance address. Provides a list of all subnets assigned tothe appliance.Cluster identifier Specifies an identifier. Range is 0-255.Enable scanning on this applianceIf not selected, this appliance distributes all scanning workload to thescanning appliances.DNS and Routing pageUse this page to configure the appliance's use of DNS and routes.Domain Name System (DNS) servers translate or "map" the names of network devices into IPaddresses (and the reverse operation). The appliance sends requests to DNS servers in the order thatthey are listed here.DNS server addressesTable 2-8 Option definitions — DNS ServersOptionServer AddressNew Server/ DeleteSelected ServersOnly send queriesto these serversDefinitionDisplays the IP addresses of the DNS servers. The first server in the list must beyour fastest or most reliable server. If the first server cannot resolve the request,the appliance contacts the second server. If no servers in the list can resolve therequest, the appliance forwards the request to the DNS root name servers on theInternet.If your firewall prevents DNS lookup (typically on port 53), specify the IP address ofa local device that provides name resolutionAdds a new server to the list, or removes one when, for example, when you need todecommission a server due to network changes.Selected by default. McAfee recommends that you leave this option selected becauseit might speed up DNS queries as the appliance sends the queries to the specifiedDNS servers only. If they don't know the address, they go to the root DNS serverson the Internet. When they get a reply, the appliance receives it and caches theresponse so that other servers that query that DNS server can get an answer morequickly.If you deselect this option, the appliance first tries to resolve the requests, or mightquery DNS servers outside your network.McAfee ® Email Gateway 7.0 Appliances Installation Guide 43

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11Routing settingsTable 2-9 Option definitions — RoutingOptionNetwork AddressDefinitionType the network address of the route.Mask Specifies how many hosts are on your network, for example, 255.255.255.0.GatewayMetricNew Route / DeleteSelected RoutesEnable dynamicroutingSpecifies the IP address of the router used as the next hop out of the network. Theaddress 0.0.0.0 (IPv4), or :: (IPv6) means that the router has no default gateway.Specifies the preference given to the route. A low number indicates a highpreference for that route.Add a new route to the table, ore remove routes. Use the arrows to move routesup and down the list. The routes are chosen based on their metric value.Use this option in transparent router mode only. When enabled, the appliance can:• receive broadcast routing information received over RIP (default) that it appliesits routing table so you don't have to duplicate routing information on theappliance that is already present in the network.• broadcast routing information if static routes have been configured through theuser interface over RIP.Time Settings pageUse this page to set the time and date, and any details for the use of the Network Time Protocol (NTP).OptionAppliance TimeZoneAppliance Time(UTC)Set NowClient TimeSynchronizeappliance withclientDefinitionSpecifies the time zone of the appliance. You might need to set this twice each yearif your region observes daylight saving time.Specifies the date and UTC time for the appliance. To select the date, click thecalendar icon. You can determine the UTC time from websites such as http://www.worldtimeserver.com.When clicked, applies the date and UTC time that you specified in this row.Displays the time according to the client computer from which your browser iscurrently connected to the appliance.When selected, the time in the Appliance Time (UTC) immediately takes its value fromClient Time. You can use this checkbox as an alternative to manual setting of ApplianceTime (UTC). The appliance calculates the UTC time based on the time zone that it findson the client's browser.Ensure that the client computer is aware of any daylight savings adjustments. To findthe setting on Microsoft Windows, right-click the time display in the bottom rightcorner of the screen.Enable NTPEnable NTP clientbroadcastsWhen selected, accepts NTP messages from a specified server or a networkbroadcast. NTP synchronizes timekeeping among devices in a network. SomeInternet Service Providers (ISPs) provide a timekeeping service. Because NTPmessages are not sent often, they do not noticeably affect the appliance'sperformance.When selected, accepts NTP messages from network broadcasts only. This method isuseful on a busy network but must trust other devices in the network.When deselected, accepts NTP messages only from servers specified in the list.44 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2OptionNTP ServerNew ServerDefinitionDisplays the network address or a domain name of one or more NTP servers that theappliance uses. For example, time.nist.gov.If you specify several servers, the appliance examines each NTP message in turn todetermine the correct time.Type the IP address of a new NTP Server.Password pageUse this page to specify a password for the appliance.For a strong password, include letters and numbers. You can type up to 15 characters.OptionUser IDPasswordDefinitionThis is admin. You can add more users later.Specifies the new password. Change the password as soon as possible to keep yourappliance secure.You must enter the new password twice to confirm it. The original default password ispassword.Summary — ePO Managed SetupUse this page when using the ePO Managed Setup Wizard, to review a summary of the settings thatyou have made for the network connections and scanning of the network traffic, clustering status, andthe scanning settings that ePolicy Orchestrator will manage for the appliance.To change any value, click its blue link to display the page where you originally typed the value.After you click Finish, the setup wizard has completed.Use the IP address shown here to access the interface. For example https://192.168.200.10. Notethat the address begins with https, not http.When you first log onto the interface, type the user name, admin and the password that you gave tothis setup wizard.The appliance is now managed by ePolicy Orchestrator. Log onto the ePO server to manage your appliance.Table 2-10 Option definitionsOption DefinitionThe value is set according to best practice.The value is probably not correct. Although the value is valid, it is not set according to bestpractice. Check the value before continuing.No value has been set. The value has not been changed from the default. Check the valuebefore continuing.Encryption Only SetupUse this information to understand the purpose of the Encryption Only setup options.For small-to-medium sized organizations, it is often sufficient to use the same McAfee Email Gatewayto carry out your email scanning tasks and also your email encryption tasks.McAfee ® Email Gateway 7.0 Appliances Installation Guide 45

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11However, if you are part of a larger organization, or you work in an industry that requires that all, or ahigh percentage, of your email messages must be delivered in a secure way, then you may want toconfigure one or more of your McAfee Email Gateway appliances as stand-alone Encryption-only servers.In this situation, the Encryption Only Setup options within the Setup Wizard provide you with the relevantsettings needed for Encryption only use.For the Encryption Only Setup, the wizard includes these pages:Email Configuration page (Encryption Only Setup)Define how the appliance will relay email and configure the hosts that the appliance will use to routeemail.Domains for which the appliance will accept or refuse emailAfter you complete the Setup Wizard, you can manage the domains from Email | Email Configuration |Receiving Email .Table 2-11 Option definitionsOptionDomain Name /NetworkAddress / MXRecordTypeCategoryAdd DomainDefinitionDisplays the domain names, wildcard domain names, network addresses, and MXlookups from which the appliance will accept or refuse email.• Domain name — for example, example.dom. The appliance uses this to compare therecipient's email address and compare the connection against an A record lookup.• Network Address — for example, 192.168.0.2/32 or 192.168.0.0/24. The appliance usesthis to compare the recipient's IP literal email address such as user@[192.168.0.2],or the connection.• MX Record Lookup — for example, example.dom. The appliance uses this to comparethe connection against an MX record lookup.• Wildcard domain name — for example, *.example.dom. The appliance only uses thisinformation to compare the recipients email address.• Local domain• Permitted domain• Denied domainClick to specify the domains that can relay messages through the appliance to therecipient. Choose from:• Local domain — These are the domains or networks for which email is accepted fordelivery. For convenience, you can import a list of your local domain names usingthe Import Lists and Export Lists options. McAfee recommends that you add all domainsor networks that are allowed to relay messages as local domains.• Permitted domain — Email is accepted. Use permitted domains to manage exceptions.• Denied domain — Email is refused. Use denied domains to manage exceptions.Hold your mouse cursor over the field to see the recommended format.You must set up at least one local domain.46 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2Table 2-11 Option definitions (continued)OptionAdd MX LookupDelete SelectedItemsDefinitionClick to specify a domain that the appliance will use to identify all mail server IPaddresses from which it will deliver messages.Remove the selected item from the table. You must apply the changes before the itemis completely removed from the appliance configuration.Domain RoutingAfter you complete the Setup Wizard, you can manage the domains from Email | Email Configuration |Sending Email .Table 2-12 Option definitionsOptionDomainTypeRelay List/MXRecordAdd Relay ListDefinitionDisplays a list of domains.• Domain name — for example, example.dom. The appliance uses this to compare therecipient's email address and compare the connection against an A record lookup.• Network Address — for example, 192.168.0.2/32 or 192.168.0.0/24. The applianceuses this to compare the recipient's IP literal email address such asuser@[192.168.0.2], or the connection.• MX Record Lookup — for example, example.dom. The appliance uses this to comparethe connection against an MX record lookup.• Wildcard domain name — for example, *.example.dom. The appliance only uses thisinformation to compare the recipients email address.Click to populate the Known domains and relay hosts table with a list of hostnames, or IP addresses for delivery. Delivery will be attempted in the order specifiedunless you select the Round-robin the above hosts option which will distribute theload between the specified hosts.Host names/IP addresses may include a port number.Add MX LookupClick to populate the Known domains and relay hosts table with an MX recordlookup to determine the IP addresses for delivery.Delivery will be attempted to host names returned by the MX lookup in the order ofpriority given by the DNS server.Delete SelectedItemsEnable DNSlookup fordomains notlisted above.Remove the selected item from the table. You must apply the changes before theitem is completely removed from the appliance configuration.If selected, the appliance uses DNS to route email for other, unspecified domains.DNS delivery attempts an MX-record lookup. If there are no MX records, it does anA-record lookup.If you deselect this checkbox, the appliance delivers email only to the domains thatare specified underKnown domains and relay hosts.McAfee ® Email Gateway 7.0 Appliances Installation Guide 47

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11Basic Settings page (Encryption Only Setup)Use this page when selecting the Encryption Only Setup Wizard, to specify basic settings for theappliance.The appliance tries to provide some information for you, and shows the information highlighted inamber. To change the information, click and retype.OptionCluster modeDevice nameDomain nameDefault GatewayNext Hop RouterNetwork InterfaceSelect management portDefinitionDefines the options that appear on the Cluster Management page of the Setup Wizard.• Off — This is a standard appliance.• Cluster Scanner — The appliance receives its scanning workload from a masterappliance.• Cluster Master — The appliance controls the scanning workload for several otherappliances.• Cluster Failover — If the master fails, this appliance controls the scanningworkload instead.Specifies a name, such as appliance1.Specifies a name, such as domain1.com.Specifies an IPv4 address, such as 198.168.10.1. You can test later that theappliance can communicate with this server.Specifies an IPv6 address, such as FD4A:A1B2:C3D4::1.Becomes available when you set the Next Hop Router for IPv6.Specifies the port that manages the gateway. By default, McAfee Email Gatewayuses port 10443.Network Settings page (Encryption Only Setup)Use these options to view and configure the IP address and network speeds for McAfee Email Gatewayas an encryption only appliance. You can use IPv4 and IPv6 addresses, separately or in combination.To prevent duplication of IP addresses on your network and to deter hackers, give the appliance newIP addresses, and disable the default IP addresses. The IP addresses must be unique and suitable foryour network. Specify as many IP addresses as you need.Table 2-13 Option definitionsOptionNetwork Interface 1Network Interface 2Change Network SettingsView Network InterfaceLayoutDefinitionThe operating mode that you set during installation or in the Setup Wizard.Expands to show the IP address and netmask associated with Network Interface1, the auto-negotiation state, and the size of the MTU.Expands to show the IP address and netmask associated with Network Interface2, the auto-negotiation state, and the size of the MTU.Click to open the Network Interface Wizard to specify the IP address andadapter settings for NIC 1 and NIC 2, and change the chosen operating mode.Click to see the associated with LAN1, LAN2, and the out of band interface.Cluster Management page (Encryption Only Setup)Use cluster management to specify load balancing requirements.Depending on the cluster mode you selected on the Basic Settings page, the options that appear onthe Cluster Management page change.48 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2Cluster Management Configuration (Standard appliance)Do not use. Cluster management is disabled.Cluster Management (Cluster Scanner)Table 2-14 Option definitionsOptionCluster identifierDefinitionIf you have more than one cluster or McAfee Content Security Blade Server on thesame subnet, assign each a different Cluster identifier to ensure the clusters do not conflict.The allowable range is 0-255.Cluster Management (Cluster Master)In explicit proxy mode or transparent router mode, you can enable failover between two appliances in acluster by assigning a virtual IP address to this appliance and configuring another appliance as a ClusterFailover appliance using the same virtual address. In transparent bridge mode, this is achieved bysetting a high STP priority for this appliance and configuring another appliance as a Cluster Failoverappliance with a lower STP priority.Table 2-15 Option definitionsOptionAddress to use for load balancingCluster identifierEnable scanning on this appliance(Not applicable on ContentSecurity Blade Servers)DefinitionSpecifies the appliance addressIf you have more than one cluster or McAfee Content Security BladeServer on the same subnet, assign each a different Cluster identifier toensure the clusters do not conflict.The allowable range is 0-255.If not selected, this appliance distributes all scanning workload to thescanning appliances.For a cluster of appliances, if you have only a master and a failoverappliance, with both configured to scan traffic, the master will sendmost connections to the failover appliance for scanning.Cluster Management (Cluster Failover)Table 2-16 Option definitionsOptionAddress to use for loadbalancingCluster identifierEnable scanning on thisappliance (Not applicableon Content SecurityBlade Servers)DefinitionSpecifies the appliance address. Provides a list of all subnets assigned tothe appliance. Provides a list of all subnets assigned to the appliance.If you have more than one cluster or McAfee Content Security Blade Serveron the same subnet, assign each a different Cluster identifier to ensure theclusters do not conflict.The allowable range is 0-255.If not selected, this appliance distributes all scanning workload to thescanning appliances.For a cluster of appliances, if you have only a master and a failoverappliance, with both configured to scan traffic, the master will send mostconnections to the failover appliance for scanning.McAfee ® Email Gateway 7.0 Appliances Installation Guide 49

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11DNS and Routing page (Encryption Only Setup)Use this page to configure the appliance's use of DNS and routes.Domain Name System (DNS) servers translate or "map" the names of network devices into IPaddresses (and the reverse operation). The appliance sends requests to DNS servers in the order thatthey are listed here.DNS server addressesTable 2-17 Option definitionsOptionServer AddressNew Server /Delete SelectedServersOnly send queriesto these serversDefinitionDisplays the IP addresses of the DNS servers. The first server in the list must be yourfastest or most reliable server. If the first server cannot resolve the request, theappliance contacts the second server. If no servers in the list can resolve the request,the appliance forwards the request to the DNS root name servers on the Internet.If your firewall prevents DNS lookup (typically on port 53), specify the IP address of alocal device that provides name resolutionAdds a new server to the list, or removes one when, for example, when you need todecommission a server due to network changes.Selected by default. McAfee recommends that you leave this option selected becauseit might speed up DNS queries as the appliance sends the queries to the specifiedDNS servers only. If they don't know the address, they go to the root DNS servers onthe Internet. When they get a reply, the appliance receives it and caches theresponse so that other servers that query that DNS server can get an answer morequickly.If you deselect this option, the appliance first tries to resolve the requests, or mightquery DNS servers outside your network.Routing settingsTable 2-18 Option definitionsOptionNetwork AddressDefinitionType the network address of the route.Mask Specifies how many hosts are on your network, for example, 255.255.255.0.GatewayMetricNew Route / DeleteSelected RoutesEnable dynamicroutingSpecifies the IP address of the router used as the next hop out of the network. Theaddress 0.0.0.0 (IPv4), or :: (IPv6) means that the router has no default gateway.Specifies the preference given to the route. A low number indicates a highpreference for that route.Add a new route to the table, or remove routes. Use the arrows to move routes upand down the list. The routes are chosen based on their metric value.Use this option in transparent router mode only. When enabled, the appliance can:• receive broadcast routing information received over RIP (default) that it applies itsrouting table so you don't have to duplicate routing information on the appliancethat is already present in the network.• broadcast routing information if static routes have been configured through theuser interface over RIP.50 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Installing the McAfee Email Gateway applianceUsing the Configuration Console 2Time Settings pageUse this page to set the time and date, and any details for the use of the Network Time Protocol (NTP).OptionAppliance TimeZoneAppliance Time(UTC)Set NowClient TimeSynchronizeappliance withclientDefinitionSpecifies the time zone of the appliance. You might need to set this twice each yearif your region observes daylight saving time.Specifies the date and UTC time for the appliance. To select the date, click thecalendar icon. You can determine the UTC time from websites such as http://www.worldtimeserver.com.When clicked, applies the date and UTC time that you specified in this row.Displays the time according to the client computer from which your browser iscurrently connected to the appliance.When selected, the time in the Appliance Time (UTC) immediately takes its value fromClient Time. You can use this checkbox as an alternative to manual setting of ApplianceTime (UTC). The appliance calculates the UTC time based on the time zone that it findson the client's browser.Ensure that the client computer is aware of any daylight savings adjustments. To findthe setting on Microsoft Windows, right-click the time display in the bottom rightcorner of the screen.Enable NTPEnable NTP clientbroadcastsNTP ServerNew ServerWhen selected, accepts NTP messages from a specified server or a networkbroadcast. NTP synchronizes timekeeping among devices in a network. SomeInternet Service Providers (ISPs) provide a timekeeping service. Because NTPmessages are not sent often, they do not noticeably affect the appliance'sperformance.When selected, accepts NTP messages from network broadcasts only. This method isuseful on a busy network but must trust other devices in the network.When deselected, accepts NTP messages only from servers specified in the list.Displays the network address or a domain name of one or more NTP servers that theappliance uses. For example, time.nist.gov.If you specify several servers, the appliance examines each NTP message in turn todetermine the correct time.Type the IP address of a new NTP Server.Password page (Encryption Only Setup)Specify a password for the appliance.For a strong password, include letters and numbers. You can type up to 15 characters.Table 2-19 Option definitionsOptionUser IDCurrent PasswordNew Password / Confirm NewPasswordDefinitionThis is admin. You can add more users later.The existing password. The original default password is password. Changethe password as soon as possible to keep your appliance secure.Specifies the new password.You must enter the new password twice to confirm it.McAfee ® Email Gateway 7.0 Appliances Installation Guide 51

2Installing the McAfee Email Gateway applianceUsing the Configuration ConsoleDraft only - 9.13.11Summary page (Encryption Only Setup)Review a summary of the settings that you have made for the network connections and scanning ofthe email traffic.To change any value, click its blue link to display the page where you originally typed the value.After you click Finish, the Setup Wizard has completed.Use the IP address shown on this page to access the interface. For example https://192.168.200.10:10443.The address begins with https, not http.When you first log on to the interface, type the user name, admin and the password that you gave onthe Password page.Table 2-20 Option definitionsOption DefinitionThe value is set according to best practice.The value is probably not correct. Although the value is valid, it is not set according to bestpractice. Check the value before continuing.No value has been set. The value has not been changed from the default. Check the valuebefore continuing.52 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.113Atour of the DashboardThis section describes the Dashboard page, and how to edit its preferences.DashboardThe Dashboard provides a summary of the activity of the appliance.DashboardUse this page to access most of the pages that control the appliance. On a cluster master appliance,use this page also to see a summary of activity on the cluster of appliances.Benefits of using the DashboardThis topic discusses the benefits of using the Dashboard within the user interface of your Email Gateway.The Dashboard provides a single location for you to view summaries of the activities of the appliancethrough a series of portlets.Some portlets display graphs that show appliance activity over the following periods of time:McAfee ® Email Gateway 7.0 Appliances Installation Guide 53

3A tour of the DashboardDashboardDraft only - 9.13.11• 1 hour • 2 weeks• 1 day (the default) • 4 weeks• 1 weekWithin the Dashboard, you can make some changes to the information and graphs displayed:• Expand and collapse the portlet data using the and icons in the portlet's top right-hand corner• Drill down to specific data using the and icons• See a status indicator that shows whether the item needs attention:•— Healthy. The reported items is functioning normally••— Requires Immediate Attention. A critical threshold has been exceeded— Disabled. A service is not enabled•Use and to zoom in and zoom out of a timeline of information. There is a short delaywhile the view is updated. By default, the dashboard shows data relating to the previous one day.• Move a portlet to another location on the Dashboard.• ThresholdDashboard portletsThis topic describes in detail the portlets found on the dashboard in the user interface of your EmailGateway.Some portlets display graphs that show appliance activity over time. Although you can deselect aprotocol after clicking Edit, the appliance continues to monitor that trafficOptionAppliance StatusInbound MailSummaryTasksClusterOutbound MailSummarySMTP Detectionsand POP3DetectionsDefinitionSummarizes the data recorded in the Detections portlets. Displays the total numberof inbound messages that were delivered, blocked, bounced or queued. You canfurther disseminate the data by sender/connection, recipient, and content.Additionally, reports on the number of quarantined items. To visit the pages thatmanage the queues, click the blue links. Click Search to go to the Message Search page tolocate specific messages.Displays a list of common tasks that link directly to the configuration page in theappliance.On a master cluster appliance, displays the state of the cluster of appliances. Tochange the settings of the meter, click EditSummarizes the data recorded in the Detections portlets. Displays the total numberof outbound messages that were delivered, blocked, bounced or queued. You canfurther disseminate the data by sender/connection, recipient, and content.Additionally, reports on the number of quarantined items. To visit the pages thatmanage the queues, click the blue links. Click Search to go to the Message Search page tolocate specific messages.Displays the number of detections under each protocol. Although you can choose notto display information about a protocol, the appliance continues to scan that traffic54 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11A tour of the DashboardDashboard 3OptionNetwork SummaryServicesDefinitionDisplays the number of connections under each protocol.Displays the status of important components and lets you change the settings ofrecommended system configuration changes:• For Updates, a green checkmark indicates that the components will update itselfautomatically. To make a manual update, click the blue link• For other components, a green checkmark indicates that the component isoperating within acceptable limits. For more information, click the blue links• To adjust the levels at which the warning and alert icons appear, and to changewhat the recommended configuration changes dialog box displays, click EditSystem SummaryHardwareSummarySome data is displayed in graph format that show appliance activity over time.McAfee ® Email Gateway 7.0 Appliances Installation Guide 55

3A tour of the DashboardDashboardDraft only - 9.13.1156 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.1144Testingthe configurationThis information describes how to test that the appliance is functioning correctly after installation.ContentsTask — Test connectivityTask — Update the DAT filesTask — Test mail traffic and virus detectionTask — Testing spam detectionTask — Test connectivityUse this task to confirm basic connectivity. The McAfee Email Gateway Virtual Appliance 7.0 checksthat it can communicate with the gateway, update servers and DNS servers. It also confirms that theappliance name and domain name are valid.Task1 From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from theTasks area.2 Select the Tests tab.3 Click Start Tests.Each test should return positively.Task — Update the DAT filesUse this task to ensure that the McAfee Email Gateway Virtual Appliance 7.0 has the most up-to-datedetection definition (DAT) files. We recommend updating them before you configure the scanningoptions.As you progress using the virtual appliance, you can choose to update individual types of definition fileand change the default scheduled updates to suit your requirements.Task1 Open the Updates page using one of these methods:• From the Services area of the Dashboard, select Updates.• Select System | System | Update Status.McAfee ® Email Gateway 7.0 Appliances Installation Guide 57

4Testing the configurationTask — Test mail traffic and virus detectionDraft only - 9.13.112 To update all DAT files, click Update Now.3 To ensure the virtual appliance has the most up-to-date software patch installed, go to the productDashboard, select Updates, and click Update Now.Task — Test mail traffic and virus detectionUse this task to test that mail traffic is passing successfully through the McAfee Email Gateway VirtualAppliance 7.0 and that threats are correctly identified. We use the EICAR test file, a harmless file thattriggers a virus detection.Task1 Send an email message from an outside email account (such as Hotmail) to an internal mailboxand confirm that it arrived.2 On the Dashboard, look at the Detections areas. The listing for the protocol you used to send themessage should show that a message was received.3 Copy the following line into a file, making sure you do not include any spaces or line breaks:X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*4 Save the file with the name EICAR.COM.5 From an external email account (SMTP client), create a message that contains the EICAR.COM fileas an attachment and send the message to an internal mailbox.6 Return to the Dashboard and look at the Detections areas. You should see that a virus was detected.7 Delete the message when you finish testing your installation, to avoid alarming unsuspecting users.Task — Testing spam detectionUse this task to run a General Test mail for Unsolicited Bulk Email (GTUBE) to verify that the McAfeeEmail Gateway is detecting incoming spam.Task1 From an external email account (SMTP client), create a new email message.2 In the body of the message, copy the following text:XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34XMake sure that you type this line with no line breaks.3 Send the new email message to an internal mailbox address.The device scans the message, recognizes it as a junk email message, and deals with itaccordingly. The GTUBE overrides blacklists and whitelists.For more information about the GTUBE, visit http://spamassassin.apache.org/tests.html.58 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.115Exploring5the appliance featuresThis information contains tasks to demonstrate the McAfee Email Gateway Virtual Appliance 7.0scanning features in action. It provides step-by-step instructions to create and test some samplepolicies and tells you how to generate applicable reports.Introduction to policiesThe appliance uses policies which describe the actions that the appliance must take against threatssuch as viruses, spam, unwanted files, and the loss of confidential information.Email | Email PoliciesPolicies are collections of rules or settings that can be applied to specific types of traffic or to groups ofusers.EncryptionThe Encryption pages enable you to set up McAfee Email Gateway to use the supported encryptionmethods to securely deliver your email messages.Email | EncryptionThe McAfee Email Gateway includes several encryption methodologies, and can be set up to provideencryption services to the other scanning features, or can be set up as an encryption-only server usedjust to encrypt email messages.Task — Encrypt all email traffic to a specific customerA common use of the encryption features is to configure a policy to use encryption for email messagesgoing to a specific customer.This group of tasks show how to configure your McAfee Email Gateway so that all email messagesbeing sent to s specific customer are sent using encryption.Task — Create a new scanning policyUse this task to learn how to create a new scanning policy.Your appliance uses the policies you create to scan the email messages sent through the appliance.You can create multiple policies to control the way different users use email, or to specify differentactions based on specific circumstances.McAfee ® Email Gateway 7.0 Appliances Installation Guide 59

5Exploring the appliance featuresIntroduction to policiesDraft only - 9.13.11Task1 Click Email | Email Policies | Scanning Policies.2 Select the required protocol using steps in Task — View policies for the SMTP or POP3 protocols.3 Click Add policy...4 In the Scanning Policies — New Policy page, enter the following information:a A name for the policy.bcAn optional description for the new policy.Where the new policy inherits its settings from.If you have a similar policy already set up, select this to allow its settings to be inherited by thenew policy.defChoose if the policy is to apply to inbound or outbound email traffic. (SMTP only)Select the required Match logic for the policy.Select the type of rule, how it should match and the value that the rule tests against.g If required, add additional rules, and use the and buttons to correctly order the rules.5 Click OK.The new policy is added to the top of the list of policies.Task — Configure the encryption settingsConfigure your McAfee Email Gateway to use encryption.Task1 Click Email | Encryption | Secure Web Mail | Basic Settings.2 Select Enable the Secure Web Mail Client.3 Click Email | Encryption | Secure Web Mail | User Account Settings.Recipients are automatically enrolled, and receive a digitally signed notification in HTML format. Theadministrator chooses whether to do push and/or pull encryption.4 Click Email | Encryption | Secure Web Mail | Password Management.The minimum password length is eight characters. The password expires after 365 days.Task — Enable encryption within your email policyEnable the required encryption features on your McAfee Email Gateway.Task1 Click Email | Email Policies | Compliance2 Click Enable compliance, and select Create new rule from template.3 Search for the HIPAA Compliance rule and select it.4 Click Next to progress through the wizard.60 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Exploring the appliance featuresIntroduction to policies 55 Select the primary action to Allow Through (Monitor).6 In And also, select Deliver message using encryption.7 Click Finish, and click OK to close the dialog box.8 Click Email | Email Policies | Policy Options | Encryption.9 In When to Encrypt, select Only when triggered from a scanner action.10 In On-box Encryption Options, select Secure Web Mail, and click OK.11 Apply the changes.Task — Identify quarantined email messagesUse this task to discover which email messages have been quarantined by your McAfee Email GatewayAppliance.To view a list of all messages that have been quarantined:Task1 Click Reports | Message Search.2 Select Quarantined from the Message status drop-down list.3 Click Search/Refresh.All messages that have been quarantined are displayed in the lower part of the page.Task — Refine the searchYou can further refine your search for quarantined email messages to show only those that have beenquarantined due to specific triggers. In this example, to find those email messages quarantined due tocompliancy issues:Task1 Complete the steps in Task — Find out which email messages are quarantined.2 Select Compliancy from the Category drop-down list.3 Click Search/Refresh.The lower part of the screen is refreshed to show only the messages that have been quarantined dueto compliancy issues.Task — View a specific email messageYou can view the content of a quarantined email message.Task1 Complete the steps in Task — Refine the search.2 Select the relevant quarantined message using the check-box to the left of the page.3 Click View Message.The selected message is displayed in a new window. From this window, you can view the content ofthe email message. You can also choose to view the detailed email header information. Once you haveviewed the message, by clicking the relevant buttons, you can choose further actions to perform onthe email message.McAfee ® Email Gateway 7.0 Appliances Installation Guide 61

5Exploring the appliance featuresIntroduction to policiesDraft only - 9.13.11Task — Release a quarantined email messageAfter viewing the email message that has been quarantined, you may want to release the messagefrom Quarantine. This task allows you to do this.To release a selected message from quarantine:Task1 Complete the steps in Task — View a specific email message.2 Click Release Selected.The selected email message is released from quarantine.Email messages that contain viral content cannot be released from quarantine, as to do so would riskcausing damage to your systems.Compliance SettingsUse this page to create and manage compliancy rules.Email | Email Policies | Compliance | ComplianceBenefits of the compliance settingsUse compliance scanning to assist with conformance to regulatory compliance and corporate operatingcompliance. You can choose from a library of predefined compliance rules, or create your own rulesand dictionaries specific to your organization.Compliance rules can vary in complexity from a straightforward trigger when an individual term withina dictionary is detected, to building on and combining score-based dictionaries which will only triggerwhen a certain threshold is reached. Using the advanced features of compliance rules, dictionaries canbe combined using logical operations of any of, all of, or except.Task — Restrict the score contribution of a dictionary termUse this task to restrict the score contribution of a dictionary term.Before you beginThis task assumes that your rule includes a dictionary which triggers the action based on athreshold score, such as the Compensation and Benefits dictionary.You can restrict how many times a term can contribute to the overall score.For example, if ’testterm’ within a dictionary has a score of 10 and is seen five times within an email,it will add 50 to the overall score. Alternatively you can restrict this, for example to contribute onlytwice by setting ‘Maximum term count’ to 2.Task1 Select Email | Email Policies | Compliance.2 Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose scoreyou want to change.3 In Maximum term count, type the maximum number of times that you want a term to contribute to thescore.62 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Exploring the appliance featuresIntroduction to policies 5Task — Edit the threshold associated with an existing ruleUse this task to edit the threshold associated with an existing rule.Before you beginThis task assumes that your rule includes a dictionary which triggers the action based on athreshold, such as the Compensation and Benefits dictionary.Task1 Select Email | Email Policies | Compliance.2 Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose scoreyou want to change.3 In dictionary threshold, type the score on which you want the rule to trigger, and click OK.Task — Create a rule to monitor or block at a thresholdFor score-based dictionaries you might want to monitor triggers that reach a low threshold, and onlyblock the email when a high threshold is achieved.Task1 Select Email | Email Policies | Compliance.2 Click Create new rule, type a name for it such as Discontent - Low, and click Next.3 Select the Discontent dictionary, and in Threshold, type 20.4 Click Next, and Next again.5 In If the compliance rule is triggered, accept the default action.6 Click Finish.7 Repeat steps 2 through 4 to create another new rule but name it Discontent - High and assign ita threshold of 40.8 In If the compliance rule is triggered, select Deny connection (Block).9 Click Finish.10 Click OK and apply the changes.Task — Add a dictionary to a ruleUse this task to add a new dictionary to an existing rule.Task1 Select Email | Email Policies | Compliance.2 Expand the rule that you want to edit.3 Select Add dictionaries.4 Select the new dictionary that you want to include, and click OK.Task — Create a complex custom ruleUse this task to create a complex rule that triggers when both Dictionary A and Dictionary B aredetected, except when Dictionary C is also detected.McAfee ® Email Gateway 7.0 Appliances Installation Guide 63

5Exploring the appliance featuresIntroduction to policiesDraft only - 9.13.11Task1 Select Email | Email Policies | Scanning Policies and select Compliance.2 On the Default Compliance Settings dialog box, click Yes to enable the policy.3 Click Create new rule to open the Rule Creation Wizard.4 Type a name for the rule, and click Next.5 Select two dictionaries to include in the rule, and click Next.6 Select a dictionary that you want to exclude from the rule in the exclusion list.7 Select the action that you want to take place if the rule triggers.8 From the And conditionally drop down box, select All, and click Finish.Task — Create a simple custom ruleUse this task to create a simple custom rule that blocks messages that contain social security numbers.Task1 Select Email | Email Policies | Compliance.2 On the Default Compliance Settings dialog box, click Yes to enable the policy.3 Click Create new rule to open the Rule Creation Wizard.4 Type a name for the rule, and click Next.5 In the Search field, type social.6 Select the Social Security Number dictionary, and click Next twice.7 Select the Deny connection (Block) action, and click Finish.Task — Block messages that violate a policyUse this to task to block messages that violate a threatening language policy.Task1 Select Email | Email Policies | Compliance.2 On the Default Compliance Settings dialog box, click Yes to enable the policy.3 Click Create new rule from template to open the Rule Creation Wizard.4 Select the Acceptable Use - Threatening Language policy, and click Next.5 Optionally change the name of the rule, and click Next.6 Change the primary action to Deny connection (Block), and click Finish.7 Click OK and apply the changes.64 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11Exploring the appliance featuresIntroduction to policies 5Data Loss Prevention settingsUse this page to create a policy that assigns data loss prevention actions against the registereddocument categories.Email | Email Policies | Compliance | Data Loss PreventionBenefits of using Data Loss Prevention (DLP)You can choose to restrict the flow of sensitive information sent in email messages by SMTP throughthe appliance using the Data Loss Prevention feature. For example, by blocking the transmission of asensitive document such as a financial report that is to be sent outside of your organization. Detectionoccurs whether the original document is sent as an email attachment, or even as just a section of texttaken from the original document.Configuring DLP takes place in two phases:• Registering the documents that you want to protect.• Setting the DLP policy to action, and control the detection (this topic)If an uploaded registered document contains embedded documents, their content is also fingerprintedso the combined content is used when calculating the percentage match at scan time. To haveembedded documents treated individually, they must be registered separately.Task — Prevent a sensitive document from being leakedUse this task to block sensitive financial documents from being sent outside your organization.Before you beginThis example assumes that you have already created a Finance category.Task1 Select Email | Email Policies | Compliance | Data Loss Prevention.2 On the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.3 Click Create new rule, select the Finance category, and click OK to have the category appear in theRules list.4 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.5 Click OK again, and apply the changes.Task — Block a section of the documentUse this task to block just a small section of the document from being sent outside your organization.Task1 Select Email | Email Policies | Compliance | Data Loss Prevention.2 On the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.3 Enable the consecutive signatures setting, and type the number of consecutive signatures againstwhich the DLP policy will trigger a detection. The level is set to 10 by default.McAfee ® Email Gateway 7.0 Appliances Installation Guide 65

5Exploring the appliance featuresIntroduction to policiesDraft only - 9.13.114 Click Create new rule, select the Finance category, and click OK to have the category appear in theRules list.5 Select the action associated with the category, change the primary action to Deny connection (Block),and click OK.6 Click OK again, and apply the changes.Task — Exclude a specific document for a policyUse this task to prevent a specific financial document from triggering the DLP policy settings.Task1 Select Email | Email Policies | Compliance | Data Loss Prevention.2 On the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.3 Click Create document exclusion, select the document you want to ignore for this policy, and click OK.4 Click OK again, and apply the changes.66 McAfee ® Email Gateway 7.0 Appliances Installation Guide

Draft only - 9.13.11IndexAabout this guide 5BBasic SettingsCustom Setup Wizard 26, 37Encryption Only Wizard 48benefits of data loss prevention 65benefits of DLP 65Ccluster configurationstatistics 53summary 45virtual network address 26Cluster ManagementePO Managed Setup 42Setup Wizard 31, 37Cluster ModeSetup Wizard 26, 37compliance 62Compliancebenefits of 62scanning for 62configuration change messages 53conventions and icons used in this guide 5DDashboard 53data loss preventionbenefits 65data loss prevention (DLP) 65detectionsrates and statistics 53dictionariesadding to policies 62editing scores and terms 62DLPbenefits 65DLP (data loss prevention) 65documentationaudience for this guide 5product-specific, finding 7documentation (continued)typographical conventions and icons 5Eemail policiescompliance 62email queues 53email status 53encryption 59Encryption OnlySetup Wizard 48ePO Managed SetupCluster Management 42ePO Managed Setup Wizardcluster summary 45ePO Management setup 41ePolicy Orchestratorsetup 23Ggraphsemail and network statistics 53Iinstallationinstalling ePO extensions 41installation optionssetup wizard 23Lleast used 31, 37MMcAfee Global Threat Intelligence 53McAfee ServicePortal, accessing 7Nnetwork status 53McAfee ® Email Gateway 7.0 Appliances Installation Guide 67

IndexDraft only - 9.13.11Ooperating modesoptions 23Ppoliciesintroduction to 59status 53SScanningfor compliance 62ServicePortal, finding product documentation 7setup optionscustom and standard 23encryption only 23ePO 23restore from a file 23Setup Wizardinstallation options 23Setup Wizard (continued)Basic Settings (Custom) 26, 37Basic Settings (Encryption Only) 48Cluster Management 31, 37Cluster Mode 26, 37Encryption Only 48statisticsDashboard 53TTechnical Support, finding product information 7threat feedback 53Wwarning messagesDashboard 53web policiescompliance 6268 McAfee ® Email Gateway 7.0 Appliances Installation Guide

700-3349A0000Draft only - 9.13.11