McAfee Email Gateway version 7.0 Appliances Installation Guide

More documents

Recommendations

Info

1Preparing to installDeployment strategies for using the device in a DMZDraft only - 9.13.11Firewall rules specific to Lotus NotesUse this information to identify specific considerations when protecting Lotus Notes systems.By default, Lotus Notes servers communicate over TCP port 1352. The firewall rules typically used tosecure Notes servers in a DMZ allow the following through the firewall:• Inbound SMTP requests (TCP port 25) originating from the Internet and destined for the device• TCP port 1352 requests originating from the Notes gateway and destined for an internal Notes server• TCP port 1352 requests originating from an internal Notes server and destined for the Notes gateway• SMTP requests originating from the device and destined for the InternetAll other SMTP and TCP port 1352 requests are denied.Firewall rules specific to Microsoft ExchangeUse this information to identify specific considerations when protecting Microsoft Exchange systems.A Microsoft Exchange-based mail system requires a significant workaround.When Exchange servers communicate with each other, they send their initial packets using the RPCprotocol (TCP port 135). However, once the initial communication is established, two ports are chosendynamically and used to send all subsequent packets for the remainder of the communication. Youcannot configure a firewall to recognize these dynamically-chosen ports. Therefore, the firewall doesnot pass the packets.The workaround is to modify the registry on each of the Exchange servers communicating across thefirewall to always use the same two “dynamic” ports, then open TCP 135 and these two ports on thefirewall.We mention this workaround to provide a comprehensive explanation, but we do not recommend it.The RPC protocol is widespread on Microsoft networks — opening TCP 135 inbound is a red flag tomost security professionals.If you intend to use this workaround, details can be found in the following Knowledge Base article onthe Microsoft website:http://support.microsoft.com/kb/q176466/Workload managementUse this information to learn about the workload management features of McAfee Email Gateway.The appliances includes its own internal workload management, distributing the scanning load evenlybetween all appliances configured to work together.You do not need to deploy an external load balancer.16 McAfee ® Email Gateway 7.0 Appliances Installation Guide
Draft only - 9.13.112Installingthe McAfee Email GatewayapplianceUse this information to understand the recommended process to install, connect and configure yourMcAfee Email Gateway.McAfee recommends that you consider installing the McAfee Email Gateway in the following order:1 Unpack the McAfee Email Gateway and confirm no parts are missing (check against parts lists inthe box)2 Rack-mount the McAfee Email Gateway3 Connect the peripherals and power (monitor, keyboard).4 Connect the McAfee Email Gateway to the network, noting deployment scenarios and intendednetwork mode.5 Install the software onto the McAfee Email Gateway6 Use the Configuration Console to carry out the basic configuration (server name, IP addresses,gateway, and so on).7 Connect to the administration interface.8 Run the Setup Wizard.9 Route test network traffic through the McAfee Email Gateway10 Test that the network traffic is being scanned.11 Configure policies and reporting.12 Route production traffic through the McAfee Email Gateway.Connecting the McAfee Email Gateway to your network can disrupt Internet access or other networkservices. Ensure that you have arranged network down-time for this, and that you schedule this duringperiods of low network usage.ContentsInstallation quick reference tablePorts and connectionsPhysically installing the applianceConnect to the networkSupplying power to the applianceOverview task — Installing the softwareUsing the Configuration ConsoleMcAfee ® Email Gateway 7.0 Appliances Installation Guide 17
Page 1: Draft only - 9.13.11Installation Gu
Page 5 and 6: Draft only - 9.13.11PrefaceContents
Page 7 and 8: Draft only - 9.13.11PrefaceFinding
Page 9 and 10: Draft only - 9.13.111Preparing1to i
Page 11 and 12: Draft only - 9.13.11Preparing to in
Page 13 and 14: Draft only - 9.13.11Preparing to in
Page 15: Draft only - 9.13.11Preparing to in
Page 19 and 20: Draft only - 9.13.11Installing the
Page 53 and 54: Draft only - 9.13.113Atour of the D
Page 55 and 56: Draft only - 9.13.11A tour of the D
Page 57 and 58: Draft only - 9.13.1144Testingthe co
Page 59 and 60: Draft only - 9.13.115Exploring5the
Page 61 and 62: Draft only - 9.13.11Exploring the a
Page 67 and 68:
Draft only - 9.13.11IndexAabout thi
Page 69:
700-3349A0000Draft only - 9.13.11
show all

McAfee Email Gateway version 7.0 Appliances Installation Guide

Create successful ePaper yourself

Delete template?

Save as template?