Documente Academic
Documente Profesional
Documente Cultură
Revision C
COPYRIGHT
Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com
TRADEMARK ATTRIBUTIONS
Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active
Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,
McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee
Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.
Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
Installation Guide
Contents
Preface
5
5
5
7
7
Preparing to install
11
Inappropriate use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Considerations about network modes . . . . . . . . . . . . . . . . . . . . . . . . .
Explicit proxy mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transparent bridge mode . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transparent router mode . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deployment strategies for using the device in a DMZ . . . . . . . . . . . . . . . . . . .
SMTP configuration in a DMZ . . . . . . . . . . . . . . . . . . . . . . . . . .
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sample installation scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Running the Email Gateway Virtual Appliance as the only virtual machine on the host . . .
Running Email Gateway Virtual Appliance with other virtual machines . . . . . . . . .
23
11
11
12
14
15
16
17
18
19
20
21
23
24
24
24
27
30
31
31
31
32
33
33
34
34
35
35
36
36
37
37
38
Installation Guide
Contents
38
40
40
40
41
43
The Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Benefits of using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . .
43
43
Dashboard portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
47
Test connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Update the DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Test mail traffic and virus detection . . . . . . . . . . . . . . . . . . . . . . .
Test spam detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . .
. . . . . . .
email messages
. . . . . . .
49
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Index
47
47
48
48
49
50
51
52
55
59
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
59
60
61
62
62
63
Installation Guide
Preface
This guide provides the information you need to install your McAfee product.
Contents
About this guide
Find product documentation
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
Administrators People who implement and enforce the company's security program.
Conventions
This guide uses these typographical conventions and icons.
Book title, term,
emphasis
Bold
Commands and other text that the user types; a code sample; a displayed
message.
Interface text
Words from the product interface like options, menus, buttons, and dialog
boxes.
Hypertext blue
Installation Guide
Preface
About this guide
Graphical conventions
Use this information to understand the graphical symbols used within this document.
Virtual Appliance
Internet or external
networks
Mail Server
Router
Switch
Firewall
Network
Definition
demilitarized zone
(DMZ)
DAT files
Detection definition (DAT) files, also called signature files, containing the
definitions that identify, detect, and repair viruses, trojan horses, spyware,
adware, and other potentially unwanted programs (PUPs).
operational mode
3 operating modes for the product: explicit proxy mode, transparent bridge
mode, and transparent router mode.
policy
Reputation Service Part of sender authentication. If a sender fails the Reputation Service check, the
check
appliance is set to close the connection and deny the message. The sender's IP
address is added to a list of blocked connections and is automatically blocked in
future at the kernel level.
Installation Guide
Preface
Find product documentation
Explore some scanning policies, create reports, and get status information.
You can find additional information about the product's scanning features in the online help within the
product and in the latest version of the McAfee Email Gateway Administrators Guide.
Enter a product, select a version, then click Search to display a list of documents.
Installation Guide
Preface
Find product documentation
Installation Guide
McAfee Email Gateway Virtual Appliance delivers comprehensive, enterprise-class protection against
email threats.
Email Gateway Virtual Appliance works in the following environments:
Installation Guide
10
Installation Guide
Preparing to install
To ensure the safe operation of your Email Gateway Virtual Appliance, consider the following before
you begin the installation.
Familiarize yourself with its operational modes and capabilities. It is important that you choose a
valid configuration.
Decide how to integrate the appliance into your network and determine what information you need
before you start, for example, the name and IP address for the device.
Contents
Inappropriate use
Considerations about network modes
Deployment strategies for using the device in a DMZ
System requirements
Sample installation scenarios
Inappropriate use
Use this information to avoid using this product inappropriately.
McAfee Email Gateway Virtual Appliance is:
Not a firewall You must use it within your organization behind a correctly configured firewall.
Not a server for storing extra software and files Do not install any software on the device
or add any extra files to it unless instructed by the product documentation or your support
representative.
The device cannot handle all types of traffic. If you use explicit proxy mode, only protocols that are to
be scanned should be sent to the device.
Installation Guide
11
Preparing to install
Considerations about network modes
Explicit proxy mode The virtual appliance acts as a proxy server and a mail relay.
Running the virtual appliance in explicit proxy mode requires the least amount of configuration on
your virtual host and is easier to set up.
If you are still unsure about the mode to use after reading this and the following sections, consult your
network expert.
Explicit proxy mode is best suited to networks where client devices connect to the device through a
single upstream and downstream device.
Explicit proxy mode might not be the best option if several network devices must be reconfigured to
send traffic to the device.
Protocols
To scan a supported protocol, SMTP, POP3 or McAfee Secure Web Mail, you must configure your other
network servers or client computers to route that protocol through the device, so that no traffic
bypasses the device.
12
Installation Guide
Preparing to install
Considerations about network modes
Firewall rules
Explicit proxy mode invalidates any firewall rules set up for client access to the Internet. The firewall
sees only the physical IP address information for the device, not the IP addresses of the clients, so the
firewall cannot apply its Internet access rules to the clients.
Ensure that your firewall rules are updated. The firewall must accept traffic from Email Gateway, but
must not accept traffic that comes directly from the client devices.
Typically, the firewall is configured to block traffic that does not come directly from the device. If you
are unsure about your networks topology and how to integrate the device, consult your network
expert.
Use this configuration if:
Configure the external Domain Name System (DNS) servers or network address translation (NAT)
on the firewall so that the external mail server delivers mail to the device, not to the internal mail
server.
Configure the internal mail servers to send email messages to the device. That is, the internal mail
servers must use the device as a smart host. Ensure that your client devices can deliver email
messages to the mail servers within your organization.
Ensure that your firewall rules are updated. The firewall must accept traffic from the device, but
must not accept traffic that comes directly from the client devices. Set up rules to prevent
unwanted traffic entering your organization.
Installation Guide
13
Preparing to install
Considerations about network modes
In transparent bridge mode, the communicating servers are unaware of the device the devices
operation is transparent to the servers.
In the figure, the external mail server (A) sends email messages to the internal mail server (C). The
external mail server is unaware that the email message is intercepted and scanned by the device (B).
The external mail server seems to communicate directly with the internal mail server the path is
shown as a dotted line. In reality, traffic might pass through several network devices and be
intercepted and scanned by the device before reaching the internal mail server.
In this mode, you physically connect two network segments to the device, and the device treats them
as one logical network. Because the devices firewall, device, and router are on the same logical
network, they must all have compatible IP addresses on the same subnet.
14
Installation Guide
Preparing to install
Considerations about network modes
Devices on one side of the bridge (such as a router) that communicate with devices on the other side
(such as a firewall) are unaware of the bridge. They are unaware that traffic is intercepted and
scanned, therefore the device is said to operate as a transparent bridge.
Installation Guide
15
Preparing to install
Deployment strategies for using the device in a DMZ
In transparent router mode, the device must join two networks. The device must be positioned inside
your organization, behind a firewall.
Transparent router mode does not support Multicast IP traffic or non-IP protocols, such as NETBEUI and
IPX.
Firewall rules
In transparent router mode, the firewall connects to the physical IP address for the LAN1/LAN2
connection to the management blade.
Configure the device to use the Internet gateway as its default gateway.
Ensure your client devices can deliver email messages to the mail servers within your organization.
16
Installation Guide
Preparing to install
Deployment strategies for using the device in a DMZ
Hackers often gain access to networks by identifying the TCP/UDP ports on which applications are
listening for requests, then exploiting known vulnerabilities in applications. Firewalls dramatically
reduce the risk of such exploits by controlling access to specific ports on specific servers.
The device can be added easily to a DMZ configuration. The way you use the device in a DMZ depends
on the protocols you intend to scan.
Mail relay
If you have a mail relay already set up in your DMZ, you can replace the relay with the device.
To use your existing firewall policies, give the device the same IP address as the mail relay.
Mail gateway
SMTP does not provide methods to encrypt mail messages you can use Transport Layer Security
(TLS) to encrypt the link, but not the mail messages. As a result, some companies do not allow such
traffic on their internal network. To overcome this, they often use a proprietary mail gateway, such as
Lotus Notes or Microsoft Exchange, to encrypt the mail traffic before it reaches the Internet.
Installation Guide
17
Preparing to install
System requirements
To implement a DMZ configuration using a proprietary mail gateway, add the scanning device to the
DMZ on the SMTP side of the gateway.
The public MX records to instruct external mail servers to send all inbound mail to the device
(instead of the gateway).
The device to forward all inbound mail to the mail gateway, and deliver all outbound mail using
DNS or an external relay.
The mail gateway to forward all inbound mail to the internal mail servers and all other (outbound)
mail to the device.
The firewall to allow inbound mail that is destined for the device only.
Firewalls configured to use Network Address Translation (NAT), and that redirect inbound mail to
internal mail servers, do not need their public MX records reconfigured. This is because they are
directing traffic to the firewall rather than the mail gateway itself. In this case, the firewall must instead
be reconfigured to direct inbound mail requests to the device.
System requirements
Use this information to ensure that your host computer adheres to the system requirements for your
preferred virtual environment.
Hardware specifications
For VMware-based hosts: See the VMware article 1003661 (kb.vmware.com/kb/1003661) to get
the minimum system requirements for VMware ESX or VMware ESXi 4.x. You need a server that has a
64-bit x86 CPU.
18
Installation Guide
Preparing to install
Sample installation scenarios
For Microsoft Hyper-V based systems: See the Microsoft article 731898 (https://
technet.microsoft.com/en-us/library/cc731898.aspx) to get the minimum system requirements for
Hyper-V hosts. You need a computer that has a 64-bit x86 CPU.
Specification
Processor
2 GB
80 GB
To install Email Gateway Virtual Appliance in transparent bridge mode, you must have two external
network interfaces on your physical virtual host, with each connected to different a broadcast domain.
For best performance, McAfee recommends that these two interfaces are not shared with any other
virtual machines on the same physical host. Connecting both interfaces of a bridge to the same
broadcast domain creates an STP loop in your network, which can cause network outages.
Installation Guide
19
Preparing to install
Sample installation scenarios
20
Installation Guide
Preparing to install
Sample installation scenarios
Installation Guide
21
Preparing to install
Sample installation scenarios
22
Installation Guide
This information helps you to set up your virtual environment and install the McAfee Email Gateway
Virtual Appliance.
Contents
Overview of the Email Gateway Virtual Appliance installation process
Installation best practices
Task Configure your virtual network switches
Task Convert from a VMtrial installation
Task Download the installation software
Task Install the appliance on Hyper-V using SCVMM
Task Install the appliance on Hyper-V without using SCVMM
Task Install the appliance on VMware vSphere
Configure the Email Gateway Virtual Appliance
Using the Configuration Console
Task Improve performance
Enable protocols.
Installation Guide
23
The Email Gateway Virtual Appliance is easiest to set up and maintain when it runs in the default
explicit proxy operating mode.
Familiarize yourself with the information about creating clusters and resource pools. See the
relevant website for your chosen virtual environment (http://www.vmware.com or http://
www.microsoft.com.)
Use a Storage Area Network (SAN) rather than a Network File System (NFS) share to achieve
optimal performance.
If you run the Email Gateway Virtual Appliance in either of the transparent modes:
The distributed resource and high availability (HA) features within the virtual environments
might cause network interruptions if a failover takes place.
Ensure that the Email Gateway Virtual Appliance NICs are not linked to the same broadcast
domain. To avoid network loops, ensure that their IP addresses are not in the same subnet.
Ensure that each network adapter on the Email Gateway Virtual Appliance is connected to a
different physical network on the host computer.
You need at least three NICs in your virtual host. The Email Gateway Virtual Appliance needs
two NICs and the virtual environments recommend using a dedicated NIC for the management
of the environment.
See also
Task Install the appliance on Hyper-V using SCVMM on page 31
Task Create a virtual machine on page 33
24
Installation Guide
For best performance, McAfee recommends that the interfaces used by the Email Gateway
Virtual Appliance virtual machine are not shared with any other virtual machine on this
Hyper-V host. Before you begin to install the virtual appliance, ensure that you have
created the required virtual switches using the Virtual Switch Manager from within Hyper-V
Manager. These virtual switches are used to connect LAN1 and LAN2 of the virtual
appliance. Ensure that the virtual switches have the correct configurations.
When importing the Email Gateway Virtual Appliance .xml file, make sure that the LAN1 interface is
connected to your first virtual switch and that the LAN2 interface is connected to your second virtual
switch.
You must create identical virtual switches on each host in the high availability (HA) cluster.
Task
1
In the left pane, select the host you want to install the virtual appliance on.
In Virtual Switch Properties, type a name for your new network, such as MEG LAN 1. Add any notes to
help identify this switch.
Select the physical interface that you want to use for the LAN1 or LAN2 connection of your
virtual appliance.
Click Apply.
Ensure that you have at least two different physical interfaces available on your Hyper-V
host. The two interfaces used for the bridge must be connected to different broadcast
domains to avoid network loops and cause severe disruption in your network. A third
interface can be used for out-of-band management.
Installation Guide
25
For best performance, McAfee recommends that the interfaces used by the bridge are
dedicated to the Email Gateway Virtual Appliance virtual machine and not shared with any
other virtual machine on this Hyper-V host. Before you install the virtual appliance, ensure
that you have created and configured the virtual switches to which LAN1 and LAN2 of the
virtual appliance connect.
When importing the Email Gateway Virtual Appliance .xml file, make sure that the LAN1 interface is
connected to your first virtual switch and LAN2 is connected to your second virtual switch.
You must create identical virtual switches on each host in the high availability (HA) cluster.
Task
1
In the left pane, select the host you want to install the virtual appliance on.
In Virtual Switch Properties, type a name for your new network, such as MEG LAN 1. Add any notes to
help identify this switch.
Select the physical interface that you want to use for the LAN1 or LAN2 connection of your
virtual appliance.
Click Apply.
In the Virtual Machines list, right-click the McAfee Email Gateway Virtual Appliance and select
Settings.
m Click OK.
4
26
Installation Guide
Task
1
In the left pane, select the host you want to install the virtual appliance on.
In Virtual Switch Properties, type a name for your new network, such as MEG LAN 1. Add any notes to
help identify this switch.
Select the required Network Interface Connector (NIC) and relevant options to be used by this
switch.
Installation Guide
27
For best performance, McAfee recommends that the interfaces used by the McAfee Email
Gateway Virtual Appliance virtual machine are not shared with any other virtual machine on
this VMware ESX host. Before you begin to install the virtual appliance, ensure that you
have vSwitches created to which LAN 1 and LAN 2 of the virtual appliance can connect, and
that they have the correct configuration.
When importing the McAfee Email Gateway Virtual Appliance .OVA file ensure that the LAN 1 interface
is connected to your first vSwitch and that the LAN 2 interface is connected to your second vSwitch.
You must create identical vSwitches on each host in the High Availability (HA) cluster if vMotion is in
use.
Task
1
In the Hosts and Clusters view, select the host on the left on which you are planning to install the
virtual appliance.
Click Networking.
In the Add Network Wizard, select Virtual Machine, and click Next.
Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1
connection of your virtual appliance, and click Next.
28
Installation Guide
When importing the McAfee Email Gateway Virtual Appliance .OVA file make sure that the LAN 1
interface is connected to your first vSwitch and that the LAN 2 interface is connected to your second
vSwitch.
You must create identical vSwitches on each host in the High Availability (HA) cluster if vMotion is in
use.
Task
1
In the Hosts and Clusters view, select the host on the left on which you are planning to install the
virtual appliance.
Click Networking.
In the Add Network Wizard, select Virtual Machine, and click Next.
Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1
connection of your virtual appliance, and click Next .
10 Scroll down on the page to the virtual switch you just created, and click Properties.
11 In vSwitch Properties, double-click the vSwitch entry in the list on the left-hand side.
12 Click Security.
13 In Promiscuous Mode, change the value to Accept and click OK.
14 Click Close.
15 Repeat steps 5 14 to add a second vSwitch for your LAN 2 interface.
The second vSwitch has to be connected to a different physical interface, which is connected to a
different broadcast domain on your network than the interface used for your first vSwitch.
Installation Guide
29
For best performance, McAfee recommends that the interfaces used by the McAfee Email
Gateway Virtual Appliance virtual machine are not shared with any other virtual machine on
this VMware ESX host. Before you begin to install the virtual appliance, ensure that you
have vSwitches created to which LAN 1 and LAN 2 of the virtual appliance can connect, and
that they have the correct configuration.
When importing the McAfee Email Gateway Virtual Appliance .OVA file ensure that the LAN 1 interface
is connected to your first vSwitch and that the LAN 2 interface is connected to your second vSwitch.
You must create identical vSwitches on each host in the High Availability (HA) cluster if vMotion is in
use.
Task
1
In the Hosts and Clusters view, select the host on the left on which you are planning to install the
virtual appliance.
Click Networking.
In the Add Network Wizard, select Virtual Machine, and click Next.
Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1
connection of your virtual appliance, and click Next.
From your VMtrial installation, select System | System Administration | Configuration Management.
Install the McAfee Email Gateway Virtual Appliance software onto your chosen virtual environment.
Log on, and open the McAfee Email Gateway Virtual Appliance software.
Select System | System Administration | Configuration Management, and click Restore From File.
You can also access restore configuration options from System | Setup Wizard.
30
Browse to the VMtrial configuration file you want to restore and click Open.
Installation Guide
Select the parts of the file that you want to restore and click OK.
Check that the settings were imported successfully and apply the changes.
Get the McAfee grant ID number that you received when you purchased Email Gateway.
McAfee provides the software in suitable formats for your chosen virtual environment.
Task
1
Go to the McAfee website http://www.mcafee.com. Hover your cursor over your business type and
click Downloads.
Type the McAfee grant ID number that you received when you purchased Email Gateway, and click
Submit.
Agree to the license terms, select the latest version and download it.
McAfee recommends that you read the Release Notes that accompany the software image before
you continue with the installation.
Installation Guide
31
Import the installation files so that they are available for the installation of your Email Gateway Virtual
Appliance.
Task
1
Click Add resource and browse to the folder containing the extracted McAfee-MEG-< version.number
>-< build.number >.HVbuy.zip package files.
Click Open.
Click Open.
Click Import.
The virtual hard disks required for the installation of your Email Gateway Virtual Appliance are
imported to the SCVMM library.
Click Open.
Click Next.
Optionally, enter a descriptive name for the template (by default, the template name is McAfee,
Inc. MEG).
Click Next.
Click Import.
The template is imported to Microsoft System Center Virtual Machine Manager, and appears within
Templates | VM Templates.
32
Installation Guide
Navigate to VMs and Services and select VMs from the top toolbar.
Choose the Hyper-V host onto which you want to deploy the Email Gateway Virtual Appliance.
Select Use an existing virtual machine, VM template, or virtual hard disk, browse to locate the virtual machine
template you installed, and click OK.
Click Next.
Click Next.
The summary screen for the virtual machine configuration is displayed.
Click Next.
10 You can change the host upon which the virtual machine is installed.
A list of the available hosts is displayed, together with a rating for each, to help you decide the best
host to use.
11 Click Next.
You can review the selected options and settings before creating the virtual machine.
12 Select the required network adaptors from the list.
13 Click Next.
14 Click Create.
The virtual machine is created using the settings within the template file and the information you
selected. The virtual hard drive files are copied to the virtual machine, to be used during the Email
Gateway Virtual Appliance installation.
See also
Hyper-V network configuration on page 24
Installation Guide
33
Once the Email Gateway Virtual Appliance software has been installed within Hyper-V,
ensure the virtual machine is powered on before continuing with the installation process.
Task
1
Make sure the virtual machine running the Email Gateway Virtual Appliance is running.
Select the virtual machine, and click Connect from within Actions.
The Virtual Machine Connection window is displayed.
From the Virtual Machine Connection window within Hyper-V Manager, follow the installation steps
detailed in Configure the Email Gateway Virtual Appliance.
See also
Configure the Email Gateway Virtual Appliance on page 36
From the computer hosting your Hyper-V installation, browse to the folder containing the Email
Gateway Virtual Appliance installation files.
Right-click the HyperV_< build.number >.ps1 file and select Run with PowerShell.
If prompted with an Execution Policy Change dialog box, type Y to continue running the installation
script.
34
Select the folder into which the Email Gateway Virtual Appliance virtual hard disks are installed.
Select the required interfaces for LAN1, LAN2 and (if necessary) OOB.
Installation Guide
Click OK.
The installation takes several minutes as the separate drives are created. When the Email Gateway
Virtual Appliance drives have been created, a "deployment complete" message is displayed.
From the computer hosting your Hyper-V installation, view the Virtual Machines.
From the Virtual Machine Connection window within Hyper-V Manager, follow the installation steps
detailed in Configure the Email Gateway Virtual Appliance.
See also
Configure the Email Gateway Virtual Appliance on page 36
Ensure that you have configured VMware vSphere to work with your chosen operational
mode.
Download the McAfee Email Gateway Virtual Appliance package from the McAfee
download site and extract it to a location where the VMware vSphere Client can see it.
Install a fully licensed copy of VMware vSphere 4 or VMware vSphere Hypervisor (ESXi)
4.
If you used the VMtrial product to test the software, you can save your VMtrial configuration and
restore it onto the virtual appliance when the installation is complete.
Task
1
From the Inventory list, select the host or cluster onto which you want to import the virtual appliance
software.
Click File | Deploy OVF Template | Deploy From File, and click Browse to go to where downloaded the .OVA file.
Installation Guide
35
Select the resource pool that you want to use if you have any configured.
Select the datastore that you want to use, and click Next.
Select the virtual networks to which the virtual appliance NICs will be connected.
10 Define the size of the data storage disk to increase the space allocated for quarantined, deferred,
and logged items.
You cannot set a disk size smaller than the default 40GB.
11 Click Next, read the summary, then click Finish and wait for the import process to finish.
Start the Email Gateway Virtual Appliance. The installation starts automatically.
Read the End-User License Agreement to continue with the installation, then click y to accept it and
start the installation.
When the installation is complete, the Email Gateway Virtual Appliance restarts.
On the Welcome screen, choose the language that you want to use.
Configure the Email Gateway Virtual Appliance from the graphical configuration wizard.
Apply the configuration to the Email Gateway Virtual Appliance. Depending on the settings you
entered, it might restart. You can install the Email Gateway Virtual Appliance on more than one
virtual environment. To do so:
a
Return to the previously installed Email Gateway Virtual Appliance user interface.
Select System | System Administration | Configuration Push to send the configuration details to the
second Email Gateway Virtual Appliance.
36
Installation Guide
The Configuration Console launches automatically at the end of the startup sequence after either:
When launched, the Configuration Console provides you with options to either configure your device in
your preferred language from the McAfee Email Gateway console, or provides instructions for you to
connect to the Setup Wizard within the user interface from another computer on the same class C (/24)
subnet. Both methods provide you with the same options to configure your McAfee Email Gateway.
From the Configuration Console, you can configure a new installation of the appliance software. However, to
configure your appliance using a previously saved configuration file, you need to log onto the appliance
user interface, and run (System | Setup Wizard).
This version of the software also introduces automatic configuration using DHCP for the following
parameters:
Host name
DNS server
Domain name
Leased IP address
Default gateway
NTP server
Further information about each page of the Configuration Console and the Setup Wizard is available on
screen.
Email Configuration
Basic Settings
Summary
Email Configuration
Basic Settings
Time Settings
Installation Guide
37
Network Settings
Password
Cluster Management
Summary
Once the configuration information has been imported, you are taken to the Custom Setup options within
the Setup Wizard (see Performing a custom setup.) All imported options are shown on the wizard pages,
giving you the opportunity to make any amendments before applying the configuration.
When using the Restore from a file option, the wizard includes these pages:
Import Config
Values to Restore
Once this information has been loaded, you are then taken to the Custom Setup pages, so that you can
make further changes before applying the new configuration:
Email Configuration
Basic Settings
Time Settings
Network Settings
Password
Cluster Management
Summary
38
Installation Guide
Definition
ePO Extensions Download the McAfee ePolicy Orchestrator extensions for McAfee Gateway products,
including McAfee Email Gateway.
The file MEGv7.x_ePOextensions.zip contains both the EWG and the MEG McAfee
ePolicy Orchestrator extensions.
The EWG extension allows reporting from within McAfee ePolicy Orchestrator for the
following products:
McAfee Email and Web Security appliances
McAfee Web Gateway appliances
McAfee Email Gateway appliances
The MEG Extension provides full McAfee ePolicy Orchestrator management for McAfee
Email Gateway versions 7.0 onwards.
For you to use McAfee ePolicy Orchestrator for either reporting or management, the
McAfee ePolicy Orchestrator Extensions need to be installed on your McAfee ePolicy
Orchestrator server.
ePO Help
Extensions
Import ePO
connection
settings
Click to browse to the McAfee ePolicy Orchestrator connection settings file, to import
the McAfee ePolicy Orchestrator connection information into the appliance.
From your McAfee Email Gateway, on Settings for ePO Management, select ePO Extensions and click Save to
download the extension file.
From your McAfee Email Gateway, on Settings for ePO Management, select ePO Help Extensions and click Save
to download the help extension file.
On your McAfee ePolicy Orchestrator server, install these extensions using Menu | Software | Extensions
| Install Extensions.
On the McAfee ePolicy Orchestrator server, save the connections settings from Menu | Gateway
Protection | Email and Web Gateway | Actions | Export Connection Settings.
Installation Guide
39
On the McAfee Email Gateway, return to the Settings for ePO Management page in the Setup Wizard, and
click Import ePO connection settings. Browse to the McAfee ePolicy Orchestrator connections settings file.
Click Next to continue to the Basic Settings page in the Setup Wizard.
In the Inventory list, right-click virtual appliance, and click Edit Settings. In the Virtual Machine Properties
dialog box, three hard disks are available to the virtual appliance:
Hard disk 1 holds the virtual appliance installation files, and must not be removed or
changed.
Hard disk 2 is the main hard disk used by the virtual appliance. You can increase its size but
McAfee recommends that you do not reduce it.
Hard disk 3 holds the temporary swap space of the virtual appliance.
Putting the second and third hard disks on two separate datastores can potentially improve
performance.
After the appliance is installed, the disk size cannot be changed.
40
Installation Guide
Right-click the virtual appliance in the list of Virtual Machines, and click Settings.
In the relevant areas of the Settings dialog box, change the settings as necessary.
McAfee recommends that you do not reduce the settings to less than the default settings or the
recommended virtual appliance system requirements.
Right-click the virtual appliance in the Inventory list, and click Edit Settings.
In the Virtual Machine Properties dialog box, there are three hard disks available to the
virtual appliance:
Hard disk 1 holds the virtual appliance installation files, and must not be removed or
changed.
Hard disk 2 is the main hard disk used by the virtual appliance. You can increase its size but
McAfee recommends that you do not reduce it.
Hard disk 3 will hold the temporary swap space of the virtual appliance.
Putting the second and third hard disks on two separate datastores can potentially improve
performance.
Right-click the virtual appliance in the Inventory list, and click Edit Settings.
In the Virtual Machine Properties dialog box, change the settings as necessary.
McAfee recommends that you do not reduce the settings to less than the default settings or the
recommended virtual appliance system requirements.
Installation Guide
41
42
Installation Guide
This section describes the Dashboard page, and how to edit its preferences.
The Dashboard
The Dashboard provides a summary of the activity of the appliance.
Dashboard
On a cluster master appliance, use this page also to see a summary of activity on the cluster of
appliances.
Some portlets display graphs that show appliance activity over the following periods of time:
Installation Guide
43
1 hour
2 weeks
4 weeks
1 week
Within the Dashboard, you can make some changes to the information and graphs displayed:
See a status indicator that shows whether the item needs attention:
and
and
buttons.
Use
and
to zoom in and zoom out of a timeline of information. There is a short delay while
the view is updated. By default, the Dashboard shows data relating to the previous one day.
Double-click the top bar of a portlet to expand it across the top of the Dashboard.
Set your own alert and warning thresholds to trigger events. To do so, highlight the item and click
it, edit the alert and warning threshold fields, and click Save. When the item exceeds the threshold
you set, an event is triggered.
Depending on the browser used to view the McAfee Email Gateway user interface, the Dashboard
"remembers" the current state of each portlet (whether it is expanded or collapsed, and if you have
drilled down to view specific data), and attempts to re-create that view if you navigate to another page
within the user interface and then return to the Dashboard within the same browsing session.
Dashboard portlets
The McAfee Email Gateway Dashboard portlets provide information about the state of email traffic,
recent detections and the current status of your McAfee Email Gateway.
44
Option
Definition
Inbound Mail
Summary
Displays the delivery and status information about messages sent to your
organization.
Outbound Mail
Summary
Displays the delivery and status information about messages sent from your
organization.
SMTP Detections
Displays the total number of messages that triggered a detection based on the
sender or connection, the recipient, or the content, and to view data specific to
either inbound or outbound SMTP traffic.
POP3 Detections
System Summary
Displays information about load balancing, the disk space used for each partition,
total CPU usage, used and available memory, and swap details.
Installation Guide
Option
Definition
Hardware Summary
Status indicators to show the status of network interfaces, UPS servers, bridge
mode (if enabled), and RAID status.
Network Summary
Services
Displays update and service status statistics based on protocol and external
servers used by the appliance.
Clustering
Provides information about the entire cluster when appliance is part of a cluster or
you are using the blade server hardware.
Tasks
Links directly to the areas of the user interface that search the message queue,
view reports, manage policies, configure mail protocol settings and network and
system settings, and access troubleshooting features.
Installation Guide
45
46
Installation Guide
This information describes how to test that the appliance is functioning correctly after installation.
Contents
Task
Task
Task
Task
Test connectivity
Update the DAT files
Test mail traffic and virus detection
Test spam detection
From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from the
Tasks area.
To update the anti-virus engine and anti-virus database, click Update Now.
To check that the update applied correctly, open the Services portlet in the Dashboard, and expand
the Updates status. The Anti-virus components will have a green status.
Installation Guide
47
Send an email message from an outside email account (such as Hotmail) to an internal mailbox
and confirm that it arrived.
On the Dashboard, look at the Detections areas. The listing for the protocol you used to send the
message should show that a message was received.
Copy the following line into a file, making sure you do not include any spaces or line breaks:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
From an external email account (SMTP client), create a message that contains the EICAR.COM file
as an attachment and send the message to an internal mailbox.
Return to the Dashboard and look at the Detections areas. You should see that a virus was
detected.
Delete the message when you finish testing your installation, to avoid alarming unsuspecting users.
From an external email account (SMTP client), create a new email message.
48
Installation Guide
This information contains tasks to demonstrate the McAfee Email Gateway scanning features in action.
It provides step-by-step instructions to create and test some sample policies and tells you how to
generate applicable reports.
Introduction to policies
The appliance uses policies which describe the actions that the appliance must take against threats
such as viruses, spam, unwanted files, and the loss of confidential information.
Policies are collections of rules or settings that can be applied to specific types of traffic or to groups of
users.
Installation Guide
49
Encryption
The Encryption pages enable you to set up McAfee Email Gateway to use the supported encryption
methods to securely deliver your email messages.
Email | Encryption
The McAfee Email Gateway includes several encryption methodologies, and can be set up to provide
encryption services to the other scanning features, or can be set up as an encryption-only server used
just to encrypt email messages.
Select the required protocol using steps in Task View policies for SMTP, POP3 or McAfee Secure
Web Mail.
In the Scanning Policies New Policy page, enter the following information:
a
Choose if the policy is to apply to inbound or outbound email traffic. (SMTP only)
Select the type of rule, how it should match, and the value that the rule tests against.
and
Click OK.
50
Installation Guide
Click Enable compliance, and select Create new rule from template.
10 In On-box Encryption Options, select Secure Web Mail, and click OK.
11 Apply the changes.
Click Search/Refresh.
All messages that have been quarantined are displayed in the lower part of the page.
Installation Guide
51
Complete the steps in Task Find out which email messages are quarantined.
Click Search/Refresh.
The lower part of the screen is refreshed to show only the messages that have been quarantined due
to compliance issues.
Select the relevant quarantined message using the checkbox to the left of the page.
The selected message is displayed in a new window. From this window, you can view the content of
the email message. You can also choose to view the detailed email header information. After you have
viewed the message, by clicking the relevant buttons, you can choose further actions to perform on
the email message.
Compliance Settings
Use this page to create and manage compliance rules.
52
Installation Guide
Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose score
you want to change.
In Maximum term count, type the maximum number of times that you want a term to contribute to the
score.
Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose score
you want to change.
In dictionary threshold, type the score on which you want the rule to trigger, and click OK.
Installation Guide
53
Task
1
Click Create new rule, type a name for it such as Discontent - Low, and click Next.
Click Finish.
Repeat steps 2 through 4 to create another new rule but name it Discontent - High and assign it
a threshold of 40.
Click Finish.
Select the new dictionary that you want to include, and click OK.
54
In the Default Compliance Settings dialog box, click Yes to enable the policy.
Select a dictionary that you want to exclude from the rule in the exclusion list.
Select the action that you want to take place if the rule triggers.
From the And conditionally drop-down list, select All, and click Finish.
Installation Guide
In the Default Compliance Settings dialog box, click Yes to enable the policy.
Select the Social Security Number dictionary, and click Next twice.
In the Default Compliance Settings dialog box, click Yes to enable the policy.
Click Create new rule from template to open the Rule Creation Wizard.
Select the Acceptable Use - Threatening Language policy, and click Next.
Change the primary action to Deny connection (Block), and click Finish.
Installation Guide
55
Setting the DLP policy to action, and control the detection (this topic)
If an uploaded registered document contains embedded documents, their content is also fingerprinted
so the combined content is used when calculating the percentage match at scan time. To have
embedded documents treated individually, they must be registered separately.
In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.
Click Create new rule, select the Finance category, and click OK to have the category appear in the Rules
list.
Select the action associated with the category, change the primary action to Deny connection (Block),
and click OK.
In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.
Enable the consecutive signatures setting, and type the number of consecutive signatures against
which the DLP policy will trigger a detection. The level is set to 10 by default.
Click Create new rule, select the Finance category, and click OK to have the category appear in the
Rules list.
Select the action associated with the category, change the primary action to Deny connection (Block),
and click OK.
56
In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.
Installation Guide
Click Create document exclusion, select the document you want to ignore for this policy, and click OK.
Installation Guide
57
58
Installation Guide
This information gives some best practice tips and some advanced configuration options.
Contents
Task
Task
Task
Task
Task
You must have Email Gateway Virtual Appliance version 7.6.4.1 (or later) already installed
and configured within your Hyper-V environment.
After an operating system is installed on a virtual appliance, the virtual machine always starts from
the hard disk first. To work around this feature, you have to shut down the virtual machine and
configure a power-on-boot delay so that you have enough time to access the Boot menu and tell it to
start from the installation CD instead.
Task
1
Download the latest version of the Email Gateway Virtual Appliance .iso upgrade file from the
McAfee download site and extract it.
Log on to the virtual appliance user interface and select System | System Administration | System
Commands.
Installation Guide
59
Enable a Power-on-Boot delay to get enough time to force the virtual machine to boot from CD:
a
Select the virtual appliance in the Inventory list and click Summary.
In Power-on-Boot delay, type 10,000 in the text box, and click OK.
Make sure the cursor focus is on the Virtual Appliance console. Then press the ESC key to open the
Boot Menu.
Do not select any options yet.
Release the cursor from the console and select Connect CD/DVD1.
Browse to the folder where you downloaded the Email Gateway Virtual Appliance .iso file and
double-click <McAfee-MEG <version.number >-<build-number>.VMbuy.iso>.
When the .iso file is connected, click back on to the console screen. Select CD-ROM Drive and press
the ENTER key.
60
Download the latest version of the Email Gateway Virtual Appliance .iso upgrade file from the
McAfee download site and extract it.
Log on to the virtual appliance user interface and select System | System Administration | System
Commands.
Installation Guide
Log on to VMware ESX Server, or use the VMware Infrastructure Client or the VMware vSphere
Client to log on to VMware Virtual Center Server.
Enable a Power-on-Boot delay to get enough time to force the virtual machine to boot from CD:
a
Select the virtual appliance in the Inventory list and click Summary.
In Power-on-Boot delay, type 10,000 in the text box, and click OK.
Make sure the cursor focus is on the Virtual Appliance console. Then press the ESC key to open the
Boot Menu.
Do not select any options yet.
Release the cursor from the console and select Connect CD/DVD1.
Browse to the folder where you downloaded the Email Gateway Virtual Appliance .iso file and
double-click <McAfee-MEG 7.x-<build-number>.VMbuy.iso>.
When the .iso file is connected, click back on to the console screen. Select CD-ROM Drive and press
the ENTER key.
Within VMware vSphere Client, right-click the Email Gateway Virtual Appliance and select Edit Settings.
Set the option next to the red square to Shut Down Guest.
Next to the Reset icon (red and green arrow), set the option to Restart Guest.
Installation Guide
61
Make sure that Automatically start if it was running when the service stopped is selected.
Click OK to save the changes to the Settings for the selected Email Gateway Virtual Appliance.
Select Virtual Machine Startup/Shutdown in the Software box, click Properties, and do the following:
Enable the Allow virtual machines to start and stop automatically with the system option.
Select the Email Gateway Virtual Appliance in the list and click Move Up until it appears as the first
item in the list.
Click Edit.
In Virtual Machine Autostart Settings, within the Shutdown Settings box, select the Use specified settings option
and choose Guest Shutdown next to Perform shutdown action.
The virtual appliance now appears in the list underneath the Automatic Startup heading and the value in
the Shutdown column is Shut down guest.
62
Installation Guide
Index
A
about this guide 5
B
benefits of data loss prevention 55
benefits of DLP 55
C
cluster configuration
statistics 43
compliance 52
Compliance
benefits of 53
scanning for 53
configuration
Hyper-V 24
configuration change messages 43
Configuration console 36
configure the virtual appliance 36
configure virtual network switches 24
conventions and icons used in this guide 5
Custom setup wizard 37
D
Dashboard 43
data loss prevention
benefits 55
data loss prevention (DLP) 55
demilitarized zone
SMTP configuration 17
demilitarized zone (DMZ) 16
detections
rates and statistics 43
DHCP 36
dictionaries
adding to policies 52
editing scores and terms 52
DLP
benefits 55
DLP (data loss prevention) 55
DMZ 16
SMTP configuration 17
documentation
audience for this guide 5
product-specific, finding 7
typographical conventions and icons 5
download package 9
E
Email Gateway
package contents 9
power on 33
email policies
compliance 52
email queues 43
email status 43
encryption 50
ePolicy Orchestrator Management setup 39
explicit proxy mode 12
F
firewall rules
explicit proxy mode 12
G
graphs
email and network statistics 43
H
Hyper-V configuration 24
Hyper-V template
import 32
I
import Hyper-V template 32
improve performance 41
installation
best practices 24
configure the virtual appliance 36
improve performance 41
installing ePolicy Orchestrator extensions 39
on VMware vSphere 35
process overview 23
Installation Guide
63
Index
installation options
convert from VMtrial 30
custom setup 37
standard setup 37
M
mail gateway
with a DMZ 17
mail relay
in a DMZ 17
McAfee Global Threat Intelligence 43
McAfee ServicePortal, accessing 7
N
network modes
explicit proxy mode 12
installation best practices 24
introduction 11
transparent bridge mode 14
transparent router mode 15
network status 43
O
operating modes
explicit proxy mode 12
installation best practices 24
transparent bridge mode 14
transparent router mode 15
P
performance
improve 41
platforms
virtual 9
policies
introduction to 49
status 43
power on Email Gateway on Hyper-V 33
T
technical support, finding product information 7
threat feedback 43
transparent bridge mode 14
system requirements 18
transparent modes
installation best practices 24
transparent router mode 15
V
virtual appliance
initial configuration 36
virtual hard disk files
importing 31
importing virtual hard disk files 31
virtual network switches
configure 24
virtual platforms 9
VMtrial
convert to virtual appliance 30
VMware vSphere
installation steps 35
W
warning messages
Dashboard 43
web policies
compliance 52
S
Scanning
for compliance 53
64
Installation Guide
C00