Meg 76400 Vaig c00 En-Us

Installation Guide
Revision C
McAfee Email Gateway 7.6.400 Virtual

Appliances
for use in Microsoft Hyper-V and VMware vSphere environments
COPYRIGHT
Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com
TRADEMARK ATTRIBUTIONS
Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active
Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,
McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee
Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.
Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
McAfee Email Gateway 7.6.400 Virtual Appliances

Installation Guide
Contents
Preface
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
5
5
7
7
Introduction to the McAfee Email Gateway Virtual Appliance
What you get in the download package . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing to install
11
Inappropriate use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Considerations about network modes . . . . . . . . . . . . . . . . . . . . . . . . .
Explicit proxy mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transparent bridge mode . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transparent router mode . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deployment strategies for using the device in a DMZ . . . . . . . . . . . . . . . . . . .
SMTP configuration in a DMZ . . . . . . . . . . . . . . . . . . . . . . . . . .
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sample installation scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Running the Email Gateway Virtual Appliance as the only virtual machine on the host . . .
Running Email Gateway Virtual Appliance with other virtual machines . . . . . . . . .
Installing the McAfee Email Gateway Virtual Appliance
23
Overview of the Email Gateway Virtual Appliance installation process . . . . . . . . . . . .

Installation best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task Configure your virtual network switches . . . . . . . . . . . . . . . . . . . . .
Hyper-V network configuration . . . . . . . . . . . . . . . . . . . . . . . . .
VMware vSphere network configuration . . . . . . . . . . . . . . . . . . . . .
Task Convert from a VMtrial installation . . . . . . . . . . . . . . . . . . . . . . .
Task Download the installation software . . . . . . . . . . . . . . . . . . . . . . .
Task Install the appliance on Hyper-V using SCVMM . . . . . . . . . . . . . . . . . . .
Task Import the installation files . . . . . . . . . . . . . . . . . . . . . . .
Task Import the virtual machine template . . . . . . . . . . . . . . . . . . . .
Task Create a virtual machine . . . . . . . . . . . . . . . . . . . . . . . .
Task Run the Email Gateway Virtual Appliance . . . . . . . . . . . . . . . . . .
Task Install the appliance on Hyper-V without using SCVMM . . . . . . . . . . . . . . .
Task Run the Email Gateway Virtual Appliance installation script . . . . . . . . . . .
Task Install the Email Gateway Virtual Appliance in Hyper-V without using SCVMM . . .
Task Install the appliance on VMware vSphere . . . . . . . . . . . . . . . . . . . . .
Configure the Email Gateway Virtual Appliance . . . . . . . . . . . . . . . . . . . . . .
Using the Configuration Console . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing a Standard Setup . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing a Custom Setup . . . . . . . . . . . . . . . . . . . . . . . . . .
Restoring from a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

11
11
12
14
15
16
17
18
19
20
21
23
24
24
24
27
30
31
31
31
32
33
33
34
34
35
35
36
36
37
37
38
Installation Guide
Contents
ePolicy Orchestrator Managed Setup . . . . . . . . . . . . . . . . . . . . . . .

Encryption Only Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task Improve performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task Improve performance on Hyper-V . . . . . . . . . . . . . . . . . . . . .
Task Improve performance on VMware vSphere . . . . . . . . . . . . . . . . .
A tour of the Dashboard
38
40
40
40
41
43
The Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Benefits of using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . .
43
43
Dashboard portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Testing the configuration

Task
Task
Task
Task
47
Test connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Update the DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Test mail traffic and virus detection . . . . . . . . . . . . . . . . . . . . . . .
Test spam detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Exploring the appliance features

Introduction to policies . . . . .
Encryption . . . . . . .
Task Identify quarantined
Compliance Settings . . .
. . . . . . .
. . . . . . .
email messages
. . . . . . .
49
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Data Loss Prevention settings . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Configuration Options

Task
Task
Task
Task
Task
Upgrading to the latest version of Email Gateway Virtual Appliance (Hyper-V)

Upgrading to the latest version of Email Gateway Virtual Appliance (VMware)
Change the default Power Off and Reset actions (VMware) . . . . . . . .
Configure the shutdown and restart option (Hyper-V) . . . . . . . . . .
Configure the shutdown and restart option (VMware) . . . . . . . . . .
Index
47
47
48
48

49
50
51
52
55
59
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
59
60
61
62
62
63
Installation Guide
Preface
This guide provides the information you need to install your McAfee product.
Contents
About this guide
Find product documentation
About this guide

This information describes the guide's target audience, the typographical conventions and icons used
in this guide, and how the guide is organized.
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
Administrators People who implement and enforce the company's security program.
Conventions
This guide uses these typographical conventions and icons.
Book title, term,
emphasis
Title of a book, chapter, or topic; a new term; emphasis.
Bold
Text that is strongly emphasized.
User input, code,

message
Commands and other text that the user types; a code sample; a displayed
message.
Interface text
Words from the product interface like options, menus, buttons, and dialog
boxes.
Hypertext blue
A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing an
option.
Tip: Suggestions and recommendations.
Important/Caution: Valuable advice to protect your computer system,
software installation, network, business, or data.
Warning: Critical advice to prevent bodily harm when using a hardware
product.

Installation Guide
Preface
About this guide
Graphical conventions
Use this information to understand the graphical symbols used within this document.
Virtual Appliance
Internet or external
networks
Mail Server
Other servers (such as

DNS servers)
User or client computer
Router
Switch
Firewall
Network zone (DMZ or

VLAN)
Network
Actual data path
Perceived data path
Definition of terms used in this guide

Understand some of the key terms used in this document.
Term
Definition
demilitarized zone
(DMZ)
A computer host or small network inserted as a buffer between a private

network and the outside public network. A DMZ prevents direct access from
outside users to resources on the private network.
DAT files
Detection definition (DAT) files, also called signature files, containing the
definitions that identify, detect, and repair viruses, trojan horses, spyware,
adware, and other potentially unwanted programs (PUPs).
operational mode
3 operating modes for the product: explicit proxy mode, transparent bridge
mode, and transparent router mode.
policy
A collection of security criteria, such as configuration settings, benchmarks, and

network access specifications, that defines the level of compliance required for
users, devices, and systems. McAfee security applications assess or enforce your
policies.
Reputation Service Part of sender authentication. If a sender fails the Reputation Service check, the
check
appliance is set to close the connection and deny the message. The sender's IP
address is added to a list of blocked connections and is automatically blocked in
future at the kernel level.

Installation Guide
Preface
How to use this guide

This topic gives a brief summary of the information contained within this document.
This guide helps you to:
Plan and perform your installation.
Become familiar with the interface.
Test that the product functions correctly.
Apply the latest detection definition files.
Explore some scanning policies, create reports, and get status information.
Troubleshoot basic issues.
You can find additional information about the product's scanning features in the online help within the
product and in the latest version of the McAfee Email Gateway Administrators Guide.

After a product is released, information about the product is entered into the McAfee online Knowledge
Center.
Task
1
Go to the Knowledge Center tab of the McAfee ServicePortal at http://support.mcafee.com.
In the Knowledge Base pane, click a content source:
Product Documentation to find user documentation
Technical Articles to find KnowledgeBase articles
Select Do not clear my filters.
Enter a product, select a version, then click Search to display a list of documents.

Installation Guide
Preface

Installation Guide
Introduction to the McAfee Email

Gateway Virtual Appliance
McAfee Email Gateway Virtual Appliance delivers comprehensive, enterprise-class protection against
email threats.
Email Gateway Virtual Appliance works in the following environments:
VMware vSphere 4.x or higher
VMware vSphere Hypervisor (ESXi) 4.x or higher
Microsoft Hyper-V installations running on:
Microsoft Windows 8 Pro
Microsoft Windows 8.1 Enterprise
Microsoft Windows 8 Enterprise
Microsoft Windows Server 2012
Microsoft Windows 8.1 Pro
Microsoft Windows Server 2012 R2
What you get in the download package

Depending on your chosen virtual environment, the Email Gateway Virtual Appliance is supplied as
either a .zip or an .iso file. These files contain the virtual appliance software installation files and
documents required to install the virtual appliance within your existing virtual environment.
The download package does not contain the installation files for your chosen virtual environment. If you
do not already have your virtual environment set up, go to your chosen supplier's website to purchase
the relevant product.

Installation Guide
Introduction to the McAfee Email Gateway Virtual Appliance

What you get in the download package
10

Installation Guide
To ensure the safe operation of your Email Gateway Virtual Appliance, consider the following before
you begin the installation.
Familiarize yourself with its operational modes and capabilities. It is important that you choose a
valid configuration.
Decide how to integrate the appliance into your network and determine what information you need
before you start, for example, the name and IP address for the device.
Contents
Inappropriate use
Considerations about network modes
Deployment strategies for using the device in a DMZ
System requirements
Sample installation scenarios
Inappropriate use
Use this information to avoid using this product inappropriately.
McAfee Email Gateway Virtual Appliance is:
Not a firewall You must use it within your organization behind a correctly configured firewall.
Not a server for storing extra software and files Do not install any software on the device
or add any extra files to it unless instructed by the product documentation or your support
representative.
The device cannot handle all types of traffic. If you use explicit proxy mode, only protocols that are to
be scanned should be sent to the device.

Use this information to gain an understanding of the operational (or network) modes in which the
device can operate.
Before you configure your Email Gateway Virtual Appliance, you must decide which network mode to
use. The mode you choose determines how you physically connect your virtual host to your network.
Different modes also have an impact on your virtual switch configuration to which your virtual
appliance will be connected to.

Installation Guide
11
You can choose from the following network modes:
Explicit proxy mode The virtual appliance acts as a proxy server and a mail relay.
Running the virtual appliance in explicit proxy mode requires the least amount of configuration on
your virtual host and is easier to set up.
Transparent router mode The virtual appliance acts as a router.
Transparent bridge mode The virtual appliance acts as an Ethernet bridge.
If you are still unsure about the mode to use after reading this and the following sections, consult your
network expert.
Explicit proxy mode

In explicit proxy mode, some network devices must be set up explicitly to send traffic to the Email
Gateway. The Email Gateway then works as a proxy or relay, processing traffic on behalf of the
devices.
Figure 2-1 Explicit proxy mode apparent data path
Explicit proxy mode is best suited to networks where client devices connect to the device through a
single upstream and downstream device.
Explicit proxy mode might not be the best option if several network devices must be reconfigured to
send traffic to the device.
Network and device configuration

If the device is set to explicit proxy mode, you must explicitly configure your internal mail server to
relay email traffic to the device. The device scans the email traffic before forwarding it, on behalf of
the sender, to the external mail server. The external mail server then forwards the email message to
the recipient.
In a similar way, the network must be configured so that incoming email messages from the Internet
are delivered to the device, not the internal mail server.
The device scans the traffic before forwarding it, on behalf of the sender, to the internal mail server for
delivery, as shown.
For example, an external mail server can communicate directly with the device, although traffic might
pass through several network servers before reaching the device. The perceived path is from the
external mail server to the device.
Protocols
To scan a supported protocol, SMTP, POP3 or McAfee Secure Web Mail, you must configure your other
network servers or client computers to route that protocol through the device, so that no traffic
bypasses the device.
12

Installation Guide
Firewall rules
Explicit proxy mode invalidates any firewall rules set up for client access to the Internet. The firewall
sees only the physical IP address information for the device, not the IP addresses of the clients, so the
firewall cannot apply its Internet access rules to the clients.
Ensure that your firewall rules are updated. The firewall must accept traffic from Email Gateway, but
must not accept traffic that comes directly from the client devices.
Where to place the device

Configure the network devices so that traffic needing to be scanned is sent to the Email Gateway. This
is more important than the location of the Email Gateway.
The router must allow all users to connect to the Email Gateway. The Email Gateway must be
positioned inside your organization, behind a firewall, as shown here.
Figure 2-2 Positioning in Explicit proxy mode
Typically, the firewall is configured to block traffic that does not come directly from the device. If you
are unsure about your networks topology and how to integrate the device, consult your network
expert.
Use this configuration if:
The device is operating in explicit proxy mode.
You are using email (SMTP).
For this configuration, you must:
Configure the external Domain Name System (DNS) servers or network address translation (NAT)
on the firewall so that the external mail server delivers mail to the device, not to the internal mail
server.
Configure the internal mail servers to send email messages to the device. That is, the internal mail
servers must use the device as a smart host. Ensure that your client devices can deliver email
messages to the mail servers within your organization.
Ensure that your firewall rules are updated. The firewall must accept traffic from the device, but
must not accept traffic that comes directly from the client devices. Set up rules to prevent
unwanted traffic entering your organization.

Installation Guide
13
Transparent bridge mode

Use this information to better understand transparent bridge mode on your Email Gateway.
Microsoft Hyper-V virtual switches block STP frames, preventing Email Gateway Virtual Appliance from
participating in STP. Ensure that your network design prevents network loops when deploying your
Email Gateway Virtual Appliance. Because of this limitation, you cannot configure Email Gateway Virtual
Appliance clusters within Hyper-V using transparent bridge mode.
In transparent bridge mode, the communicating servers are unaware of the device the devices
operation is transparent to the servers.
Figure 2-3 Transparent bridge mode apparent data path
In the figure, the external mail server (A) sends email messages to the internal mail server (C). The
external mail server is unaware that the email message is intercepted and scanned by the device (B).
The external mail server seems to communicate directly with the internal mail server the path is
shown as a dotted line. In reality, traffic might pass through several network devices and be
intercepted and scanned by the device before reaching the internal mail server.
What the device does in transparent bridge mode

In transparent bridge mode, the device connects to your network using the LAN1 and LAN2 ports. The
device scans the traffic it receives, and acts as a bridge connecting two network segments, but treats
them as a single logical network.
Configuration in transparent bridge mode

Transparent bridge mode requires less configuration than transparent router and explicit proxy modes.
You do not need to reconfigure all your clients, default gateway, MX records, Firewall NAT, or mail
servers to send traffic to the device. Because the device is not a router in this mode, you do not need
to update a routing table.
Where to place the device when using transparent bridge mode

For security reasons, you must use the device inside your organization, behind a firewall.
Figure 2-4 Positioning in transparent bridge mode

In transparent bridge mode, position the device between the firewall and your router, as shown.
In this mode, you physically connect two network segments to the device, and the device treats them
as one logical network. Because the devices firewall, device, and router are on the same logical
network, they must all have compatible IP addresses on the same subnet.
14

Installation Guide
Devices on one side of the bridge (such as a router) that communicate with devices on the other side
(such as a firewall) are unaware of the bridge. They are unaware that traffic is intercepted and
scanned, therefore the device is said to operate as a transparent bridge.
Figure 2-5 Network structure Transparent bridge mode
Transparent router mode

Use this information to better understand Transparent router mode on your McAfee Email Gateway.
In transparent router mode, the device scans email traffic between two networks. The device has one
IP address for outgoing scanned traffic, and must have one IP address for incoming traffic.
The communicating network servers are unaware of the intervention of the device the devices
operation is transparent to the devices.
What the device does in transparent router mode

In transparent router mode, the device connects to your networks using the LAN1 and LAN2 ports.
The device scans the traffic it receives on one network, and forwards it to the next network device on
a different network. The device acts as a router, routing the traffic between networks, based on the
information held in its routing tables.
Configuration in transparent router mode

Using transparent router mode, you do not need to explicitly reconfigure your network devices to send
traffic to the device. You need only configure the routing table for the device, and modify some routing
information for the network devices on either side of it (the devices connected to its LAN1 and LAN2
ports). For example, you might need to make the device your default gateway.

Installation Guide
15
In transparent router mode, the device must join two networks. The device must be positioned inside
your organization, behind a firewall.
Transparent router mode does not support Multicast IP traffic or non-IP protocols, such as NETBEUI and
IPX.
Firewall rules
In transparent router mode, the firewall connects to the physical IP address for the LAN1/LAN2
connection to the management blade.
Where to place the device

Use the device in transparent router mode to replace an existing router on your network.
If you use transparent router mode and you do not replace an existing router, you must reconfigure part
of your network to route traffic correctly through the device.
Figure 2-6 Network structure Transparent bridge mode
You need to:
Configure your client devices to point to the default gateway.
Configure the device to use the Internet gateway as its default gateway.
Ensure your client devices can deliver email messages to the mail servers within your organization.

Use this information to understand about demilitarized zones within your network, and how to use
them to protect your email servers.
A demilitarized zone (DMZ) is a network separated by a firewall from all other networks, including the
Internet and other internal networks. The typical goal behind the implementation of a DMZ is to lock
down access to servers that provide services to the Internet, such as email.
16

Installation Guide
Hackers often gain access to networks by identifying the TCP/UDP ports on which applications are
listening for requests, then exploiting known vulnerabilities in applications. Firewalls dramatically
reduce the risk of such exploits by controlling access to specific ports on specific servers.
The device can be added easily to a DMZ configuration. The way you use the device in a DMZ depends
on the protocols you intend to scan.
SMTP configuration in a DMZ

Use this information to understand how to configure SMTP devices within a demilitarized zone on your
network.
The DMZ is a good location for encrypting mail. By the time the mail traffic reaches the firewall for the
second time (on its way from the DMZ to the Internet), it has been encrypted.
Devices which scan SMTP traffic in a DMZ are usually configured in explicit proxy mode.
Configuration changes need only be made to the MX records for the mail servers.
NOTE: You can use transparent bridge mode when scanning SMTP within a DMZ. However, if you do not
control the flow of traffic correctly, the device scans every message twice, once in each direction. For
this reason, explicit proxy mode is usually used for SMTP scanning.
Mail relay
Figure 2-7 Configuring as a mail relay
If you have a mail relay already set up in your DMZ, you can replace the relay with the device.
To use your existing firewall policies, give the device the same IP address as the mail relay.
Mail gateway
SMTP does not provide methods to encrypt mail messages you can use Transport Layer Security
(TLS) to encrypt the link, but not the mail messages. As a result, some companies do not allow such
traffic on their internal network. To overcome this, they often use a proprietary mail gateway, such as
Lotus Notes or Microsoft Exchange, to encrypt the mail traffic before it reaches the Internet.

Installation Guide
17
System requirements
To implement a DMZ configuration using a proprietary mail gateway, add the scanning device to the
DMZ on the SMTP side of the gateway.
Figure 2-8 Configuring as a mail gateway
In this situation, configure:
The public MX records to instruct external mail servers to send all inbound mail to the device
(instead of the gateway).
The device to forward all inbound mail to the mail gateway, and deliver all outbound mail using
DNS or an external relay.
The mail gateway to forward all inbound mail to the internal mail servers and all other (outbound)
mail to the device.
The firewall to allow inbound mail that is destined for the device only.
Firewalls configured to use Network Address Translation (NAT), and that redirect inbound mail to
internal mail servers, do not need their public MX records reconfigured. This is because they are
directing traffic to the firewall rather than the mail gateway itself. In this case, the firewall must instead
be reconfigured to direct inbound mail requests to the device.
System requirements
Use this information to ensure that your host computer adheres to the system requirements for your
preferred virtual environment.
Hardware specifications
For VMware-based hosts: See the VMware article 1003661 (kb.vmware.com/kb/1003661) to get
the minimum system requirements for VMware ESX or VMware ESXi 4.x. You need a server that has a
64-bit x86 CPU.
18

Installation Guide
For Microsoft Hyper-V based systems: See the Microsoft article 731898 (https://
technet.microsoft.com/en-us/library/cc731898.aspx) to get the minimum system requirements for
Hyper-V hosts. You need a computer that has a 64-bit x86 CPU.
Virtual machine requirements

Ensure that the virtual machine running your Email Gateway Virtual Appliance meets the following
minimum system requirements.
Table 2-1 Virtual machine requirements
Item
Specification
Processor
Two virtual processors
Available virtual memory
2 GB
Free hard disk space
80 GB
To install Email Gateway Virtual Appliance in transparent bridge mode, you must have two external
network interfaces on your physical virtual host, with each connected to different a broadcast domain.
For best performance, McAfee recommends that these two interfaces are not shared with any other
virtual machines on the same physical host. Connecting both interfaces of a bridge to the same
broadcast domain creates an STP loop in your network, which can cause network outages.

This section contains information about installing the virtual appliance in different server
configurations.

Installation Guide
19
Running the Email Gateway Virtual Appliance as the only virtual

machine on the host
This example shows a possible single-server deployment of the virtual appliance on your chosen
virtual environment.
You run your chosen virtual environment as dedicated servers for the Email Gateway Virtual Appliance.
Their hardware specification must exceed the minimum hardware requirements outlined in the McAfee
Email Gateway Performance Data Guidelines.
This example assumes that you are installing Email Gateway Virtual Appliance in the recommended
explicit proxy mode.
Figure 2-9 Single-server deployment
20

Installation Guide
Running Email Gateway Virtual Appliance with other virtual

machines
This example shows a possible deployment of Email Gateway Virtual Appliance on your chosen virtual
environment alongside other virtual machines.
One virtual host is responsible for the Email Gateway Virtual Appliance and other virtual machines, all
running on the same hardware. See the relevant website (http://www.vmware.com or http://
www.microsoft.com) for information about building a resource pool dedicated to the Email Gateway
Virtual Appliance. The resource pool must also have the minimum levels of CPU and memory allocated
to it as stated in the McAfee Email Gateway Performance Data Guidelines.
This example assumes that you are installing the virtual appliance in the recommended explicit proxy
mode.
Figure 2-10 Multiple server deployment

Installation Guide
21
22

Installation Guide
Installing the McAfee Email Gateway

Virtual Appliance
This information helps you to set up your virtual environment and install the McAfee Email Gateway
Virtual Appliance.
Contents
Overview of the Email Gateway Virtual Appliance installation process
Installation best practices
Task Configure your virtual network switches
Task Convert from a VMtrial installation
Task Download the installation software
Task Install the appliance on Hyper-V using SCVMM
Task Install the appliance on Hyper-V without using SCVMM
Task Install the appliance on VMware vSphere
Configure the Email Gateway Virtual Appliance
Using the Configuration Console
Task Improve performance
Overview of the Email Gateway Virtual Appliance installation

process
This information provides a short overview of the steps needed to install the Email Gateway Virtual
Appliance.
McAfee recommends that you install the Email Gateway Virtual Appliance in the following order:
1
Install your chosen virtual environment.
Download the Email Gateway Virtual Appliance installation files.
Install the Email Gateway Virtual Appliance on the virtual environment.
Complete the graphical configuration wizard.
Log on to the Email Gateway Virtual Appliance.
Test the configuration.
Enable protocols.

Installation Guide
23


This information gives some important considerations to your installation on virtual environments.
McAfee recommends that you read and act upon this information before you start the
installation process.
The Email Gateway Virtual Appliance is easiest to set up and maintain when it runs in the default
explicit proxy operating mode.
Familiarize yourself with the information about creating clusters and resource pools. See the
relevant website for your chosen virtual environment (http://www.vmware.com or http://
www.microsoft.com.)
Use a Storage Area Network (SAN) rather than a Network File System (NFS) share to achieve
optimal performance.
If you run the Email Gateway Virtual Appliance in either of the transparent modes:
The distributed resource and high availability (HA) features within the virtual environments
might cause network interruptions if a failover takes place.
Ensure that the Email Gateway Virtual Appliance NICs are not linked to the same broadcast
domain. To avoid network loops, ensure that their IP addresses are not in the same subnet.
Ensure that each network adapter on the Email Gateway Virtual Appliance is connected to a
different physical network on the host computer.
You need at least three NICs in your virtual host. The Email Gateway Virtual Appliance needs
two NICs and the virtual environments recommend using a dedicated NIC for the management
of the environment.

The virtual switches enable your Email Gateway Virtual Appliance to communicate with your wider
network, allowing your email traffic to be scanned.
Hyper-V network configuration

You can prepare your Hyper-V environment to work in explicit proxy mode, transparent bridge mode,
or transparent router mode.
The following information assumes that you have an existing Hyper-V host system installed, configured,
and running on your network. It also assumes that you are managing the Hyper-V system using
Microsoft System Center Virtual Machine Manager (SCVMM).
See also
Task Install the appliance on Hyper-V using SCVMM on page 31
Task Create a virtual machine on page 33
Task Configure Hyper-V for explicit proxy mode installation

Follow this task to ensure your Hyper-V environment is configured for the Email Gateway Virtual
Appliance to run in explicit proxy mode.
Before you begin
Ensure that you have at least two different physical interfaces available on your Hyper-V
host. A third interface can be used for out-of-band management.
24

Installation Guide

For best performance, McAfee recommends that the interfaces used by the Email Gateway
Virtual Appliance virtual machine are not shared with any other virtual machine on this
Hyper-V host. Before you begin to install the virtual appliance, ensure that you have
created the required virtual switches using the Virtual Switch Manager from within Hyper-V
Manager. These virtual switches are used to connect LAN1 and LAN2 of the virtual
appliance. Ensure that the virtual switches have the correct configurations.
When importing the Email Gateway Virtual Appliance .xml file, make sure that the LAN1 interface is
connected to your first virtual switch and that the LAN2 interface is connected to your second virtual
switch.
You must create identical virtual switches on each host in the high availability (HA) cluster.
Task
1
In Microsoft Server Manager, log on to Hyper-V Manager.
In the left pane, select the host you want to install the virtual appliance on.
To add a virtual switch to each LAN interface:
From the Action menu, select Virtual Switch Manager.
Click New virtual network switch.
Select the required type of virtual switch.
Click Create Virtual Switch.
In Virtual Switch Properties, type a name for your new network, such as MEG LAN 1. Add any notes to
help identify this switch.
Select the physical interface that you want to use for the LAN1 or LAN2 connection of your
virtual appliance.
Click Apply.
Click OK to close the Virtual Switch Manager.
Task Configure Hyper-V for transparent bridge mode installation

Appliance to run in transparent bridge mode.
Before you begin
Microsoft Hyper-V virtual switches block STP frames, preventing Email Gateway Virtual
Appliance from participating in STP. Ensure that your network design prevents network
loops when deploying your Email Gateway Virtual Appliance. Because of this limitation, you
cannot configure Email Gateway Virtual Appliance clusters within Hyper-V using transparent
bridge mode.
host. The two interfaces used for the bridge must be connected to different broadcast
domains to avoid network loops and cause severe disruption in your network. A third
interface can be used for out-of-band management.

Installation Guide
25

For best performance, McAfee recommends that the interfaces used by the bridge are
dedicated to the Email Gateway Virtual Appliance virtual machine and not shared with any
other virtual machine on this Hyper-V host. Before you install the virtual appliance, ensure
that you have created and configured the virtual switches to which LAN1 and LAN2 of the
virtual appliance connect.
When importing the Email Gateway Virtual Appliance .xml file, make sure that the LAN1 interface is
connected to your first virtual switch and LAN2 is connected to your second virtual switch.
You must create identical virtual switches on each host in the high availability (HA) cluster.
Task
1

The second virtual switch must be connected to a different physical interface, on a different
broadcast domain on your network to the interface used for your first virtual switch.
From the Action menu, select Virtual Switch Manager.
Select the required type of virtual switch.
Select the physical interface that you want to use for the LAN1 or LAN2 connection of your
virtual appliance.
Click Apply.
Specify the options to apply to the new virtual switch.

By default, VLAN traffic does not reach the Email Gateway Virtual Appliance. To have the Email
Gateway Virtual Appliance see VLAN traffic (for example, to create specific policies per VLAN)
you have to enable TRUNK mode on LAN1 and LAN2 ports of the Email Gateway Virtual
Appliance.
As an example, a PowerShell command to allow traffic from all VLANs to reach the Email
Gateway Virtual Appliance is shown:
Get-VMNetworkAdapter -vmname MEG-appliance | Select-Object -first 2 |
Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList 1-4094 -NativeVlanId 0
Click Apply, then click OK.
In the Virtual Machines list, right-click the McAfee Email Gateway Virtual Appliance and select
Settings.
Expand the virtual network switch and select Advanced Features.
Select Enable MAC address spoofing.
m Click OK.
4
26

Installation Guide

Task Configure Hyper-V for transparent router mode installation

Appliance to run in transparent router mode.
Before you begin
host. A third interface can be used for out-of-band management.
For best performance, McAfee recommends that the interfaces used by the Email Gateway
Virtual Appliance virtual machine are not shared with any other virtual machine on this
Hyper-V host. Before you begin to install the virtual appliance, create and configure the
virtual switches to which LAN1 and LAN2 of the virtual appliance connect.
When importing the Email Gateway Virtual Appliance .xml file, ensure that the LAN1 interface is
connected to your first virtual switch and that the LAN2 interface is connected to your second virtual
switch.
You must create identical virtual switches on each host in a high availability (HA) cluster.
Task
1

The second virtual switch must be connected to a different physical interface than the interface used
for your first virtual switch.
Select the type of virtual switch to create.
Select the required Network Interface Connector (NIC) and relevant options to be used by this
switch.
Click OK to create the virtual switch.
VMware vSphere network configuration

This group of tasks presents how to prepare your vSwitch configuration for each of the operating
modes available.
Task Configure VMware vSphere for an explicit proxy mode installation

Use this task to configure VMware vSphere to install the virtual appliance in the explicit proxy mode.
Before you begin
Ensure that you have at least two different physical interfaces available on your VMware
ESX host. A third interface can be used for out-of-band management.

Installation Guide
27

For best performance, McAfee recommends that the interfaces used by the McAfee Email
Gateway Virtual Appliance virtual machine are not shared with any other virtual machine on
this VMware ESX host. Before you begin to install the virtual appliance, ensure that you
have vSwitches created to which LAN 1 and LAN 2 of the virtual appliance can connect, and
that they have the correct configuration.
When importing the McAfee Email Gateway Virtual Appliance .OVA file ensure that the LAN 1 interface
is connected to your first vSwitch and that the LAN 2 interface is connected to your second vSwitch.
You must create identical vSwitches on each host in the High Availability (HA) cluster if vMotion is in
use.
Task
1
Log on to your vSphere client.
In the Hosts and Clusters view, select the host on the left on which you are planning to install the
virtual appliance.
On the right hand side, select Configuration.
Click Networking.
Click Add Networking.
In the Add Network Wizard, select Virtual Machine, and click Next.
Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1
connection of your virtual appliance, and click Next.
Type a label for your new network, such as MEG LAN 1.
Click Next, then click Finish .
10 Repeat steps 5 10 to add a second vSwitch for your LAN 2 interface.
Task Configure VMware vSphere for a transparent bridge mode

installation
Use this task to configure VMware vSphere to install the virtual appliance in a transparent bridge
mode.
Before you begin
ESX host. The two interfaces used for the bridge must be connected to different broadcast
domains to avoid network loops and cause severe disruption in your network. A third
interface can be used for out-of-band management.
For best performance, McAfee recommends that the interfaces used by the bridge are
dedicated to the McAfee Email Gateway Virtual Appliance virtual machine and not shared
with any other virtual machine on this VMware ESX host. Before you begin to install the
virtual appliance, ensure that you have vSwitches created to which LAN 1 and LAN 2 of the
virtual appliance can connect, and that they have the correct configuration.
28

Installation Guide

When importing the McAfee Email Gateway Virtual Appliance .OVA file make sure that the LAN 1
interface is connected to your first vSwitch and that the LAN 2 interface is connected to your second
vSwitch.
use.
Task
1
virtual appliance.
Click Networking.
connection of your virtual appliance, and click Next .

By default, VMware ESX removes VLAN tags. To have the virtual appliance see VLAN tagged traffic
(for example, to create specific policies per VLAN) you have to enable Virtual Guest Tagging. To do so,
see VMware Knowledge Base article 1004252.
10 Scroll down on the page to the virtual switch you just created, and click Properties.
11 In vSwitch Properties, double-click the vSwitch entry in the list on the left-hand side.
12 Click Security.
13 In Promiscuous Mode, change the value to Accept and click OK.
14 Click Close.
The second vSwitch has to be connected to a different physical interface, which is connected to a
different broadcast domain on your network than the interface used for your first vSwitch.
Task Configure VMware vSphere for a transparent router mode

installation
Use this task to configure VMware vSphere to install the virtual appliance in a transparent router
mode.
Before you begin
ESX host. A third interface can be used for out-of-band management.

Installation Guide
29

For best performance, McAfee recommends that the interfaces used by the McAfee Email
Gateway Virtual Appliance virtual machine are not shared with any other virtual machine on
this VMware ESX host. Before you begin to install the virtual appliance, ensure that you
have vSwitches created to which LAN 1 and LAN 2 of the virtual appliance can connect, and
that they have the correct configuration.
When importing the McAfee Email Gateway Virtual Appliance .OVA file ensure that the LAN 1 interface
is connected to your first vSwitch and that the LAN 2 interface is connected to your second vSwitch.
use.
Task
1
virtual appliance.
Click Networking.
connection of your virtual appliance, and click Next.

The second vSwitch has to be connected to a different physical interface than the interface used for
your first vSwitch.

Use this task to migrate any configuration settings from a McAfee Email Gateway Appliance (VMtrial)
installation to the McAfee Email Gateway Virtual Appliance.
Task
1
From your VMtrial installation, select System | System Administration | Configuration Management.
Click Backup Configuration to save the configuration details.
Install the McAfee Email Gateway Virtual Appliance software onto your chosen virtual environment.
Log on, and open the McAfee Email Gateway Virtual Appliance software.
Select System | System Administration | Configuration Management, and click Restore From File.
You can also access restore configuration options from System | Setup Wizard.
30
Browse to the VMtrial configuration file you want to restore and click Open.

Installation Guide

Select the parts of the file that you want to restore and click OK.
Check that the settings were imported successfully and apply the changes.

Use this task to download the most up-to-date version of the Email Gateway software.
Before you begin
Read your product installation guide.
Get the McAfee grant ID number that you received when you purchased Email Gateway.
McAfee provides the software in suitable formats for your chosen virtual environment.
Task
1
Go to the McAfee website http://www.mcafee.com. Hover your cursor over your business type and
click Downloads.
From My Products - Downloads, click Login.
Type the McAfee grant ID number that you received when you purchased Email Gateway, and click
Submit.
From the list of products, select Email Gateway.
Agree to the license terms, select the latest version and download it.
McAfee recommends that you read the Release Notes that accompany the software image before
you continue with the installation.

The following sub-tasks describe a method of installing your Email Gateway Virtual Appliance, using
the Microsoft System Center Virtual Machine Manager.
Before you begin
McAfee recommends that you configure the required virtual switches within your Hyper-V
host system before you install the virtual appliance.
See also
Hyper-V network configuration on page 24
Task Import the installation files

Ensure that you have imported the Email Gateway Virtual Appliance installation files into the library of
your SCVMM.
Before you begin
Make sure that you have the Email Gateway Virtual Appliance installation package
(McAfee-MEG-< version.number >-< build.number >.HVbuy.zip) for Hyper-V hosts, and
that you can access this package from within SCVMM.

Installation Guide
31

Import the installation files so that they are available for the installation of your Email Gateway Virtual
Appliance.
Task
1
Start the Microsoft System Center Virtual Machine Manager.
Navigate to Library and your relevant Library Server.
From the top toolbar, click Import Physical Resource.
Click Add resource and browse to the folder containing the extracted McAfee-MEG-< version.number
>-< build.number >.HVbuy.zip package files.
Click Open.
Select all virtual hard disk (.vhdx) files.
Click Open.
Select the destination for the imported files. Click OK.
Click Import.
The virtual hard disks required for the installation of your Email Gateway Virtual Appliance are
imported to the SCVMM library.
Task Import the virtual machine template

A template is provided within the installation package to simplify the process of creating virtual
machines on which to run the Email Gateway Virtual Appliance.
Task
1
Navigate to Library and your relevant Library Server.
From the top toolbar, click Import Template.
Browse to the extracted McAfee-MEG-< version.number >-< build.number >.HVbuy.zip package

files, and select the template (HyperV_Buy.xml) file.
Click Open.
Click Next.
Optionally, enter a descriptive name for the template (by default, the template name is McAfee,
Inc. MEG).
Click Next.
Click Import.
The template is imported to Microsoft System Center Virtual Machine Manager, and appears within
Templates | VM Templates.
32

Installation Guide

Task Create a virtual machine

Before you can install a Email Gateway Virtual Appliance, you must create a virtual machine on your
Hyper-V system.
Task
1
Navigate to VMs and Services and select VMs from the top toolbar.
Choose the Hyper-V host onto which you want to deploy the Email Gateway Virtual Appliance.
Right-click the selected host and select Create Virtual Machine.
Select Use an existing virtual machine, VM template, or virtual hard disk, browse to locate the virtual machine
template you installed, and click OK.
Click Next.
Type a name for the virtual machine.

Optionally, provide a description for this virtual machine.
Click Next.
The summary screen for the virtual machine configuration is displayed.
Click Next.
10 You can change the host upon which the virtual machine is installed.
A list of the available hosts is displayed, together with a rating for each, to help you decide the best
host to use.
11 Click Next.
You can review the selected options and settings before creating the virtual machine.
12 Select the required network adaptors from the list.
13 Click Next.
14 Click Create.
The virtual machine is created using the settings within the template file and the information you
selected. The virtual hard drive files are copied to the virtual machine, to be used during the Email
Gateway Virtual Appliance installation.
See also
Hyper-V network configuration on page 24
Task Run the Email Gateway Virtual Appliance

Turn on the imported Email Gateway Virtual Appliance from Hyper-V manager or the SCVMM console.
Before you begin
If you installed your virtual machine on a different host to that running SCVMM, navigate to
the relevant Hyper-V host and open Hyper-V Manager.
Depending on the options selected during the creation of the virtual machine, you might
need to manually start the virtual machine. To manually start the virtual machine,
right-click the relevant virtual machine and select Start.

Installation Guide
33

Once the Email Gateway Virtual Appliance software has been installed within Hyper-V,
ensure the virtual machine is powered on before continuing with the installation process.
Task
1
Start Hyper-V Manager.
Make sure the virtual machine running the Email Gateway Virtual Appliance is running.
Select the virtual machine, and click Connect from within Actions.
The Virtual Machine Connection window is displayed.
From the Virtual Machine Connection window within Hyper-V Manager, follow the installation steps
detailed in Configure the Email Gateway Virtual Appliance.
See also
Configure the Email Gateway Virtual Appliance on page 36

You can install an Email Gateway Virtual Appliance onto a Microsoft Hyper-V virtual environment by
running a PowerShell script.
Before you begin
McAfee recommends that you configure the required virtual switches within your Hyper-V
host system before you install the virtual appliance.
Ensure that you have downloaded the installation files and have saved them to a location
you can reach from within your Hyper-V environment.
Task Run the Email Gateway Virtual Appliance installation

script
Run the PowerShell script file to create and set up the Email Gateway Virtual Appliance within your
Hyper-V environment without using SCVMM.
Before you begin
Ensure that you have downloaded and extracted the Email Gateway Virtual Appliance
installation package to a location you can reach from within your Hyper-V host.
Task
1
From the computer hosting your Hyper-V installation, browse to the folder containing the Email
Gateway Virtual Appliance installation files.
Right-click the HyperV_< build.number >.ps1 file and select Run with PowerShell.
If prompted with an Execution Policy Change dialog box, type Y to continue running the installation
script.
34
From the displayed dialog box, click Browse.
Select the folder into which the Email Gateway Virtual Appliance virtual hard disks are installed.
Select the required interfaces for LAN1, LAN2 and (if necessary) OOB.

Installation Guide

Click OK.
Type y and press Enter.
The installation takes several minutes as the separate drives are created. When the Email Gateway
Virtual Appliance drives have been created, a "deployment complete" message is displayed.
Task Install the Email Gateway Virtual Appliance in Hyper-V

without using SCVMM
Within the Hyper-V virtual machine, start the Email Gateway Virtual Appliance and install the software.
Task
1
From the computer hosting your Hyper-V installation, view the Virtual Machines.
Right-click the newly created virtual machine and select Start.

The Virtual Machine Connection window opens and displays the progress of the virtual machine.
From the Virtual Machine Connection window within Hyper-V Manager, follow the installation steps
detailed in Configure the Email Gateway Virtual Appliance.
See also
Configure the Email Gateway Virtual Appliance on page 36

Use this task to install McAfee Email Gateway Virtual Appliance onto a host computer running VMware
vSphere 4 or VMware vSphere Hypervisor (ESXi) 4.0.
Before you begin
Ensure that you have configured VMware vSphere to work with your chosen operational
mode.
Download the McAfee Email Gateway Virtual Appliance package from the McAfee
download site and extract it to a location where the VMware vSphere Client can see it.
Install a fully licensed copy of VMware vSphere 4 or VMware vSphere Hypervisor (ESXi)
4.
If you used the VMtrial product to test the software, you can save your VMtrial configuration and
restore it onto the virtual appliance when the installation is complete.
Task
1
Start the VMware vSphere Client application.
Log on to the VMware vSphere server, or the vCenter Server.
From the Inventory list, select the host or cluster onto which you want to import the virtual appliance
software.
Click File | Deploy OVF Template | Deploy From File, and click Browse to go to where downloaded the .OVA file.
Select McAfee-MEG-7.x-<build_number>.VMbuy.ova file, and click Open.
Click Next twice, and optionally type a new name.

Installation Guide
35

Select the resource pool that you want to use if you have any configured.
Select the datastore that you want to use, and click Next.
Select the virtual networks to which the virtual appliance NICs will be connected.
10 Define the size of the data storage disk to increase the space allocated for quarantined, deferred,
and logged items.
You cannot set a disk size smaller than the default 40GB.
11 Click Next, read the summary, then click Finish and wait for the import process to finish.

Use this task to configure the Email Gateway Virtual Appliance.
Before you begin
Ensure your virtual environment is installed and running correctly.
Task
1
Start the Email Gateway Virtual Appliance. The installation starts automatically.
Read the End-User License Agreement to continue with the installation, then click y to accept it and
start the installation.
At the installation menu, select a to perform a full installation and y to continue.
When the installation is complete, the Email Gateway Virtual Appliance restarts.
On the Welcome screen, choose the language that you want to use.
Accept the terms of the license agreement.
Configure the Email Gateway Virtual Appliance from the graphical configuration wizard.
Apply the configuration to the Email Gateway Virtual Appliance. Depending on the settings you
entered, it might restart. You can install the Email Gateway Virtual Appliance on more than one
virtual environment. To do so:
a
Follow the steps in this task on another virtual environment.
Return to the previously installed Email Gateway Virtual Appliance user interface.
Select System | System Administration | Configuration Push to send the configuration details to the
second Email Gateway Virtual Appliance.

Understand how to use the configuration console to set up your McAfee Email Gateway.
You can configure your McAfee Email Gateway either from the Configuration Console, or from the
Setup Wizard within the user interface.
36

Installation Guide

The Configuration Console launches automatically at the end of the startup sequence after either:
an unconfigured McAfee Email Gateway starts,
or an McAfee Email Gateway is reset to its factory defaults.
When launched, the Configuration Console provides you with options to either configure your device in
your preferred language from the McAfee Email Gateway console, or provides instructions for you to
connect to the Setup Wizard within the user interface from another computer on the same class C (/24)
subnet. Both methods provide you with the same options to configure your McAfee Email Gateway.
From the Configuration Console, you can configure a new installation of the appliance software. However, to
configure your appliance using a previously saved configuration file, you need to log onto the appliance
user interface, and run (System | Setup Wizard).
This version of the software also introduces automatic configuration using DHCP for the following
parameters:
Host name
DNS server
Domain name
Leased IP address
Default gateway
NTP server
Further information about each page of the Configuration Console and the Setup Wizard is available on
screen.
Performing a Standard Setup

Use this information to understand the purpose of the Standard Setup.
Standard Setup enables you to quickly set up your McAfee Email Gateway using the most common
options. Use this option to set up your device in transparent bridge mode, and configure it to protect
your network. The SMTP protocol is enabled by default. You can choose to enable scanning of POP3
traffic.
Choosing Standard Setup forces the device to run in transparent bridge mode.
For the Standard Setup, the wizard includes these pages:
Email Configuration
Basic Settings
Summary
Performing a Custom Setup

Use this information to understand the purpose of the custom setup.
Use the Custom Setup to give you greater control in the options that you can select, including the
operating mode for your device. You can choose to protect mail traffic using SMTP and POP3 protocols.
You should use this configuration option if you need to configure IPv6 and to make other changes to
the default configuration.
For the Custom Setup, the wizard includes these pages:
Email Configuration
DNS and Routing
Basic Settings
Time Settings

Installation Guide
37

Network Settings
Password
Cluster Management
Summary
Restoring from a file

Use this information to understand the purpose of restoring from a file
When configuring your device from the Setup Wizard within the user interface, using the Restore from a file
option enables you to import previously saved configuration information and apply it to your device.
After this information has been imported you can make changes before applying the configuration.
The Restore from a file option is not available from within the Configuration Console. To make use of this option,
you must log into the McAfee Email Gateway and select Restore from a file from the System | Setup Wizard
menu.
Once the configuration information has been imported, you are taken to the Custom Setup options within
the Setup Wizard (see Performing a custom setup.) All imported options are shown on the wizard pages,
giving you the opportunity to make any amendments before applying the configuration.
When using the Restore from a file option, the wizard includes these pages:
Import Config
Values to Restore
Once this information has been loaded, you are then taken to the Custom Setup pages, so that you can
make further changes before applying the new configuration:
Email Configuration
DNS and Routing
Basic Settings
Time Settings
Network Settings
Password
Cluster Management
Summary
ePolicy Orchestrator Managed Setup

Use this information to understand the purpose of the ePolicy Orchestrator Managed Setup.
McAfee ePolicy Orchestrator enables you to manage all your McAfee software and hardware
appliances from a single management console.
Use the ePolicy Orchestrator Managed Setup to set up your device so that it can be managed by yourMcAfee
ePolicy Orchestrator server.
Only minimal information is needed, as the device will get most of its configuration information from
your McAfee ePolicy Orchestrator server.
38

Installation Guide

Settings for ePolicy Orchestrator Management

Select ePolicy Orchestrator Managed Setup within the Setup Wizard to configure your appliance for
management by McAfee ePolicy Orchestrator.
Option
Definition
ePO Extensions Download the McAfee ePolicy Orchestrator extensions for McAfee Gateway products,
including McAfee Email Gateway.
The file MEGv7.x_ePOextensions.zip contains both the EWG and the MEG McAfee
ePolicy Orchestrator extensions.
The EWG extension allows reporting from within McAfee ePolicy Orchestrator for the
following products:
McAfee Email and Web Security appliances
McAfee Web Gateway appliances
McAfee Email Gateway appliances
The MEG Extension provides full McAfee ePolicy Orchestrator management for McAfee
Email Gateway versions 7.0 onwards.
For you to use McAfee ePolicy Orchestrator for either reporting or management, the
McAfee ePolicy Orchestrator Extensions need to be installed on your McAfee ePolicy
Orchestrator server.
ePO Help
Extensions
Download the McAfee ePolicy Orchestrator help extensions.

The file MEGv7.x_ePOhelpextensions.zip contains the online help information for the
above McAfee ePolicy Orchestrator Extensions.
This file installs the help extensions relating to the McAfee ePolicy Orchestrator
extensions for McAfee Email and Web Gateway and McAfee Email Gateway appliances
onto your McAfee ePolicy Orchestratorserver.
Import ePO
connection
settings
Click to browse to the McAfee ePolicy Orchestrator connection settings file, to import
the McAfee ePolicy Orchestrator connection information into the appliance.
Task Configure the appliance to work with ePolicy Orchestrator

Use this task to set up the appliance to be managed by ePolicy Orchestrator:
1
From your McAfee Email Gateway, on Settings for ePO Management, select ePO Extensions and click Save to
download the extension file.
From your McAfee Email Gateway, on Settings for ePO Management, select ePO Help Extensions and click Save
to download the help extension file.
On your McAfee ePolicy Orchestrator server, install these extensions using Menu | Software | Extensions
| Install Extensions.
On the McAfee ePolicy Orchestrator server, save the connections settings from Menu | Gateway
Protection | Email and Web Gateway | Actions | Export Connection Settings.

Installation Guide
39

On the McAfee Email Gateway, return to the Settings for ePO Management page in the Setup Wizard, and
click Import ePO connection settings. Browse to the McAfee ePolicy Orchestrator connections settings file.
Click Next to continue to the Basic Settings page in the Setup Wizard.
Encryption Only Setup

Use this information to understand the purpose of the Encryption Only setup options.
For small-to-medium sized organizations, it is often sufficient to use the same McAfee Email Gateway
to carry out your email scanning tasks and also your email encryption tasks.
However, if you are part of a larger organization, or you work in an industry that requires that all, or a
high percentage, of your email messages must be delivered in a secure way, then you may want to
configure one or more of your McAfee Email Gateway appliances as stand-alone Encryption-only
servers.
In this situation, the Encryption Only Setup options within the Setup Wizard provide you with the relevant
settings needed for Encryption only use.

Depending on your specific network configuration and levels of email traffic, you might be able to
improve the performance of your Email Gateway Virtual Appliance.
Tasks
Task Improve performance on VMware vSphere on page 41

Use this task to potentially improve system performance in VMware vSphere environments
by changing the default hard disk, network adapter, memory, and CPU settings.
Task Improve performance on Hyper-V

You can potentially improve system performance in Hyper-V environments by changing the default
hard disk, memory, and CPU settings.
Task
1
To edit the hard disk settings:

a
Check that the virtual machine is shut down.
In the Inventory list, right-click virtual appliance, and click Edit Settings. In the Virtual Machine Properties
dialog box, three hard disks are available to the virtual appliance:
Hard disk 1 holds the virtual appliance installation files, and must not be removed or
changed.
Hard disk 2 is the main hard disk used by the virtual appliance. You can increase its size but
McAfee recommends that you do not reduce it.
Hard disk 3 holds the temporary swap space of the virtual appliance.
Putting the second and third hard disks on two separate datastores can potentially improve
performance.
After the appliance is installed, the disk size cannot be changed.
40

Installation Guide

To edit the memory and virtual CPU settings:
Right-click the virtual appliance in the list of Virtual Machines, and click Settings.
In the relevant areas of the Settings dialog box, change the settings as necessary.
McAfee recommends that you do not reduce the settings to less than the default settings or the
recommended virtual appliance system requirements.
Task Improve performance on VMware vSphere

Use this task to potentially improve system performance in VMware vSphere environments by
changing the default hard disk, network adapter, memory, and CPU settings.
Task
1
To edit the hard disk settings:

a
Right-click the virtual appliance in the Inventory list, and click Edit Settings.
In the Virtual Machine Properties dialog box, there are three hard disks available to the
virtual appliance:
Hard disk 1 holds the virtual appliance installation files, and must not be removed or
changed.
Hard disk 2 is the main hard disk used by the virtual appliance. You can increase its size but
McAfee recommends that you do not reduce it.
Hard disk 3 will hold the temporary swap space of the virtual appliance.
Putting the second and third hard disks on two separate datastores can potentially improve
performance.
To edit the memory and virtual CPU settings:
Right-click the virtual appliance in the Inventory list, and click Edit Settings.
In the Virtual Machine Properties dialog box, change the settings as necessary.
McAfee recommends that you do not reduce the settings to less than the default settings or the
recommended virtual appliance system requirements.
After the appliance is installed, the disk size cannot be changed.

Installation Guide
41

42

Installation Guide
This section describes the Dashboard page, and how to edit its preferences.
The Dashboard
The Dashboard provides a summary of the activity of the appliance.
Dashboard
On a cluster master appliance, use this page also to see a summary of activity on the cluster of
appliances.
Benefits of using the Dashboard

The Dashboard provides a single location for you to view summaries of the activities of the appliance
through a series of portlets.
Figure 4-1 Dashboard portlets
Some portlets display graphs that show appliance activity over the following periods of time:

Installation Guide
43

The Dashboard
1 hour
2 weeks
1 day (the default)
4 weeks
1 week
Within the Dashboard, you can make some changes to the information and graphs displayed:
Expand and collapse the portlet data using the

corner.
Drill down to specific data using the
See a status indicator that shows whether the item needs attention:
and
and
buttons in the portlet's top right-hand
buttons.
Healthy The reported items are functioning normally.

Requires Attention A warning threshold has been exceeded.
Requires Immediate Attention A critical threshold has been exceeded.
Disabled A service is not enabled.
Use
and
to zoom in and zoom out of a timeline of information. There is a short delay while
the view is updated. By default, the Dashboard shows data relating to the previous one day.
Move a portlet to another location on the Dashboard.
Double-click the top bar of a portlet to expand it across the top of the Dashboard.
Set your own alert and warning thresholds to trigger events. To do so, highlight the item and click
it, edit the alert and warning threshold fields, and click Save. When the item exceeds the threshold
you set, an event is triggered.
Depending on the browser used to view the McAfee Email Gateway user interface, the Dashboard
"remembers" the current state of each portlet (whether it is expanded or collapsed, and if you have
drilled down to view specific data), and attempts to re-create that view if you navigate to another page
within the user interface and then return to the Dashboard within the same browsing session.
Dashboard portlets
The McAfee Email Gateway Dashboard portlets provide information about the state of email traffic,
recent detections and the current status of your McAfee Email Gateway.
44
Option
Definition
Inbound Mail
Summary
Displays the delivery and status information about messages sent to your
organization.
Outbound Mail
Summary
Displays the delivery and status information about messages sent from your
organization.
SMTP Detections
Displays the total number of messages that triggered a detection based on the
sender or connection, the recipient, or the content, and to view data specific to
either inbound or outbound SMTP traffic.
POP3 Detections
Displays how many messages triggered a detection based on threats such as

viruses, packers, or potentially inappropriate images.
System Summary
Displays information about load balancing, the disk space used for each partition,
total CPU usage, used and available memory, and swap details.

Installation Guide

The Dashboard
Option
Definition
Hardware Summary
Status indicators to show the status of network interfaces, UPS servers, bridge
mode (if enabled), and RAID status.
Network Summary
Provides information about the status of your connections, network throughput

and counters relating to Kernel Mode Blocking
Services
Displays update and service status statistics based on protocol and external
servers used by the appliance.
Clustering
Provides information about the entire cluster when appliance is part of a cluster or
you are using the blade server hardware.
Tasks
Links directly to the areas of the user interface that search the message queue,
view reports, manage policies, configure mail protocol settings and network and
system settings, and access troubleshooting features.

Installation Guide
45

The Dashboard
46

Installation Guide
This information describes how to test that the appliance is functioning correctly after installation.
Contents
Task
Task
Task
Task
Test connectivity
Update the DAT files
Test mail traffic and virus detection
Test spam detection
Task Test connectivity

Use this task to confirm basic connectivity.
The McAfee Email Gateway checks that it can communicate with the gateway, update servers and DNS
servers. It also confirms that the appliance name and domain name are valid.
Task
1
From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from the
Tasks area.
Click the Tests tab.
Click Start Tests.
Each test should return positively.
Task Update the DAT files

Use this task to ensure that the McAfee Email Gateway has the most up-to-date detection definition
(DAT) files. We recommend updating them before you configure the scanning options.
As you progress using the McAfee Email Gateway, you can choose to update individual types of
definition file and change the default scheduled updates to suit your requirements.
Task
1
Select System | Component Management | Update Status .
To update the anti-virus engine and anti-virus database, click Update Now.
To check that the update applied correctly, open the Services portlet in the Dashboard, and expand
the Updates status. The Anti-virus components will have a green status.

Installation Guide
47

Task Test mail traffic and virus detection
Task Test mail traffic and virus detection

Use this task to test that mail traffic is passing successfully through the McAfee Email Gateway and
that threats are correctly identified. We use the EICAR test file, a harmless file that triggers a virus
detection.
Task
1
Send an email message from an outside email account (such as Hotmail) to an internal mailbox
and confirm that it arrived.
On the Dashboard, look at the Detections areas. The listing for the protocol you used to send the
message should show that a message was received.
Copy the following line into a file, making sure you do not include any spaces or line breaks:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file with the name EICAR.COM.

Depending on your local anti-virus software and configuration, this could cause a detection and
quarantine on your local machine.
From an external email account (SMTP client), create a message that contains the EICAR.COM file
as an attachment and send the message to an internal mailbox.
Return to the Dashboard and look at the Detections areas. You should see that a virus was
detected.
Delete the message when you finish testing your installation, to avoid alarming unsuspecting users.
Task Test spam detection

Use this task to run a General Test mail for Unsolicited Bulk Email (GTUBE) to verify that the McAfee
Email Gateway is detecting incoming spam.
Task
1
From an external email account (SMTP client), create a new email message.
In the body of the message, copy the following text:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
Make sure that you type this line with no line breaks.
Send the new email message to an internal mailbox address.

The device scans the message, recognizes it as a junk email message, and deals with it
accordingly. The GTUBE overrides blacklists and whitelists.
For more information about the GTUBE, visit http://spamassassin.apache.org/tests.html.
48

Installation Guide
This information contains tasks to demonstrate the McAfee Email Gateway scanning features in action.
It provides step-by-step instructions to create and test some sample policies and tells you how to
generate applicable reports.
Introduction to policies
The appliance uses policies which describe the actions that the appliance must take against threats
such as viruses, spam, unwanted files, and the loss of confidential information.
Email | Email Policies
Figure 6-1 Email Policies
Policies are collections of rules or settings that can be applied to specific types of traffic or to groups of
users.

Installation Guide
49

Encryption
The Encryption pages enable you to set up McAfee Email Gateway to use the supported encryption
methods to securely deliver your email messages.
Email | Encryption
The McAfee Email Gateway includes several encryption methodologies, and can be set up to provide
encryption services to the other scanning features, or can be set up as an encryption-only server used
just to encrypt email messages.
Task Encrypt all email traffic to a specific customer

A common use of the encryption features is to configure a policy to use encryption for email messages
going to a specific customer.
This group of tasks show how to configure your McAfee Email Gateway so that all email messages
being sent to s specific customer are sent using encryption.
Task Create a new scanning policy

Learn how to create a new scanning policy.
Your appliance uses the policies you create to scan the email messages sent through the appliance.
You can create multiple policies to control the way different users use email, or to specify different
actions based on specific circumstances.
Task
1
Select Email | Email Policies | Scanning Policies.
Select the required protocol using steps in Task View policies for SMTP, POP3 or McAfee Secure
Web Mail.
Click Add policy.
In the Scanning Policies New Policy page, enter the following information:
a
Name for the policy.
Write an optional description for the new policy.
Specify where the new policy inherits its settings from.

If you have a similar policy already set up, select this to allow its settings to be inherited by the
new policy.
Choose if the policy is to apply to inbound or outbound email traffic. (SMTP only)
Select the required Match logic for the policy.
Select the type of rule, how it should match, and the value that the rule tests against.
If required, add additional rules, and use the
and
buttons to correctly order the rules.
Click OK.
The new policy is added to the top of the list of policies.
50

Installation Guide

Task Configure the encryption settings

Configure your McAfee Email Gateway to use encryption.
Task
1
Select Email | Encryption | Secure Web Mail | Basic Settings.
Select Enable the Secure Web Mail Client.
Select Email | Encryption | Secure Web Mail | User Account Settings.

Recipients are automatically enrolled, and receive a digitally signed notification in HTML format. The
administrator chooses whether to do push and/or pull encryption.
Select Email | Encryption | Secure Web Mail | Password Management.

The minimum password length is eight characters. The password expires after 365 days.
Task Enable Encryption for messages matching a compliance rule

Enable the required encryption features on your McAfee Email Gateway for messages that match a
compliance rule.
In this example, email messages that match the HIPAA Compliance rules will be encrypted.
Task
1
Select Email | Email Policies | Compliance.
Click Enable compliance, and select Create new rule from template.
Search for the HIPAA Compliance rule and select it.
Click Next to progress through the wizard.
Select the primary action to Allow Through (Monitor).
In And also, select Deliver message using encryption.
Click Finish, and click OK to close the dialog box.
Select Email | Email Policies | Policy Options | Encryption.
In When to Encrypt, select Only when triggered from a scanner action.
10 In On-box Encryption Options, select Secure Web Mail, and click OK.
11 Apply the changes.
Task Identify quarantined email messages

Use this task to discover which email messages have been quarantined by your McAfee Email Gateway
Appliance.
To view a list of all messages that have been quarantined:
Task
1
Click Reports | Message Search.
Select Quarantined from the Message status drop-down list.
Click Search/Refresh.
All messages that have been quarantined are displayed in the lower part of the page.

Installation Guide
51

Task Refine the search

You can further refine your search for quarantined email messages to show only those that have been
quarantined due to specific triggers. In this example, to find those email messages quarantined due to
compliance issues:
Task
1
Complete the steps in Task Find out which email messages are quarantined.
Select Compliance from the Category drop-down list.
Click Search/Refresh.
The lower part of the screen is refreshed to show only the messages that have been quarantined due
to compliance issues.
Task View a specific email message

You can view the content of a quarantined email message.
Task
1
Complete the steps in Task Refine the search.
Select the relevant quarantined message using the checkbox to the left of the page.
Click View Message.
The selected message is displayed in a new window. From this window, you can view the content of
the email message. You can also choose to view the detailed email header information. After you have
viewed the message, by clicking the relevant buttons, you can choose further actions to perform on
the email message.
Task Release a quarantined email message

After viewing the email message that has been quarantined, you may want to release the message
from Quarantine. This task allows you to do this.
To release a selected message from quarantine:
Task
1
Complete the steps in Task View a specific email message.
Click Release Selected.
The selected email message is released from quarantine.

Email messages that contain viral content cannot be released from quarantine, as to do so would risk
causing damage to your systems.
Compliance Settings
Use this page to create and manage compliance rules.
Email | Email Policies | Compliance | Compliance
52

Installation Guide

Benefits of the compliance settings

Use compliance scanning to assist with conformance to regulatory compliance and corporate operating
compliance. You can choose from a library of predefined compliance rules, or create your own rules
and dictionaries specific to your organization.
Compliance rules can vary in complexity from a straightforward trigger when an individual term within
a dictionary is detected, to building on and combining score-based dictionaries which will only trigger
when a certain threshold is reached. Using the advanced features of compliance rules, dictionaries can
be combined using logical operations of any of, all of, or except.
Task Restrict the score contribution of a dictionary term

Use this task to restrict the score contribution of a dictionary term.
Before you begin
This task assumes that your rule includes a dictionary which triggers the action based on a
threshold score, such as the Compensation and Benefits dictionary.
You can restrict how many times a term can contribute to the overall score.
For example, if testterm within a dictionary has a score of 10 and is seen five times within an email,
it will add 50 to the overall score. Alternatively you can restrict this, for example to contribute only
twice by setting Maximum term count to 2.
Task
1
Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose score
you want to change.
In Maximum term count, type the maximum number of times that you want a term to contribute to the
score.
Task Edit the threshold associated with an existing rule

Use this task to edit the threshold associated with an existing rule.
Before you begin
This task assumes that your rule includes a dictionary which triggers the action based on a
threshold, such as the Compensation and Benefits dictionary.
Task
1
Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose score
you want to change.
In dictionary threshold, type the score on which you want the rule to trigger, and click OK.
Task Create a rule to monitor or block at a threshold

For score-based dictionaries you might want to monitor triggers that reach a low threshold, and only
block the email when a high threshold is achieved.

Installation Guide
53

Task
1
Click Create new rule, type a name for it such as Discontent - Low, and click Next.
Select the Discontent dictionary, and in Threshold, type 20.
Click Next, and Next again.
In If the compliance rule is triggered, accept the default action.
Click Finish.
Repeat steps 2 through 4 to create another new rule but name it Discontent - High and assign it
a threshold of 40.
In If the compliance rule is triggered, select Deny connection (Block).
Click Finish.
10 Click OK and apply the changes.
Task Add a dictionary to a rule

Use this task to add a new dictionary to an existing rule.
Task
1
Expand the rule that you want to edit.
Select Add dictionaries.
Select the new dictionary that you want to include, and click OK.
Task Create a complex custom rule

Use this task to create a complex rule that triggers when both Dictionary A and Dictionary B are
detected, except when Dictionary C is also detected.
Task
54
Select Email | Email Policies | Scanning Policies and select Compliance.
In the Default Compliance Settings dialog box, click Yes to enable the policy.
Click Create new rule to open the Rule Creation Wizard.
Type a name for the rule, and click Next.
Select two dictionaries to include in the rule, and click Next.
Select a dictionary that you want to exclude from the rule in the exclusion list.
Select the action that you want to take place if the rule triggers.
From the And conditionally drop-down list, select All, and click Finish.

Installation Guide

Task Create a simple custom rule

Use this task to create a simple custom rule that blocks messages that contain social security
numbers.
Task
1
Click Create new rule to open the Rule Creation Wizard.
Type a name for the rule, and click Next.
In the Search field, type social.
Select the Social Security Number dictionary, and click Next twice.
Select the Deny connection (Block) action, and click Finish.
Task Block messages that violate a policy

Use this to task to block messages that violate a threatening language policy.
Task
1
Click Create new rule from template to open the Rule Creation Wizard.
Select the Acceptable Use - Threatening Language policy, and click Next.
Optionally change the name of the rule, and click Next.
Change the primary action to Deny connection (Block), and click Finish.
Click OK and apply the changes.
Data Loss Prevention settings

Use this page to create a policy that assigns data loss prevention actions against the registered
document categories.
Email | Email Policies | Compliance | Data Loss Prevention
Benefits of using Data Loss Prevention (DLP)

You can choose to restrict the flow of sensitive information sent in email messages by SMTP through
the appliance using the Data Loss Prevention feature. For example, by blocking the transmission of a
sensitive document such as a financial report that is to be sent outside of your organization. Detection
occurs whether the original document is sent as an email attachment, or even as just a section of text
taken from the original document.
Configuring DLP takes place in two phases:

Installation Guide
55

Registering the documents that you want to protect
Setting the DLP policy to action, and control the detection (this topic)
If an uploaded registered document contains embedded documents, their content is also fingerprinted
so the combined content is used when calculating the percentage match at scan time. To have
embedded documents treated individually, they must be registered separately.
Task Prevent a sensitive document from being leaked

Use this task to block sensitive financial documents from being sent outside your organization.
Before you begin
This example assumes that you have already created a Finance category.
Task
1
Select Email | Email Policies | Compliance | Data Loss Prevention.
In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.
Click Create new rule, select the Finance category, and click OK to have the category appear in the Rules
list.
Select the action associated with the category, change the primary action to Deny connection (Block),
and click OK.
Click OK again, and apply the changes.
Task Block a section of the document

Use this task to block just a small section of the document from being sent outside your organization.
Task
1
Enable the consecutive signatures setting, and type the number of consecutive signatures against
which the DLP policy will trigger a detection. The level is set to 10 by default.
Click Create new rule, select the Finance category, and click OK to have the category appear in the
Rules list.
Select the action associated with the category, change the primary action to Deny connection (Block),
and click OK.
Task Exclude a specific document for a policy

Use this task to prevent a specific financial document from triggering the DLP policy settings.
Task
56

Installation Guide

Click Create document exclusion, select the document you want to ignore for this policy, and click OK.

Installation Guide
57

58

Installation Guide
This information gives some best practice tips and some advanced configuration options.
Contents
Task
Task
Task
Task
Task
Upgrading to the latest version of Email Gateway Virtual Appliance (Hyper-V)

Upgrading to the latest version of Email Gateway Virtual Appliance (VMware)
Change the default Power Off and Reset actions (VMware)
Configure the shutdown and restart option (Hyper-V)
Configure the shutdown and restart option (VMware)
Task Upgrading to the latest version of Email Gateway

Virtual Appliance (Hyper-V)
Use this task to upgrade to the latest version of Email Gateway Virtual Appliance from version 7.6.4.1
(or later) using the software .iso image.
Before you begin
Hyper-V compatibility for Email Gateway Virtual Appliance was introduced with version
7.6.4.1. Versions of Email Gateway Virtual Appliance before this cannot be run from within
Hyper-V environments.
You must have Email Gateway Virtual Appliance version 7.6.4.1 (or later) already installed
and configured within your Hyper-V environment.
After an operating system is installed on a virtual appliance, the virtual machine always starts from
the hard disk first. To work around this feature, you have to shut down the virtual machine and
configure a power-on-boot delay so that you have enough time to access the Boot menu and tell it to
start from the installation CD instead.
Task
1
Download the latest version of the Email Gateway Virtual Appliance .iso upgrade file from the
McAfee download site and extract it.
Shut down the virtual appliance.
Log on to the virtual appliance user interface and select System | System Administration | System
Commands.
Enter the password.
Select Shutdown Appliance.
Log on to Hyper-V host.

Installation Guide
59

Task Upgrading to the latest version of Email Gateway Virtual Appliance (VMware)
Enable a Power-on-Boot delay to get enough time to force the virtual machine to boot from CD:
a
Select the virtual appliance in the Inventory list and click Summary.
Select Edit Settings | Options | Boot Options.
In Power-on-Boot delay, type 10,000 in the text box, and click OK.
Turn on the virtual appliance.
Make sure the cursor focus is on the Virtual Appliance console. Then press the ESC key to open the
Boot Menu.
Do not select any options yet.
Release the cursor from the console and select Connect CD/DVD1.
Browse to the folder where you downloaded the Email Gateway Virtual Appliance .iso file and
double-click <McAfee-MEG <version.number >-<build-number>.VMbuy.iso>.
When the .iso file is connected, click back on to the console screen. Select CD-ROM Drive and press
the ENTER key.
10 The virtual appliance starts from the .iso file.

11 Press y to agree to the terms of the license agreement.
12 Select the upgrade option that you want, and press the ENTER key to perform the upgrade.
13 Type y to confirm that you want to continue.
Task Upgrading to the latest version of Email Gateway

Virtual Appliance (VMware)
Use this task to upgrade to the latest version of Email Gateway Virtual Appliance from version 7.0.2
(or later) using the software .iso image.
Before you begin
You must have Email Gateway Virtual Appliance version 7.0.2 (or later) already installed
and configured.
After an operating system is installed on a virtual appliance, the virtual machine always starts from
the hard disk first. To work around this feature, you have to shut down the virtual machine and
configure a power-on-boot delay so that you have enough time to access the Boot menu and tell it to
start from the installation CD instead.
Task
60
Download the latest version of the Email Gateway Virtual Appliance .iso upgrade file from the
McAfee download site and extract it.
Shut down the virtual appliance.

a
Log on to the virtual appliance user interface and select System | System Administration | System
Commands.
Enter the password.
Select Shutdown Appliance.

Installation Guide

Task Change the default Power Off and Reset actions (VMware)
Log on to VMware ESX Server, or use the VMware Infrastructure Client or the VMware vSphere
Client to log on to VMware Virtual Center Server.
Enable a Power-on-Boot delay to get enough time to force the virtual machine to boot from CD:
a
Select the virtual appliance in the Inventory list and click Summary.
Select Edit Settings | Options | Boot Options.
In Power-on-Boot delay, type 10,000 in the text box, and click OK.
Turn on the virtual appliance.
Make sure the cursor focus is on the Virtual Appliance console. Then press the ESC key to open the
Boot Menu.
Do not select any options yet.
Release the cursor from the console and select Connect CD/DVD1.
Browse to the folder where you downloaded the Email Gateway Virtual Appliance .iso file and
double-click <McAfee-MEG 7.x-<build-number>.VMbuy.iso>.
When the .iso file is connected, click back on to the console screen. Select CD-ROM Drive and press
the ENTER key.
10 The virtual appliance starts from the .iso file.

11 Press y to agree to the terms of the license agreement.
12 Select the upgrade option that you want, and press the ENTER key to perform the upgrade.
13 Type y to confirm that you want to continue.
Task Change the default Power Off and Reset actions

(VMware)
Use this task to change the Power Off and Reset actions in VMware vSphere so the Email Gateway Virtual
Appliance can shut down without corrupting the virtual machine file system.
Task
1
Within VMware vSphere Client, right-click the Email Gateway Virtual Appliance and select Edit Settings.
Select the Options tab and select VMware Tools.
Set the option next to the red square to Shut Down Guest.
Next to the Reset icon (red and green arrow), set the option to Restart Guest.

Installation Guide
61

Task Configure the shutdown and restart option (Hyper-V)
Task Configure the shutdown and restart option (Hyper-V)

Use this task to configure the Email Gateway Virtual Appliance to shut down automatically and restart
if you restart Hyper-V.
Task
1
Open Hyper-V Manager and select the relevant Hyper-V host.
Right-click the Email Gateway Virtual Appliance and select Settings.
On the left side of the dialog box, scroll down to Management.
Select Automatic Start Action.
Make sure that Automatically start if it was running when the service stopped is selected.
Optionally, specify an Automatic start delay.
Click OK to save the changes to the Settings for the selected Email Gateway Virtual Appliance.
Task Configure the shutdown and restart option (VMware)

Use this task to configure the Email Gateway Virtual Appliance to shut down automatically and restart
if you restart VMware vSphere.
Task
1
Select the vSphere Host and click the Configuration tab.
Select Virtual Machine Startup/Shutdown in the Software box, click Properties, and do the following:
Enable the Allow virtual machines to start and stop automatically with the system option.
Change the Shutdown Action to Guest Shutdown.
Select the Email Gateway Virtual Appliance in the list and click Move Up until it appears as the first
item in the list.
Click Edit.
In Virtual Machine Autostart Settings, within the Shutdown Settings box, select the Use specified settings option
and choose Guest Shutdown next to Perform shutdown action.
Click OK twice to shut down the configuration screen.
The virtual appliance now appears in the list underneath the Automatic Startup heading and the value in
the Shutdown column is Shut down guest.
62

Installation Guide
Index
A
about this guide 5
B
benefits of data loss prevention 55
benefits of DLP 55
C
cluster configuration
statistics 43
compliance 52
Compliance
benefits of 53
scanning for 53
configuration
Hyper-V 24
configuration change messages 43
Configuration console 36
configure the virtual appliance 36
configure virtual network switches 24
conventions and icons used in this guide 5
Custom setup wizard 37
D
Dashboard 43
data loss prevention
benefits 55
data loss prevention (DLP) 55
demilitarized zone
SMTP configuration 17
demilitarized zone (DMZ) 16
detections
rates and statistics 43
DHCP 36
dictionaries
adding to policies 52
editing scores and terms 52
DLP
benefits 55
DLP (data loss prevention) 55
DMZ 16
SMTP configuration 17
documentation
audience for this guide 5
product-specific, finding 7
typographical conventions and icons 5
download package 9
E
Email Gateway
package contents 9
power on 33
email policies
compliance 52
email queues 43
email status 43
encryption 50
ePolicy Orchestrator Management setup 39
explicit proxy mode 12
F
firewall rules
G
graphs
email and network statistics 43
H
Hyper-V configuration 24
Hyper-V template
import 32
I
import Hyper-V template 32
improve performance 41
installation
best practices 24
configure the virtual appliance 36
improve performance 41
installing ePolicy Orchestrator extensions 39
on VMware vSphere 35
process overview 23

Installation Guide
63
Index
installation options
convert from VMtrial 30
custom setup 37
standard setup 37
M
mail gateway
with a DMZ 17
mail relay
in a DMZ 17
McAfee Global Threat Intelligence 43
McAfee ServicePortal, accessing 7
N
network modes
installation best practices 24
introduction 11
transparent bridge mode 14
transparent router mode 15
network status 43
O
operating modes
P
performance
improve 41
platforms
virtual 9
policies
introduction to 49
status 43
power on Email Gateway on Hyper-V 33
ServicePortal, finding product documentation 7

Setup wizard
custom 37
standard 37
Standard setup wizard 37
statistics
Dashboard 43
system requirements 18
T
technical support, finding product information 7
threat feedback 43
system requirements 18
transparent modes
V
virtual appliance
initial configuration 36
virtual hard disk files
importing 31
importing virtual hard disk files 31
virtual network switches
configure 24
virtual platforms 9
VMtrial
convert to virtual appliance 30
VMware vSphere
installation steps 35
W
warning messages
Dashboard 43
web policies
compliance 52
S
Scanning
for compliance 53
64

Installation Guide
C00

Meg 76400 Vaig c00 En-Us

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Meg 76400 Vaig c00 En-Us

Încărcat de

Drepturi de autor:

Formate disponibile

Installation Guide

McAfee Email Gateway 7.6.400 Virtual

McAfee Email Gateway 7.6.400 Virtual Appliances

About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Introduction to the McAfee Email Gateway Virtual Appliance

What you get in the download package . . . . . . . . . . . . . . . . . . . . . . . . .

Installing the McAfee Email Gateway Virtual Appliance

Overview of the Email Gateway Virtual Appliance installation process . . . . . . . . . . . .

McAfee Email Gateway 7.6.400 Virtual Appliances

ePolicy Orchestrator Managed Setup . . . . . . . . . . . . . . . . . . . . . . .

A tour of the Dashboard

Testing the configuration

Exploring the appliance features

Data Loss Prevention settings . . . . . . . . . . . . . . . . . . . . . . . . .

Additional Configuration Options

Upgrading to the latest version of Email Gateway Virtual Appliance (Hyper-V)

McAfee Email Gateway 7.6.400 Virtual Appliances

About this guide

Title of a book, chapter, or topic; a new term; emphasis.

Text that is strongly emphasized.

User input, code,

A link to a topic or to an external website.

McAfee Email Gateway 7.6.400 Virtual Appliances

Other servers (such as

User or client computer

Network zone (DMZ or

Actual data path

Perceived data path

Definition of terms used in this guide

A computer host or small network inserted as a buffer between a private

A collection of security criteria, such as configuration settings, benchmarks, and

McAfee Email Gateway 7.6.400 Virtual Appliances

How to use this guide

Plan and perform your installation.

Become familiar with the interface.

Test that the product functions correctly.

Apply the latest detection definition files.

Troubleshoot basic issues.

Find product documentation

Go to the Knowledge Center tab of the McAfee ServicePortal at http://support.mcafee.com.

In the Knowledge Base pane, click a content source:

Product Documentation to find user documentation

Technical Articles to find KnowledgeBase articles

Select Do not clear my filters.

McAfee Email Gateway 7.6.400 Virtual Appliances

McAfee Email Gateway 7.6.400 Virtual Appliances

Introduction to the McAfee Email

VMware vSphere 4.x or higher

VMware vSphere Hypervisor (ESXi) 4.x or higher

Microsoft Hyper-V installations running on:

Microsoft Windows 8 Pro

Microsoft Windows 8.1 Enterprise

Microsoft Windows 8 Enterprise

Microsoft Windows Server 2012

Microsoft Windows 8.1 Pro

Microsoft Windows Server 2012 R2

What you get in the download package

McAfee Email Gateway 7.6.400 Virtual Appliances

Introduction to the McAfee Email Gateway Virtual Appliance

McAfee Email Gateway 7.6.400 Virtual Appliances

Considerations about network modes

McAfee Email Gateway 7.6.400 Virtual Appliances

You can choose from the following network modes: