Summary of Contents for McAfee MSA-3400-SWGI - Web Security Appliance 3400
Page 1
McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 2
SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
Introducing McAfee Email and Web Security Appliances ® This guide provides the necessary information for installing the McAfee Email and Web Security Appliance 5.5. It provides steps and verification of the installation process. This guide demonstrates how to configure Email and Web Security software and when completed the user will have a fully functional appliance.
Page 7
Reputation Service check, the appliance is set to close the connection and deny the message. The sender's IP address is added to a list of blocked connections and is automatically blocked in future at the kernel level. McAfee Email and Web Security Appliance 5.5 Installation Guide...
(SMTP, POP3, FTP, HTTP, and ICAP), maintenance, and monitoring. You will need your Grant ID number. Online help Product interface. Includes information about basic concepts, policies, protocols (SMTP, McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 9
Introducing McAfee Email and Web Security Appliances Available resources POP3, FTP, HTTP, and ICAP), maintenance, and monitoring. McAfee Email and Web Security Appliance 5.5 Installation Guide...
If an item is missing or damaged, contact your supplier. Pre-installation Plan the installation Before unpacking your blade server, it is important to plan the installation and deployment. Consider the following: McAfee Email and Web Security Appliance 5.5 Installation Guide...
Install the appliance so that you can control physical access to the unit and access the ports and connections. A rack-mounting kit is supplied with the appliance, allowing you to install the appliance in a 19-inch rack — see Mounting the appliance in a rack. McAfee Email and Web Security Appliance 5.5 Installation Guide...
If you are still unsure about the mode to use after reading this and the following sections, consult your network expert. CAUTION: If you plan on deploying one or more scanning blades running McAfee Web Gateway (formally WebWasher) software, you must configure your blade server in Explicit Proxy mode. Architectural considerations about network modes The main considerations regarding the network modes are: •...
Devices on one side of the bridge (such as a router) that communicate with devices on the other side of the bridge (such as a firewall) are unaware of the bridge. They are unaware that McAfee Email and Web Security Appliance 5.5 Installation Guide...
(the devices connected to its LAN1 and LAN2 ports). For example, you might need to make the device your default gateway. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Explicit proxy mode is best suited to networks where client devices connect to the device through a single upstream and downstream device. TIP: This might not be the best option if several network devices must be reconfigured to send traffic to the device. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 16
Where to place the device Configure the network devices so that traffic needing to be scanned is sent to the device. This is more important than the location of the device. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Hackers often gain access to networks by identifying the TCP/UDP ports on which applications are listening for requests, then exploiting known vulnerabilities in applications. Firewalls dramatically reduce the risk of such exploits by controlling access to specific ports on specific servers. McAfee Email and Web Security Appliance 5.5 Installation Guide...
To overcome this, they often use a proprietary ® ® mail gateway, such as Lotus Notes or Microsoft Exchange, to encrypt the mail traffic before it reaches the internal network. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 19
• SMTP requests originating from the device and destined for the Internet. All other SMTP and TCP port 1352 requests are denied. Firewall rules specific to Microsoft Exchange A Microsoft Exchange-based mail system requires a significant workaround. McAfee Email and Web Security Appliance 5.5 Installation Guide...
The blade server includes its own internal workload management, distributing the scanning load evenly between all scanning blades installed within the enclosure. You do not need to deploy an external load balancer. Pre-installation McAfee Email and Web Security Appliance 5.5 Installation Guide...
Connecting and configuring the appliance McAfee recommends that you consider installing the appliance in the following order: Unpack the appliance and confirm no parts are missing (check against parts lists in the box) Rack-mount the appliance. Connect the peripherals and power (monitor, keyboard).
Use the CD-ROM drive only when restoring, upgrading, or diagnosing system faults on the drive appliance. System System status LED status • Lights — during normal use. and hard • disk drive Flashes — when the System Identification ( ) button is pressed. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 24
Power Use the correct power cord for your location. socket NOTE: 3300 and 3400 appliances only — McAfee recommends you connect both power supplies. System The system identification buttons on the front and back panels help you locate the appliance identification within a rack.
Connect Keyboard, Mouse and Out of Band Management adapter (if required). Connectors Physically installing the appliance Use this task to physically install the appliance. Task Remove the appliance from the protective packaging and place it on a flat surface. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Using the LAN1 and LAN2 switch connections and the supplied network cables (or equivalent Cat 5e or Cat 6 Ethernet cables), connect the appliance to your network according to the network mode you have chosen. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Monitor and keyboard Connect a monitor and keyboard to the appliance. Supplying power to the appliance Use this task to supply power to the appliance and switch it on. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Use this task to install the Email and Web Security software on the device. Tasks From a computer with internet access, download the latest version of the Email and Web Security software from the McAfee download site. (You will need your Grant Number to do this.) Create a CD from this image.
Scan web traffic Web traffic includes HTTP traffic only. After installation: • The device protects your network against viruses, and uses McAfee SiteAdvisor when visiting web sites. • If you want to scan more types of traffic, you can enable each protocol from its page.
Page 30
Scan email traffic Email traffic includes SMTP traffic only. After installation: • The device protects your network against viruses, spam and phish, and uses McAfee TrustedSource to protect your network from unwanted email. • If you want to scan more types of traffic, you can enable each protocol from its page.
Page 31
Specifies an address, such as 198.168.200.10. The fully qualified domain name (Device name. Domain name) must resolve to this IP address when the DNS server (specified here) is called. McAfee recommends that this IP address resolves to the FQDN in a reverse lookup.
Option Definition Scan web traffic Web traffic includes HTTP, FTP and ICAP traffic. After installation: The device protects your network against viruses, and uses McAfee SiteAdvisor when visiting web sites. Further options include: • Enable protection against Potentially Unwanted Programs (including Spyware) McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 33
Scan FTP traffic Scan email traffic Email traffic includes SMTP and POP3 traffic. After installation: The device protects your network against viruses, spam and phish, and uses McAfee TrustedSource to protect your network from unwanted email. Further options include: •...
Page 34
The cluster can contain: • One cluster master . The master both synchronizes the configuration and balances the load of network traffic to the other cluster members. and at least one of the following: McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 35
Software patches need to be applied to each separate device in turn. Cluster Management Configuration (Standard appliance) Cluster management is disabled. Cluster Management (Cluster Scanner) Use this page to specify information for a scanning appliance. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 36
If your firewall prevents DNS lookup (typically on port 53), specify the IP address of a local device that provides name resolution. Network Address Displays the network address of a routing device. Mask Displays the network subnet mask such as 255.255.255.0. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 37
If you specify several servers, the device examines each NTP message in turn to determine the correct time. Password Use this page to specify a password for the device. For a strong password, include letters and numbers. You can type up to 15 characters. McAfee Email and Web Security Appliance 5.5 Installation Guide...
By default all configuration is restored. You can choose to restore only specific parts of your configuration by de-selecting the information you do not want restored. You will have the chance to review these changes before applying them. McAfee Email and Web Security Appliance 5.5 Installation Guide...
The interface you see might look slightly different from that shown here, because it can vary depending on the hardware platform, software version and language. Figure 9: Interface components - Dashboard page McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 40
Use the Web icon , when displayed, to open the page for the web scanning software you have installed. When you have McAfee Web Gateway installed, use this icon to open the McAfee Web gateway interface directly in the content area.
Save the file with the name EICAR.COM. From an external email account, create a message that contains the EICAR.COM file as an attachment and send the message to an internal mailbox. Return to the Dashboard page. McAfee Email and Web Security Appliance 5.5 Installation Guide...
NOTE: You will need a valid grant number. After installation After you have installed the device, make sure that your configuration is working correctly. See Testing the device. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Use these tasks to demonstrate the blade server scanning features in action. It provides step-by-step instructions to create and test some sample policies and tells you how to generate applicable reports. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Use this task to demonstrate what happens when a mass mailer virus rule is triggered by the EICAR test file, and actions that can be taken. On the device, ensure that you are using McAfee Quarantine Manager ( Email | Quarantine Configuration | Quarantine Options ).
A policy like this protects users from receiving unsolicited email messages that reduce productivity and increase the message traffic through your servers. Task On the device, ensure that you are using McAfee Quarantine Manager Email | Quarantine Configuration. Select Email | Email Policies | Scanning Policies.
Using policies to manage message scanning Release the spam message. 10 Check the recipient email account to see the message. Detected messages are sent to McAfee Quarantine Manager and can be managed by an administrator. Creating an email compliance policy Use this task to set up a policy to ensure that messages your users send to external mail accounts comply with official content libraries.
17 Use Email | Email Overview | INCOMING EMAIL SUMMARY to see the event. 18 View the Dashboard to see information about items quarantined because of their content. 19 Using the recipient’s email account, open McAfee Quarantine Manager User interface and select Unwanted Content.
Page 48
• The receiving Mail Transfer Agent (MTA) sees the IP address of the virtual host. • If there is a pool of addresses, the IP address will be selected "round robin." • The EHLO response will be for the virtual host. McAfee Email and Web Security Appliance 5.5 Installation Guide...
If the appliance is still not receiving network traffic, check the network cables and the network ports on your network equipment. If the cables and ports are working, there is a problem with the appliance. Contact your supplier. McAfee Email and Web Security Appliance 5.5 Installation Guide...
• If the appliance is operating in explicit proxy mode and you have a direct local management connection through its LAN2 port, ensure that: • You have not disabled the LAN2 port. Connect remotely to check this. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Why can’t I just give the name of the sender that I want to block from relaying? Think of anti-relay as system-to-system blocking, while anti-spam is sender-based blocking. McAfee Email and Web Security Appliance 5.5 Installation Guide...
This setting is intended to block email messages with huge numbers of attachments, which waste bandwidth. Some mail clients (like Outlook Express) store extra information in extra attachments, and even embed the main body of the message in an attachment. McAfee Email and Web Security Appliance 5.5 Installation Guide...
A popup window prompts you to wait for or cancel the download. If you select Cancel and try to download again, two copies of the message might appear in your mailbox. Physical configuration This section discusses physical configuration issues. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Channel settings, select the XML tab. • To adjust the warning levels, select Monitor | Resources in the navigation pane, then select Disk usage. Anti-virus automatic updating This section discusses issues with anti-virus automatic updating. McAfee Email and Web Security Appliance 5.5 Installation Guide...
It is better to risk letting some spam through. McAfee Email and Web Security Appliance 5.5 Installation Guide...
Page 56
NOTE: Allowing streaming media to pass through the appliance is a security risk, because streaming media is not scanned by the appliance. McAfee recommends that you do not allow streaming media of type application/octet-stream or application/* to pass through the appliance because these MIME types are executable and are a security risk •...
The links bar in the appliance interface window provides links to more sources of information. You can: • Access the McAfee online virus information library to find out more about a specific virus. • Submit a virus sample to McAfee for analysis.