1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Firewall
  5. MSA-3400-SWGI - Web Security Appliance 3400
  6. Installation manual

McAfee MSA-3400-SWGI - Web Security Appliance 3400 Installation Manual

Installation guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
McAfee Email and Web Security
Appliance 5.5
Installation Guide

Advertisement

Table of Contents
loading

Related Manuals for McAfee MSA-3400-SWGI - Web Security Appliance 3400

Summary of Contents for McAfee MSA-3400-SWGI - Web Security Appliance 3400

  • Page 1 McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 2 SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

  • Page 3: Table Of Contents

    Connect to the network..............26 McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 4 System configuration............. . . 54 McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 5 Getting more help — the links bar............57 McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 6: Introducing Mcafee Email And Web Security Appliances

    Introducing McAfee Email and Web Security Appliances ® This guide provides the necessary information for installing the McAfee Email and Web Security Appliance 5.5. It provides steps and verification of the installation process. This guide demonstrates how to configure Email and Web Security software and when completed the user will have a fully functional appliance.
  • Page 7 Reputation Service check, the appliance is set to close the connection and deny the message. The sender's IP address is added to a list of blocked connections and is automatically blocked in future at the kernel level. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 8: Graphical Conventions

    (SMTP, POP3, FTP, HTTP, and ICAP), maintenance, and monitoring. You will need your Grant ID number. Online help Product interface. Includes information about basic concepts, policies, protocols (SMTP, McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 9 Introducing McAfee Email and Web Security Appliances Available resources POP3, FTP, HTTP, and ICAP), maintenance, and monitoring. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 10: Pre-Installation

    If an item is missing or damaged, contact your supplier. Pre-installation Plan the installation Before unpacking your blade server, it is important to plan the installation and deployment. Consider the following: McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 11: Inappropriate Use

    Install the appliance so that you can control physical access to the unit and access the ports and connections. A rack-mounting kit is supplied with the appliance, allowing you to install the appliance in a 19-inch rack — see Mounting the appliance in a rack. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 12: Considerations About Network Modes

    If you are still unsure about the mode to use after reading this and the following sections, consult your network expert. CAUTION: If you plan on deploying one or more scanning blades running McAfee Web Gateway (formally WebWasher) software, you must configure your blade server in Explicit Proxy mode. Architectural considerations about network modes The main considerations regarding the network modes are: •...

  • Page 13: Transparent Bridge Mode

    Devices on one side of the bridge (such as a router) that communicate with devices on the other side of the bridge (such as a firewall) are unaware of the bridge. They are unaware that McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 14: Transparent Router Mode

    (the devices connected to its LAN1 and LAN2 ports). For example, you might need to make the device your default gateway. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 15: Explicit Proxy Mode

    Explicit proxy mode is best suited to networks where client devices connect to the device through a single upstream and downstream device. TIP: This might not be the best option if several network devices must be reconfigured to send traffic to the device. McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 16 Where to place the device Configure the network devices so that traffic needing to be scanned is sent to the device. This is more important than the location of the device. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 17: Deployment Strategies For Using The Device In A Dmz

    Hackers often gain access to networks by identifying the TCP/UDP ports on which applications are listening for requests, then exploiting known vulnerabilities in applications. Firewalls dramatically reduce the risk of such exploits by controlling access to specific ports on specific servers. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 18: Smtp Configuration In A Dmz

    To overcome this, they often use a proprietary ® ® mail gateway, such as Lotus Notes or Microsoft Exchange, to encrypt the mail traffic before it reaches the internal network. McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 19 • SMTP requests originating from the device and destined for the Internet. All other SMTP and TCP port 1352 requests are denied. Firewall rules specific to Microsoft Exchange A Microsoft Exchange-based mail system requires a significant workaround. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 20: Workload Management

    The blade server includes its own internal workload management, distributing the scanning load evenly between all scanning blades installed within the enclosure. You do not need to deploy an external load balancer. Pre-installation McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 21: Connecting And Configuring The Appliance

    Connecting and configuring the appliance McAfee recommends that you consider installing the appliance in the following order: Unpack the appliance and confirm no parts are missing (check against parts lists in the box) Rack-mount the appliance. Connect the peripherals and power (monitor, keyboard).

  • Page 22: Ports And Connections

    This chapter shows the panel layouts for each model of appliance. 3000, 3100 panel layout 3200 panel layout 3300 panel layout 3400 panel layout Panel components: 3000, 3100, 3200, 3300, 3400 3000, 3100 panel layout McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 23: 3200 Panel Layout

    Use the CD-ROM drive only when restoring, upgrading, or diagnosing system faults on the drive appliance. System System status LED status • Lights — during normal use. and hard • disk drive Flashes — when the System Identification ( ) button is pressed. McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 24 Power Use the correct power cord for your location. socket NOTE: 3300 and 3400 appliances only — McAfee recommends you connect both power supplies. System The system identification buttons on the front and back panels help you locate the appliance identification within a rack.

  • Page 25: Physically Installing The Appliance

    Connect Keyboard, Mouse and Out of Band Management adapter (if required). Connectors Physically installing the appliance Use this task to physically install the appliance. Task Remove the appliance from the protective packaging and place it on a flat surface. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 26: Mounting The Appliance In A Rack

    Using the LAN1 and LAN2 switch connections and the supplied network cables (or equivalent Cat 5e or Cat 6 Ethernet cables), connect the appliance to your network according to the network mode you have chosen. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 27: Using Fiber Lan Connections

    Monitor and keyboard Connect a monitor and keyboard to the appliance. Supplying power to the appliance Use this task to supply power to the appliance and switch it on. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 28: Installing The Software

    Use this task to install the Email and Web Security software on the device. Tasks From a computer with internet access, download the latest version of the Email and Web Security software from the McAfee download site. (You will need your Grant Number to do this.) Create a CD from this image.

  • Page 29: Welcome Page

    Scan web traffic Web traffic includes HTTP traffic only. After installation: • The device protects your network against viruses, and uses McAfee SiteAdvisor when visiting web sites. • If you want to scan more types of traffic, you can enable each protocol from its page.
  • Page 30 Scan email traffic Email traffic includes SMTP traffic only. After installation: • The device protects your network against viruses, spam and phish, and uses McAfee TrustedSource to protect your network from unwanted email. • If you want to scan more types of traffic, you can enable each protocol from its page.
  • Page 31 Specifies an address, such as 198.168.200.10. The fully qualified domain name (Device name. Domain name) must resolve to this IP address when the DNS server (specified here) is called. McAfee recommends that this IP address resolves to the FQDN in a reverse lookup.

  • Page 32: Performing A Custom Setup

    Option Definition Scan web traffic Web traffic includes HTTP, FTP and ICAP traffic. After installation: The device protects your network against viruses, and uses McAfee SiteAdvisor when visiting web sites. Further options include: • Enable protection against Potentially Unwanted Programs (including Spyware) McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 33 Scan FTP traffic Scan email traffic Email traffic includes SMTP and POP3 traffic. After installation: The device protects your network against viruses, spam and phish, and uses McAfee TrustedSource to protect your network from unwanted email. Further options include: •...
  • Page 34 The cluster can contain: • One cluster master . The master both synchronizes the configuration and balances the load of network traffic to the other cluster members. and at least one of the following: McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 35 Software patches need to be applied to each separate device in turn. Cluster Management Configuration (Standard appliance) Cluster management is disabled. Cluster Management (Cluster Scanner) Use this page to specify information for a scanning appliance. McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 36 If your firewall prevents DNS lookup (typically on port 53), specify the IP address of a local device that provides name resolution. Network Address Displays the network address of a routing device. Mask Displays the network subnet mask such as 255.255.255.0. McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 37 If you specify several servers, the device examines each NTP message in turn to determine the correct time. Password Use this page to specify a password for the device. For a strong password, include letters and numbers. You can type up to 15 characters. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 38: Restoring From A File

    By default all configuration is restored. You can choose to restore only specific parts of your configuration by de-selecting the information you do not want restored. You will have the chance to review these changes before applying them. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 39: Testing The Configuration

    The interface you see might look slightly different from that shown here, because it can vary depending on the hardware platform, software version and language. Figure 9: Interface components - Dashboard page McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 40 Use the Web icon , when displayed, to open the page for the web scanning software you have installed. When you have McAfee Web Gateway installed, use this icon to open the McAfee Web gateway interface directly in the content area.

  • Page 41: Testing The Device

    Save the file with the name EICAR.COM. From an external email account, create a message that contains the EICAR.COM file as an attachment and send the message to an internal mailbox. Return to the Dashboard page. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 42: Using The Device

    NOTE: You will need a valid grant number. After installation After you have installed the device, make sure that your configuration is working correctly. See Testing the device. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 43: Exploring The Appliance

    Use these tasks to demonstrate the blade server scanning features in action. It provides step-by-step instructions to create and test some sample policies and tells you how to generate applicable reports. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 44: Creating An Anti-Virus Scanning Policy

    Use this task to demonstrate what happens when a mass mailer virus rule is triggered by the EICAR test file, and actions that can be taken. On the device, ensure that you are using McAfee Quarantine Manager ( Email | Quarantine Configuration | Quarantine Options ).

  • Page 45: Creating An Anti-Spam Scanning Policy

    A policy like this protects users from receiving unsolicited email messages that reduce productivity and increase the message traffic through your servers. Task On the device, ensure that you are using McAfee Quarantine Manager Email | Quarantine Configuration. Select Email | Email Policies | Scanning Policies.

  • Page 46: Creating An Email Compliance Policy

    Using policies to manage message scanning Release the spam message. 10 Check the recipient email account to see the message. Detected messages are sent to McAfee Quarantine Manager and can be managed by an administrator. Creating an email compliance policy Use this task to set up a policy to ensure that messages your users send to external mail accounts comply with official content libraries.

  • Page 47: About Virtual Host Management

    17 Use Email | Email Overview | INCOMING EMAIL SUMMARY to see the event. 18 View the Dashboard to see information about items quarantined because of their content. 19 Using the recipient’s email account, open McAfee Quarantine Manager User interface and select Unwanted Content.
  • Page 48 • The receiving Mail Transfer Agent (MTA) sees the IP address of the virtual host. • If there is a pool of addresses, the IP address will be selected "round robin." • The EHLO response will be for the virtual host. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 49: Troubleshooting

    If the appliance is still not receiving network traffic, check the network cables and the network ports on your network equipment. If the cables and ports are working, there is a problem with the appliance. Contact your supplier. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 50: Faq

    • If the appliance is operating in explicit proxy mode and you have a direct local management connection through its LAN2 port, ensure that: • You have not disabled the LAN2 port. Connect remotely to check this. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 51: Mail Issues

    Why can’t I just give the name of the sender that I want to block from relaying? Think of anti-relay as system-to-system blocking, while anti-spam is sender-based blocking. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 52: Delivery

    This setting is intended to block email messages with huge numbers of attachments, which waste bandwidth. Some mail clients (like Outlook Express) store extra information in extra attachments, and even embed the main body of the message in an attachment. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 53: Pop3

    A popup window prompts you to wait for or cancel the download. If you select Cancel and try to download again, two copies of the message might appear in your mailbox. Physical configuration This section discusses physical configuration issues. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 54: System Configuration

    Channel settings, select the XML tab. • To adjust the warning levels, select Monitor | Resources in the navigation pane, then select Disk usage. Anti-virus automatic updating This section discusses issues with anti-virus automatic updating. McAfee Email and Web Security Appliance 5.5 Installation Guide...

  • Page 55: Anti-Spam

    It is better to risk letting some spam through. McAfee Email and Web Security Appliance 5.5 Installation Guide...
  • Page 56 NOTE: Allowing streaming media to pass through the appliance is a security risk, because streaming media is not scanned by the appliance. McAfee recommends that you do not allow streaming media of type application/octet-stream or application/* to pass through the appliance because these MIME types are executable and are a security risk •...

  • Page 57: Getting More Help - The Links Bar

    The links bar in the appliance interface window provides links to more sources of information. You can: • Access the McAfee online virus information library to find out more about a specific virus. • Submit a virus sample to McAfee for analysis.
  • Page 60 700-2315A00...

This manual is also suitable for:

Email and web security appliance 5.5

Table of Contents