Meg 7x0 Ig c00 en-us
-
Upload
rupindergujral5102 -
Category
Documents
-
view
224 -
download
0
Transcript of Meg 7x0 Ig c00 en-us
-
8/18/2019 Meg 7x0 Ig c00 en-us
1/33
Installation GuideRevision C
McAfee® Email Gateway 7.x VMtrial
Appliances
-
8/18/2019 Meg 7x0 Ig c00 en-us
2/33
COPYRIGHTCopyright © 2013 McAfee, Inc. Do not copy without permission.
TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore,
Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total
Protection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and
other countries. Other names and brands may be claimed as the property of others.
Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features.
LICENSE INFORMATION
License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
2 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
http://mcafee.com/
-
8/18/2019 Meg 7x0 Ig c00 en-us
3/33
Contents
1 Introducing VMtrial 5
Description of McAfee Email Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Supported platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
McAfee Email Gateway features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Evaluation period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
About McAfee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
About VMware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
What you get . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2 Installing VMtrial 11
Decide how you want to use the evaluation . . . . . . . . . . . . . . . . . . . . . . . 11
Considerations before installing VMtrial . . . . . . . . . . . . . . . . . . . . . . . . 11
Network information you need to collect . . . . . . . . . . . . . . . . . . . . . . . . 12
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Install VMtrial on VMware vSphere . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Install VMtrial on VMware Player . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configure the virtual appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3 Getting started with VMtrial 17
The Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Benefits of using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . 18
Dashboard portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Testing the configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Task — Test connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Task — Update the DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Using the test email generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Benefits of using the test email generator . . . . . . . . . . . . . . . . . . . . 20
Generate test email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Task — Generate a stream of test email messages . . . . . . . . . . . . . . . . . 21
Task — View a summary of scanned email traffic . . . . . . . . . . . . . . . . . . 22
Task — Find specific test email messages . . . . . . . . . . . . . . . . . . . . . 22
Exploring the appliance features . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Introduction to policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Compliance Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Data Loss Prevention settings . . . . . . . . . . . . . . . . . . . . . . . . . 27
Task — Identify quarantined email messages . . . . . . . . . . . . . . . . . . . 29
Index 31
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 3
-
8/18/2019 Meg 7x0 Ig c00 en-us
4/33
Contents
4 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
5/33
1 Introducing VMtrial
McAfee Email Gateway Appliance (VMtrial) lets you evaluate the latest McAfee Email Gateway
Appliance on VMware vSphere, or VMware Player.
Contents
Description of McAfee Email Gateway
Supported platforms
McAfee Email Gateway features
Evaluation period
Performance
About McAfee
About VMware
What you get
Description of McAfee Email GatewayMcAfee Email Gateway delivers comprehensive, enterprise‑class protection against email threats in an
integrated and simple‑to‑manage appliance for SMTP and POP3.
If you purchase the McAfee Email Gateway after this evaluation, McAfee can either supply the relevant
hardware and other items that accompany an appliance, or you can access the software using a virtuaappliance.
Supported platforms
McAfee Email Gateway Appliance (VMtrial) works on the following virtual platforms:
• VMware vSphere (ESX) 4.x
• VMware vSphere Hypervisor (ESXi) 4.x
• VMware Player 3.x
1
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 5
-
8/18/2019 Meg 7x0 Ig c00 en-us
6/33
McAfee Email Gateway featuresThis information describes the features of the product and where to locate them in the product
interface.
Email scanning features
Feature Description
Comprehensivescanningprotection
Offers anti‑virus and anti‑spam protection for the following network protocols:
• SMTP
• POP3
Anti virusprotection
Email | Email Policies | Anti Virus
Reduce threats to all protocol traffic using:
• Anti‑virus settings to identify known and unknown threats in viruses in
archives files, and other file types
• Other threat detection settings to detect viruses, potentially unwanted
programs, packers, and other malware
• McAfee Global Threat Intelligence file reputation to complement the
DAT‑based signatures by providing the appliances access to millions of
cloud‑based signatures; this reduces the delay between McAfee detecting a
new malware threat and its inclusion in DAT files, providing broader coverage
Anti
spamprotection
Email | Email Policies | Spam
Reduce spam in SMTP and POP3 email traffic using:
• Anti‑spam engine, the anti‑spam, and anti‑phishing rule sets
• Lists of permitted and denied senders
• McAfee Global Threat Intelligence message reputation to identify
senders of spam email messages
• Permit and deny lists that administrators and users can create using a
Microsoft Outlook plug‑in (user‑level only)
Detect phishing attacks and take the appropriate action.
Encryption Email | Encryption
The McAfee Email Gateway includes several encryption methodologies:
• Server‑to‑server encryption
• Secure Web Mail
• Pull delivery
• Push delivery
The encryption features can be set up to provide encryption services to theother scanning features, or can be set up as an encryption‑only server used justto encrypt email messages.
1Introducing VMtrialMcAfee Email Gateway features
6 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
7/33
Feature Description
McAfee GlobalThreatIntelligencefeedback
Email | Email Policies | Policy Options | McAfee GTI feedback
System | Setup Wizard
McAfee analyzes data about detections and alerts, threat details, and usagestatistics from a broad set of customers to combat electronic attacks, protect
vulnerable systems from exploit, and thwart cyber crime. By enabling thisfeedback service in your product, you will help us improve McAfee Global ThreatIntelligence, thereby making your McAfee products more effective, as well ashelp us work with law enforcement to address electronic threats.
ComplianceSettings
Email | Email Policies | Compliance
This release of the product includes enhancements to the way the applianceuses compliance rules:
• In the Compliance policy, use the Rule Creation wizard to specify the inbuilt
dictionaries that you want to comply with, or create the a new rule using an
existing rule as a template.
• Use the Mail size filtering and File filtering policies to check SMTP email messages
for true file types and take action on email based on size and number of
attachments.
Data LossPrevention
Email | DLP and Compliance
Use the Data Loss Prevention policy to upload and analyze your sensitive documents— known as training — and to create a fingerprint of each document.
Message Search Reports | Message search
From a single location within the user interface, Message Search allows you toconfirm the status of email messages that have passed through the appliance.It provides you with information about the email, including whether it wasdelivered or blocked, if the message bounced, if it was quarantined, or held in aqueue pending further action.
Quarantine
features
Email | Quarantine Configuration | Quarantine Options
• Quarantine digests — Allow users to handle quarantined items without involving
the email administrator.
• McAfee Quarantine Manager — Consolidate quarantine management for McAfee
products.
Message TransferAgent
• Reroute traffic on‑the‑fly based on criteria set by the administrator. For
example, encrypted mail can be rerouted for decryption.
• Allow the administrator to determine the final status of each message.
• See a quick view summary of inbound email messages by domain with
drill‑down facilities per domain and undeliverable email by domain.
• Prioritize the redelivery of undeliverable email based on domain.
• Pipeline multiple email deliveries to each domain.
• Rewrite an email address on inbound and outbound email based on regular
expressions defined by the administrator.
• Strip email headers on outbound messages to hide internal network
infrastructure.
• Deliver messages using TLS.
• Manage certificates.
Introducing VMtrialMcAfee Email Gateway features 1
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 7
-
8/18/2019 Meg 7x0 Ig c00 en-us
8/33
Reporting and System features
Feature Description
ScheduledReports
Reports | Scheduled Reports
Schedule reports to run on a regular basis and send them to one or more emailrecipients.
Logging options System | Logging, Alerting and SNMP
You can configure the appliance to send emails containing information aboutviruses and other detected threats, and to use SNMP to transfer informationfrom your appliance.
Dashboardstatistics
Dashboard
The Dashboard provides a single location for you to view summaries of theactivities of the appliance, such as the email flowing through the appliance, andthe overall system health of the appliance. You can also go directly to areas of the user interface that you often use.
ePolicyOrchestrator
management of appliances
System | Setup Wizard
Choose the ePO Managed Setup option to monitor the status of your appliances andalso manage your appliance from ePolicy Orchestrator.
You can directly manage your appliances from ePolicy Orchestrator, withoutneeding to launch the interface for each appliance.
In ePolicy Orchestrator, the user interface pages that you use to configure andmanage your appliance have a familiar look‑and‑feel to the pages that you findwithin the appliances.
ClusterManagement
System | System Administration | Cluster Management
Cluster management enables you to set up groups of appliances that worktogether to share your scanning workloads, and to provide redundancy in theevent of hardware failure.
From these pages you can back up and restore your configurations, push
configurations from one appliance to others, and set up load balancing betweenyour appliances.
Virtual Hosts System | Virtual Hosting | Virtual Hosts
For the SMTP protocol, you can specify the addresses where the appliancereceives or intercepts traffic on the Inbound Address Pool.
Using virtual hosts, a single appliance can appear to behave like severalappliances. Each appliance can manage traffic within specified pools of IPaddresses, enabling the appliance to provide scanning services to traffic frommany customers.
Role basedAccess Control
System | Users | Users and Roles
System | Users | Login Services
In addition to the Kerberos authentication method, RADIUS authentication isalso available.
Evaluation period
During the evaluation period, you get unlimited access to McAfee® Email Gateway Appliance (VMtrial)
features that can protect your organization from spam, phishing, viruses, undesirable content, data
loss, and other threats.
1Introducing VMtrialEvaluation period
8 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
9/33
The evaluation period lasts for 30 days, after which time the virtual appliance will cease to function.
When the evaluation period ends, an Expiry Information dialog box on the VMtrial logon page tells you
"The trial has now expired." All functionality stops working. Traffic continues to pass through the
VMtrial appliance but is not scanned.
If you run out of time to complete your evaluation before it expires, you can save your configuration,
begin another evaluation, and apply your original configuration settings.
To purchase the product based on your evaluation, contact your preferred reseller. To locate a reseller,
go to http://www.mcafee.com to find a Reseller or Distribution Partner or contact a sales
representative.
PerformanceUsing virtual software to simulate a McAfee appliance impacts appliance performance and traffic
throughput.
Scanning throughput during the evaluation is not representative of the performance that would be
achieved on a McAfee appliance with a similar hardware specification. Performance and traffic
throughput are also affected by the host computer specification and the size of your Internet
connection.
About McAfee
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest
dedicated security technology company. McAfee delivers proactive and proven solutions and services
that help secure systems, networks, and mobile devices around the world, allowing users to safely
connect to the Internet, browse, and shop the web more securely. Backed by its unrivaled global
threat intelligence, McAfee creates innovative products that empower home users, businesses, the
public sector, and service providers by enabling them to prove compliance with regulations, protectdata, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security.
McAfee is relentlessly focused on constantly finding new ways to keep our customers safe.
About VMware
VMware (NYSE:VMW), the global leader in virtualization and cloud infrastructure, delivers
customer‑proven solutions that accelerate IT by reducing complexity and enabling more flexible, agile
service delivery. VMware enables enterprises to adopt a cloud model that addresses their unique
business challenges. VMware’s approach accelerates the transition to cloud computing while
preserving existing investments and improving security and control. With more than 250,000
customers and 25,000 partners, VMware solutions help organizations of all sizes lower costs, increasebusiness agility and ensure freedom of choice.
What you get
In the evaluation .zip file, you have the following items:
Introducing VMtrialPerformance 1
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 9
http://www.mcafee.com/
-
8/18/2019 Meg 7x0 Ig c00 en-us
10/33
• McAfee Email Gateway Appliance (VMtrial) installation files
• McAfee Email Gateway Appliance (VMtrial) Installation Guide
Sources of information
You can find installation and configuration information in the following locations:
• Online Help
• The configuration console contains page‑sensitive Help information to guide you through the
installation process.
• After installation, detailed context‑sensitive Help with Search and Index features is available from
the product interface. It provides an introduction to the product and its features, detailed
instructions for configuring the software, information on recurring tasks, and operating
procedures.
• KnowledgeBase — Use the McAfee KnowledgeBase for answers to questions about McAfee Email
Gateway Appliance.
Go to https://mysupport.mcafee.com/ and click Browse the KnowledgeBase. From the Product list, select
Email Gateway.
• Documentation — You have access to the latest version of the McAfee Email Gateway Appliance
documentation.
Go to https://mysupport.mcafee.com/, click Product Documentation, and select Email Gateway.
For help with VMware vSphere or VMware Player, go to http://www.vmware.com, type your question
to the Search VMware Knowledge Base box, and click Search.
1Introducing VMtrialWhat you get
10 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
http://www.vmware.com/https://mysupport.mcafee.com/https://mysupport.mcafee.com/
-
8/18/2019 Meg 7x0 Ig c00 en-us
11/33
2 Installing VMtrial
This information helps you prepare your evaluation environment and presents topics to consider
before you install McAfee Email Gateway Appliance (VMtrial).
Contents
Decide how you want to use the evaluation
Considerations before installing VMtrial
Network information you need to collect
System requirements
Install VMtrial on VMware vSphere
Install VMtrial on VMware Player
Configure the virtual appliance
Decide how you want to use the evaluation
Before you start to install the evaluation, you must decide whether you want to:
• Use McAfee Email Gateway Appliance (VMtrial) to scan email traffic on your network.
• Just evaluate the McAfee Email Gateway Appliance features and interface options.
Considerations before installing VMtrial
If you want McAfee Email Gateway Appliance (VMtrial) to scan email traffic on your network, consider
the following before you start the installation process:
• Which protocols do you want to scan? Choose from SMTP and POP3.
• Do you want to scan these protocols without changing settings on clients or servers?
• Does your network have a DMZ? If so, which servers are located in it?
• Do you have an internal DNS server?
• The operational mode that you want to use. Choose from explicit proxy mode, transparent bridge
mode, or transparent router mode. Information about the features of each operating mode can be
found in the McAfee Email Gateway Virtual Appliance Installation Guide available from https://
mysupport.mcafee.com.
If VMware vSphere is already installed and running correctly in your operating environment, McAfee
recommends that you use it to run McAfee Email Gateway Appliance (VMtrial).
2
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 11
https://mysupport.mcafee.com/https://mysupport.mcafee.com/https://mysupport.mcafee.com/
-
8/18/2019 Meg 7x0 Ig c00 en-us
12/33
Network information you need to collect
Gather the following information before you start the installation process:
• Protocols to scan (SMTP, POP3)
• Host name
• Domain name
• Default gateway
• Choose your operational mode: explicit proxy, transparent router, transparent bridge.
Information about the operational modes can be found in the McAfee Email Gateway Virtual Appliance
Installation Guide available from http://mysupport.com.
• LAN1 port IP address and subnet mask
• LAN2 port IP address and subnet mask
• DNS server IP address
• Any onward email server IP address
System requirements
If you plan to use VMtrial in your production environment, remember that traffic throughput and
performance are slower than an appliance with a similar hardware specification.
VMtrial does not run on the FAT32 filesystem.
Component Value
Processor 2.8 GHz Pentium 4 processor with Physical Address Extension (PAE) supportAvailable memory 1 GB
Free hard disk space 50 GB
Virtual environment If VMware vSphere is already installed and running correctly in your operatingenvironment, McAfee recommends that you use it to run McAfee EmailGateway Appliance (VMtrial).
Browser The appliance's interface is optimized for Microsoft Internet Explorer 7.0 orlater, and Mozilla Firefox 3.6 or later.
Install VMtrial on VMware vSphereUse this task to install McAfee Email Gateway Appliance (VMtrial) onto a host computer runningVMware vSphere 4.x or VMware vSphere Hypervisor (ESXi) 4.x.
Before you begin
• Download the McAfee Email Gateway Appliance (VMtrial) package .zip file from the
McAfee download site and extract it to a location where the VMware vSphere Client can
see it.
• Install a fully licensed copy of VMware vSphere 4.x or VMware vSphere Hypervisor
(ESXi) 4.x.
2Installing VMtrialNetwork information you need to collect
12 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
http://mysupport.com/http://mysupport.com/
-
8/18/2019 Meg 7x0 Ig c00 en-us
13/33
The McAfee Email Gateway Appliance (VMtrial) performs automatic configuration using DHCP for the
following parameters:
• Host name
• Domain name
• Default gateway
• DNS server
The console appears when the appliance restarts until you complete the settings.
Task
1 Start the VMware vSphere Client application.
2 Log on to the VMware vSphere server, or the vCenter Server.
3 From the Inventory list, select the host or cluster onto which you want to import the virtual appliance
software.
4 Click File | Deploy OVF Template | Deploy From File, and click Browse to go to where you extracted the .zip file
you downloaded from the McAfee download site.
5 Open the VMtrial subfolder from the .zip file, and select the McAfee_MEG_VMtrial.vSphere_ESX.ovf file, and
click Open.
6 Click Next twice, and optionally type a new name.
7 Select the resource pool that you want to use if you have any configured.
8 Select the datastore that you want to use, and click Next.
9 Select the virtual networks to which the virtual appliance NICs will be connected.
10 Click Next, read the summary, then click Finish and wait for the import process to finish.
You can install the virtual appliance on more than one VMware vSphere server.
Install VMtrial on VMware PlayerUse this task to install McAfee Email Gateway Appliance (VMtrial) onto a host computer running
VMware Player.
Before you begin
Download the McAfee Email Gateway Appliance (VMtrial) package .zip file from the McAfee
download site and extract it to the computer on which you plan to run the evaluation.
Download VMware Player from http://www.vmware.com/go/get‑player.
The McAfee Email Gateway Appliance (VMtrial) performs automatic configuration using DHCP for the
following parameters:
• Host name
• Domain name
• Default gateway
• DNS server
Installing VMtrialInstall VMtrial on VMware Player 2
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 13
http://www.vmware.com/go/get-player
-
8/18/2019 Meg 7x0 Ig c00 en-us
14/33
The console appears when the appliance restarts until you complete the settings.
Task
1 Log on to the computer as an administrator.
2 Install VMware Player:
a Double‑click the VMware Player installation file and click Run to start the installer.
b Click Next and continue through the installer selecting the desired options.
c On the last page, click Continue to begin the installation.
The computer must be restarted before you can run McAfee Email Gateway Appliance (VMtrial).
3 Run the VMtrial installation file:
a Browse to the folder where you extracted the McAfee Email Gateway Appliance (VMtrial)
package .zip file.
b Open the VMtrial folder.
c Double‑click the McAfee_MEG_VMtrial.VMware_Player.vmx file.
VMware Player starts, and the installation begins.
You can install the virtual appliance on more than one VMware Player server.
Configure the virtual applianceUse this task to configure the virtual appliance.
Before you begin
Ensure your virtual environment is installed and running correctly.
Task
1 Start the virtual appliance. The installation starts automatically.
2 Read the End‑User License Agreement to continue with the installation, then click y to accept it and
start the installation.
3 At the installation menu, select a to perform a full installation and y to continue.
4 When the installation is complete, the virtual appliance restarts.
5 On the Welcome screen, choose the language that you want to use.
6 Accept the terms of the license agreement.
7 Configure the virtual appliance from the graphical configuration wizard.
2Installing VMtrialConfigure the virtual appliance
14 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
15/33
8 Apply the configuration to the virtual appliance. Depending on the settings you entered, it might
restart. You can install the virtual appliance on more than one VMware vSphere, VMware vSphere
Hypervisor, or VMware Player server. To do so:
a Follow the steps in this task on another VMware vSphere, VMware vSphere Hypervisor, or
VMware Player server.
b Return to the previously installed virtual appliance user interface.
c Select System | System Administration | Configuration Push to send the configuration details to the
second virtual appliance.
Installing VMtrialConfigure the virtual appliance 2
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 15
-
8/18/2019 Meg 7x0 Ig c00 en-us
16/33
2Installing VMtrialConfigure the virtual appliance
16 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
17/33
3 Getting started with VMtrial
This information introduces you to the interface elements that make up McAfee Email Gateway
Appliance (VMtrial).
Contents
The Dashboard
Testing the configuration
Using the test email generator
Exploring the appliance features
The DashboardThe Dashboard provides a summary of the activity of the appliance.
Dashboard
Use this page to access most of the pages that control the appliance.
On a cluster master appliance, use this page also to see a summary of activity on the cluster of appliances.
3
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 17
-
8/18/2019 Meg 7x0 Ig c00 en-us
18/33
Benefits of using the DashboardThe Dashboard provides a single location for you to view summaries of the activities of the appliance
through a series of portlets.
Figure 3-1 Dashboard portlets
Some portlets display graphs that show appliance activity over the following periods of time:
• 1 hour • 2 weeks
• 1 day (the default) • 4 weeks
• 1 week
Within the Dashboard, you can make some changes to the information and graphs displayed:
• Expand and collapse the portlet data using the and buttons in the portlet's top right‑hand
corner.
• Drill down to specific data using the and buttons.
• See a status indicator that shows whether the item needs attention:
• Healthy — the reported items are functioning normally
• Requires Attention — a warning threshold has been exceeded
• Requires Immediate Attention — a critical threshold has been exceeded
• Disabled — a service is not enabled
•Use and to zoom in and zoom out of a timeline of information. There is a short delay while
the view is updated. By default, the Dashboard shows data relating to the previous one day.
• Move a portlet to another location on the Dashboard,
3Getting started with VMtrialThe Dashboard
18 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
19/33
• Double‑click the top bar of a portlet to expand it across the top of the Dashboard,
• Set your own alert and warning thresholds to trigger events. To do so, highlight the item and click
it, edit the alert and warning threshold fields, and click Save. When the item exceeds the threshold
you set, an event is triggered.
Depending on the browser used to view the McAfee Email Gateway user interface, the Dashboard
"remembers" the current state of each portlet (whether it is expanded or collapsed, and if you havedrilled down to view specific data), and attempts to re‑create that view if you navigate to another page
within the user interface and then return to the Dashboard within the same browsing session.
Dashboard portletsUnderstand the portlets found on the dashboard within the user interface of your McAfee Email
Gateway.
Option Definition
Inbound MailSummary
Use the Inbound Mail Summary portlet to get the delivery and status information aboutmessages sent to your organization.
Outbound Mail
Summary
Use the Outbound Mail Summary portlet to get the delivery and status information about
messages sent from your organization.
SMTP Detections Use the SMTP Detections portlet to find out the total number of messages that triggereda detection based on the sender or connection, the recipient, or the content, and toview data specific to either inbound or outbound SMTP traffic.
POP3 Detections Use the POP3 Detections portlet to view how many messages triggered a detectionbased on threats such as viruses, packers, or potentially inappropriate images.
System Summary Use the System Summary portlet displays information about load balancing, the diskspace used for each partition, total CPU usage, used and available memory, andswap details.
HardwareSummary
Use the Hardware Summary portlet uses status indicators to show the status of networkinterfaces, UPS servers, bridge mode (if enabled), and RAID status.
Network Summary Use the Network Summary portlet provides information about the status of your
connections, network throughput and counters relating to Kernel Mode Blocking
Services Use the Services portlet displays update and service status statistics based onprotocol and external servers used by the appliance.
Clustering Use the Clustering portlet, when you have configured your appliance as part of acluster or are using the blade server hardware, provides information about the entirecluster.
Tasks Use the Tasks portlet to link directly to the areas of the user interface that search themessage queue, view reports, manage policies, configure mail protocol settings andnetwork and system settings, and access troubleshooting features.
Testing the configurationThis information describes how to test that the appliance is functioning correctly after installation.
Contents
Task — Test connectivity
Task — Update the DAT files
Getting started with VMtrialTesting the configuration 3
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 19
-
8/18/2019 Meg 7x0 Ig c00 en-us
20/33
Task — Test connectivityUse this task to confirm basic connectivity.
The McAfee Email Gateway checks that it can communicate with the gateway, update servers and DNS
servers. It also confirms that the appliance name and domain name are valid.
Task
1 From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from the
Tasks area.
2 Click the Tests tab.
3 Click Start Tests.
Each test should return positively.
Task — Update the DAT filesUse this task to ensure that the McAfee Email Gateway has the most up‑to‑date detection definition
(DAT) files. We recommend updating them before you configure the scanning options.
As you progress using the McAfee Email Gateway, you can choose to update individual types of definition file and change the default scheduled updates to suit your requirements.
Task
1 Select System | Component Management | Update Status .
2 To update the anti‑virus engine and anti‑virus database, click Update Now.
To check that the update applied correctly, open the Services portlet in the Dashboard, and expand
the Updates status. The Anti‑virus components will have a green status.
Using the test email generatorMcAfee® Email Gateway Appliance (VMtrial) includes a test email generator to allow you to fully test
your trial of the software, without needing to configure external infrastructure to send and receive
email messages.
Troubleshoot | Tools | Generate Test Email
Benefits of using the test email generatorThe test email generator demonstrates the reporting and detection capabilities of the McAfee Email
Gateway Appliance (VMtrial) by simulating the continual sending and receiving various types of email
traffic.The content of the emails is randomized and consists of a selection of detection types and legitimate
data. The detections trigger defined actions for viral content, spam content, compliance or Data Loss
Prevention (DLP) actions.
These test emails do not contain any viral content, rather, they contain test strings designed specifically
to ensure the anti‑virus detections are working correctly.
When you enable the test email generator, policies are automatically created. These policies are used
to define the settings that are applied to the test email traffic as it is scanned by the appliance.
3Getting started with VMtrialUsing the test email generator
20 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
21/33
The connection and envelope properties of the generated email messages are also randomized, to
ensure that different policies are triggered when the messages are scanned.
You can edit the policies created to test the email traffic. Doing so might affect the results of the
scanned test email traffic.
Generate test emailGenerate a stream of messages to test the effects of the scanning policies.
Table 3-1 Option definitions — Diagnostics: Generate continuous test email
Option Definition
Enable Continuous Generation /Reset Continuous Generation
Creates new policies to define the configuration used to scan the testemail messages generated using continuous generation.
After you have enabled continuous generation and created thepolicies, you can reset these policies to their initial state by clickingReset Continuous Generation.
Start Continuous Generation Creates test email traffic.
Disable Status Window Reminder When test email traffic is being generated, a reminder message isdisplayed on the Status Window every minute. Click to disable thereminder messages.
Stop Continuous Generation Stops the flow of test email traffic.
Task — Generate a stream of test email messagesConfigure the McAfee Email Gateway Appliance (VMtrial) software to generate a continuous stream of
test email messages.
To fully evaluate and understand some features within McAfee Email Gateway, it is necessary for the
appliance to scan email messages. Use Generate Test Email | Diagnostics: Generate continuous test email to create
a continuous stream of test email messages to be scanned by the appliance.
Task
1 Select Troubleshoot | Tools | Generate Test Email.
2 Click Enable Continuous Generation.
3 Click OK to accept the notice about your policy customizations being overwritten.
The enabling of email generation and the creation of the required scanning policies takes several
minutes to complete.
New policies are created. These are used to configure the scanning for the test email message
stream.
4 Click Start Continuous Generation.
Your McAfee Email Gateway Appliance (VMtrial) starts generating a stream of email messages that are
scanned by the appliance.
Getting started with VMtrialUsing the test email generator 3
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 21
-
8/18/2019 Meg 7x0 Ig c00 en-us
22/33
Task — View a summary of scanned email trafficUse the Dashboard to get an "at a glance" overview of the email traffic scanned by the McAfee® Email
Gateway Appliance (VMtrial).
Before you begin
Either arrange for external email to be delivered though the virtual appliance, or generate a
stream of test email messages using the Generate Test Email | Diagnostics: Generate continuous test
email f eature.
Task
1 Select Dashboard.
2 View the counters shown within the Mail Summary portlets.
The counters increment as the email traffic is scanned.
Task — Find specific test email messagesUse Message Search to get detailed information about the email traffic scanned by the McAfee® Email
Gateway Appliance (VMtrial).
Before you begin
Either arrange for external email to be delivered though the virtual appliance, or generate a
stream of test email messages using the Generate Test Email | Diagnostics: Generate continuous test
email feature.
Task
1 Select Reports | Message search.
2 Click Search / Refresh.
The appliance reads the current information from its database, and displays it on the page.
3 To view only information about specific actions taken, for example, email messages that have been
quarantined or bounced, use the available filtering options before clicking Search / Refresh.
Detailed information about the scanned email traffic is displayed. For further information, see the
online Help for Message Search.
Exploring the appliance featuresThis information contains tasks to demonstrate the McAfee Email Gateway scanning features in action.
It provides step‑by‑step instructions to create and test some sample policies and tells you how to
generate applicable reports.
Contents
Introduction to policies
Encryption
Compliance Settings
Data Loss Prevention settings
Task — Identify quarantined email messages
3Getting started with VMtrialExploring the appliance features
22 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
23/33
Introduction to policiesThe appliance uses policies which describe the actions that the appliance must take against threats
such as viruses, spam, unwanted files, and the loss of confidential information.
Email | Email Policies
Policies are collections of rules or settings that can be applied to specific types of traffic or to groups of
users.
EncryptionThe Encryption pages enable you to set up McAfee Email Gateway to use the supported encryption
methods to securely deliver your email messages.
Email | Encryption
The McAfee Email Gateway includes several encryption methodologies, and can be set up to provideencryption services to the other scanning features, or can be set up as an encryption‑only server used
just to encrypt email messages.
Task — Encrypt all email traffic to a specific customer
A common use of the encryption features is to configure a policy to use encryption for email messages
going to a specific customer.
This group of tasks show how to configure your McAfee Email Gateway so that all email messages
being sent to s specific customer are sent using encryption.
Task — Create a new scanning policy
Learn how to create a new scanning policy.
Your appliance uses the policies you create to scan the email messages sent through the appliance.
You can create multiple policies to control the way different users use email, or to specify different
actions based on specific circumstances.
Task
1 Select Email | Email Policies | Scanning Policies.
2 Select the required protocol using steps in Task — View policies for SMTP, POP3 or McAfee Secure
Web Mail .
3 Click Add policy.
4 In the Scanning Policies — New Policy page, enter the following information:
a Name for the policy.
b Write an optional description for the new policy.
c Specify where the new policy inherits its settings from.
If you have a similar policy already set up, select this to allow its settings to be inherited by the
new policy.
d Choose if the policy is to apply to inbound or outbound email traffic. (SMTP only)
Getting started with VMtrialExploring the appliance features 3
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 23
-
8/18/2019 Meg 7x0 Ig c00 en-us
24/33
e Select the required Match logic for the policy.
f Select the type of rule, how it should match, and the value that the rule tests against.
g If required, add additional rules, and use the and buttons to correctly order the rules.
5 Click OK.
The new policy is added to the top of the list of policies.
Task — Configure the encryption settings
Configure your McAfee Email Gateway to use encryption.
Task
1 Select Email | Encryption | Secure Web Mail | Basic Settings.
2 Select Enable the Secure Web Mail Client.
3 Select Email | Encryption | Secure Web Mail | User Account Settings.
Recipients are automatically enrolled, and receive a digitally signed notification in HTML format. The
administrator chooses whether to do push and/or pull encryption.
4 Select Email | Encryption | Secure Web Mail | Password Management.
The minimum password length is eight characters. The password expires after 365 days.
Task — Enable Encryption for messages matching a compliance rule
Enable the required encryption features on your McAfee Email Gateway for messages that match a
compliance rule.
In this example, email messages that match the HIPAA Compliance rules will be encrypted.
Task
1 Select Email | Email Policies | Compliance.
2 Click Enable compliance, and select Create new rule from template.
3 Search for the HIPAA Compliance rule and select it.
4 Click Next to progress through the wizard.
5 Select the primary action to Allow Through (Monitor).
6 In And also, select Deliver message using encryption.
7 Click Finish, and click OK to close the dialog box.
8 Select Email | Email Policies | Policy Options | Encryption.
9 In When to Encrypt, select Only when triggered from a scanner action.
10 In On box Encryption Options, select Secure Web Mail, and click OK.
11 Apply the changes.
3Getting started with VMtrialExploring the appliance features
24 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
25/33
Compliance SettingsUse this page to create and manage compliance rules.
Email | Email Policies | Compliance | Compliance
Benefits of the compliance settings
Use compliance scanning to assist with conformance to regulatory compliance and corporate operating
compliance. You can choose from a library of predefined compliance rules, or create your own rules
and dictionaries specific to your organization.
Compliance rules can vary in complexity from a straightforward trigger when an individual term within
a dictionary is detected, to building on and combining score‑based dictionaries which will only trigger
when a certain threshold is reached. Using the advanced features of compliance rules, dictionaries can
be combined using logical operations of any of , all of , or except .
Task — Restrict the score contribution of a dictionary term
Use this task to restrict the score contribution of a dictionary term.
Before you begin
This task assumes that your rule includes a dictionary which triggers the action based on a
threshold score, such as the Compensation and Benefits dictionary.
You can restrict how many times a term can contribute to the overall score.
For example, if ’testterm’ within a dictionary has a score of 10 and is seen five times within an email,
it will add 50 to the overall score. Alternatively you can restrict this, for example to contribute only
twice by setting ‘Maximum term count’ to 2.
Task
1 Select Email | Email Policies | Compliance.
2 Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose score
you want to change.
3 In Maximum term count, type the maximum number of times that you want a term to contribute to the
score.
Task — Edit the threshold associated with an existing rule
Use this task to edit the threshold associated with an existing rule.
Before you begin
This task assumes that your rule includes a dictionary which triggers the action based on a
threshold, such as the Compensation and Benefits dictionary.
Task
1 Select Email | Email Policies | Compliance.
2 Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose score
you want to change.
3 In dictionary threshold, type the score on which you want the rule to trigger, and click OK.
Getting started with VMtrialExploring the appliance features 3
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 25
-
8/18/2019 Meg 7x0 Ig c00 en-us
26/33
Task — Create a rule to monitor or block at a threshold
For score‑based dictionaries you might want to monitor triggers that reach a low threshold, and only
block the email when a high threshold is achieved.
Task
1 Select Email | Email Policies | Compliance.
2 Click Create new rule, type a name for it such as Discontent ‑ Low, and click Next.
3 Select the Discontent dictionary, and in Threshold, type 20.
4 Click Next, and Next again.
5 In If the compliance rule is triggered, accept the default action.
6 Click Finish.
7 Repeat steps 2 through 4 to create another new rule but name it Discontent ‑ High and assign it a
threshold of 40.
8 In If the compliance rule is triggered, select Deny connection (Block).
9 Click Finish.
10 Click OK and apply the changes.
Task — Add a dictionary to a rule
Use this task to add a new dictionary to an existing rule.
Task
1 Select Email | Email Policies | Compliance.
2 Expand the rule that you want to edit.
3 Select Add dictionaries.
4 Select the new dictionary that you want to include, and click OK.
Task — Create a complex custom rule
Use this task to create a complex rule that triggers when both Dictionary A and Dictionary B are
detected, except when Dictionary C is also detected.
Task
1 Select Email | Email Policies | Scanning Policies and select Compliance.
2 In the Default Compliance Settings dialog box, click Yes to enable the policy.
3 Click Create new rule to open the Rule Creation Wizard.
4 Type a name for the rule, and click Next.
5 Select two dictionaries to include in the rule, and click Next.
6 Select a dictionary that you want to exclude from the rule in the exclusion list.
7 Select the action that you want to take place if the rule triggers.
8 From the And conditionally drop‑down list, select All, and click Finish.
3Getting started with VMtrialExploring the appliance features
26 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
27/33
Task — Create a simple custom rule
Use this task to create a simple custom rule that blocks messages that contain social security
numbers.
Task
1 Select Email | Email Policies | Compliance.
2 In the Default Compliance Settings dialog box, click Yes to enable the policy.
3 Click Create new rule to open the Rule Creation Wizard.
4 Type a name for the rule, and click Next.
5 In the Search field, type social.
6 Select the Social Security Number dictionary, and click Next twice.
7 Select the Deny connection (Block) action, and click Finish.
Task — Block messages that violate a policy
Use this to task to block messages that violate a threatening language policy.
Task
1 Select Email | Email Policies | Compliance.
2 In the Default Compliance Settings dialog box, click Yes to enable the policy.
3 Click Create new rule from template to open the Rule Creation Wizard.
4 Select the Acceptable Use Threatening Language policy, and click Next.
5 Optionally change the name of the rule, and click Next.
6 Change the primary action to Deny connection (Block), and click Finish.
7 Click OK and apply the changes.
Data Loss Prevention settingsUse this page to create a policy that assigns data loss prevention actions against the registered
document categories.
Email | Email Policies | Compliance | Data Loss Prevention
Benefits of using Data Loss Prevention (DLP)
You can choose to restrict the flow of sensitive information sent in email messages by SMTP throughthe appliance using the Data Loss Prevention feature. For example, by blocking the transmission of a
sensitive document such as a financial report that is to be sent outside of your organization. Detection
occurs whether the original document is sent as an email attachment, or even as just a section of text
taken from the original document.
Configuring DLP takes place in two phases:
Getting started with VMtrialExploring the appliance features 3
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 27
-
8/18/2019 Meg 7x0 Ig c00 en-us
28/33
• Registering the documents that you want to protect
• Setting the DLP policy to action, and control the detection (this topic)
If an uploaded registered document contains embedded documents, their content is also fingerprinted
so the combined content is used when calculating the percentage match at scan time. To have
embedded documents treated individually, they must be registered separately.
Task — Prevent a sensitive document from being leaked
Use this task to block sensitive financial documents from being sent outside your organization.
Before you begin
This example assumes that you have already created a Finance category.
Task
1 Select Email | Email Policies | Compliance | Data Loss Prevention.
2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.
3 Click Create new rule, select the Finance category, and click OK to have the category appear in the Ruleslist.
4 Select the action associated with the category, change the primary action to Deny connection (Block),
and click OK.
5 Click OK again, and apply the changes.
Task — Block a section of the document
Use this task to block just a small section of the document from being sent outside your organization.
Task
1 Select Email | Email Policies | Compliance | Data Loss Prevention.
2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.
3 Enable the consecutive signatures setting, and type the number of consecutive signatures against
which the DLP policy will trigger a detection. The level is set to 10 by default.
4 Click Create new rule, select the Finance category, and click OK to have the category appear in the
Rules list.
5 Select the action associated with the category, change the primary action to Deny connection (Block),
and click OK.
6 Click OK again, and apply the changes.
Task — Exclude a specific document for a policyUse this task to prevent a specific financial document from triggering the DLP policy settings.
Task
1 Select Email | Email Policies | Compliance | Data Loss Prevention.
2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy.
3 Click Create document exclusion, select the document you want to ignore for this policy, and click OK.
4 Click OK again, and apply the changes.
3Getting started with VMtrialExploring the appliance features
28 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
29/33
Task — Identify quarantined email messagesUse this task to discover which email messages have been quarantined by your McAfee Email Gateway
Appliance.
To view a list of all messages that have been quarantined:
Task
1 Click Reports | Message Search.
2 Select Quarantined from the Message status drop‑down list.
3 Click Search/Refresh.
All messages that have been quarantined are displayed in the lower part of the page.
Tasks
• Task — Refine the search on page 29
• Task — View a specific email message on page 29
• Task — Release a quarantined email message on page 30
After viewing the email message that has been quarantined, you may want to release the
message from Quarantine. This task allows you to do this.
Task — Refine the search
You can further refine your search for quarantined email messages to show only those that have been
quarantined due to specific triggers. In this example, to find those email messages quarantined due to
compliance issues:
Task
1 Complete the steps in Task — Find out which email messages are quarantined .
2 Select Compliance from the Category drop‑down list.
3 Click Search/Refresh.
The lower part of the screen is refreshed to show only the messages that have been quarantined due
to compliance issues.
Task — View a specific email message
You can view the content of a quarantined email message.
Task
1 Complete the steps in Task — Refine the search.
2 Select the relevant quarantined message using the checkbox to the left of the page.
3 Click View Message.
The selected message is displayed in a new window. From this window, you can view the content of
the email message. You can also choose to view the detailed email header information. After you have
viewed the message, by clicking the relevant buttons, you can choose further actions to perform on
the email message.
Getting started with VMtrialExploring the appliance features 3
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 29
-
8/18/2019 Meg 7x0 Ig c00 en-us
30/33
Task — Release a quarantined email message
After viewing the email message that has been quarantined, you may want to release the message
from Quarantine. This task allows you to do this.
To release a selected message from quarantine:
Task
1 Complete the steps in Task — View a specific email message.
2 Click Release Selected.
The selected email message is released from quarantine.
Email messages that contain viral content cannot be released from quarantine, as to do so would risk
causing damage to your systems.
3Getting started with VMtrialExploring the appliance features
30 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
31/33
Index
B
benefits of data loss prevention 27
benefits of DLP 27
C
cluster configuration
statistics 17
compliance 25
Compliance
benefits of 25
scanning for 25
configuration change messages 17
configure the virtual appliance 14
D
Dashboard 17
data loss prevention
benefits 27
data loss prevention (DLP) 27
detections
rates and statistics 17dictionaries
adding to policies 25
editing scores and terms 25
DLP
benefits 27
DLP (data loss prevention) 27
E
email generator 20
email policies
compliance 25
email queues 17
email status 17
encryption 23
environment
supported platforms 5
F
feature descriptions 6
G
graphs
email and network statistics 17
I
installation
configure the virtual appliance 14
M
McAfee Global Threat Intelligence 17
N
network status 17
P
policies
introduction to 23
status 17
product features 6
S
Scanning
for compliance 25
statistics
Dashboard 17
supported platforms 5
T
test email generator 20
benefits 20
threat feedback 17
V
virtual appliance
initial configuration 14
virtual platforms
supported 5
W
warning messages
Dashboard 17
McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide 31
-
8/18/2019 Meg 7x0 Ig c00 en-us
32/33
web policies
compliance 25
Index
32 McAfee® Email Gateway 7.x VMtrial Appliances Installation Guide
-
8/18/2019 Meg 7x0 Ig c00 en-us
33/33