Installation Guide Revision B. McAfee Gateway 7.x Virtual Appliances

Save this PDF as:

Size: px
Start display at page:

Download "Installation Guide Revision B. McAfee Email Gateway 7.x Virtual Appliances"

Transcription

1 Installation Guide Revision B McAfee Gateway 7.x Virtual Appliances

2 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Gateway 7.x Virtual Appliances Installation Guide

3 Contents Preface 5 About this guide Audience Conventions How to use this guide Find product documentation Introduction to McAfee Gateway Virtual Appliance 9 What you get in the download package Preparing to install 11 Inappropriate use Considerations about network modes Explicit proxy mode Transparent bridge mode Transparent router mode VMware vsphere network configuration Deployment strategies for using the device in a DMZ SMTP configuration in a DMZ System requirements Sample installation scenarios Running the virtual appliance as the only virtual machine on the host Running the virtual appliance with other virtual machines Installing the McAfee Gateway Virtual Appliance 25 Overview of the virtual appliance installation process Installation best practices Convert from a VMtrial installation Download the installation software Install the appliance on VMware vsphere Improve performance on VMware vsphere Configure the virtual appliance Using the Configuration Console Performing a Standard Setup Performing a Custom Setup Restoring from a file epolicy Orchestrator Managed Setup Encryption Only Setup A tour of the Dashboard 33 The Dashboard Benefits of using the Dashboard Dashboard portlets Testing the configuration 37 McAfee Gateway 7.x Virtual Appliances Installation Guide 3

4 Contents Test connectivity Update the DAT files Test mail traffic and virus detection Test spam detection Exploring the appliance features 39 Introduction to policies Encryption Identify quarantined messages Compliance Settings Data Loss Prevention settings Additional Configuration Options 47 Upgrading to the latest version of McAfee Gateway Virtual Appliance Change the default Power Off and Reset actions Configure the shutdown and restart option Index 51 4 McAfee Gateway 7.x Virtual Appliances Installation Guide

5 Preface This guide provides the information you need to install your McAfee product. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Conventions This guide uses these typographical conventions and icons. Book title, term, emphasis Bold User input, code, message Interface text Hypertext blue Title of a book, chapter, or topic; a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; a code sample; a displayed message. Words from the product interface like options, menus, buttons, and dialog boxes. A link to a topic or to an external website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee Gateway 7.x Virtual Appliances Installation Guide 5

6 Preface About this guide Graphical conventions Use this information to understand the graphical symbols used within this document. Virtual Appliance Internet or external networks Mail Server Other servers (such as DNS servers) User or client computer Router Switch Firewall Network zone (DMZ or VLAN) Network Actual data path Perceived data path Definition of terms used in this guide Understand some of the key terms used in this document. Term demilitarized zone (DMZ) DAT files operational mode policy Reputation Service check Definition A computer host or small network inserted as a buffer between a private network and the outside public network to prevent direct access from outside users to resources on the private network. Detection definition (DAT) files, also called signature files, containing the definitions that identify, detect, and repair viruses, Trojan horses, spyware, adware, and other potentially unwanted programs (PUPs). Three operating modes for the product: explicit proxy mode, transparent bridge mode, and transparent router mode. A collection of security criteria, such as configuration settings, benchmarks, and network access specifications, that defines the level of compliance required for users, devices, and systems that can be assessed or enforced by a McAfee security application. Part of sender authentication. If a sender fails the Reputation Service check, the appliance is set to close the connection and deny the message. The sender's IP address is added to a list of blocked connections and is automatically blocked in future at the kernel level. 6 McAfee Gateway 7.x Virtual Appliances Installation Guide

7 Preface Find product documentation How to use this guide This topic gives a brief summary of the information contained within this document. This guide helps you to: Plan and perform your installation. Become familiar with the interface. Test that the product functions correctly. Apply the latest detection definition files. Explore some scanning policies, create reports, and get status information. Troubleshoot basic issues. You can find additional information about the product's scanning features in the online help within the product and in the latest version of the McAfee Gateway Administrators Guide. Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. 1 Go to the McAfee Technical Support ServicePortal at 2 Under Self Service, access the type of information you need: To access... User documentation Do this... 1 Click Product Documentation. 2 Select a product, then select a version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. McAfee Gateway 7.x Virtual Appliances Installation Guide 7

8 Preface Find product documentation 8 McAfee Gateway 7.x Virtual Appliances Installation Guide

9 1 Introduction to McAfee Gateway Virtual Appliance McAfee Gateway Virtual Appliance delivers comprehensive, enterprise class protection against threats. McAfee Gateway Virtual Appliance works in the following virtual environments: VMware vsphere 4.x or higher VMware vsphere Hypervisor (ESXi) 4.x or higher What you get in the download package The McAfee Gateway Virtual Appliance is supplied in a zip file that contains the software installation files and installation documents to install the virtual appliance on VMware vsphere 4.x. The download package does not contain the VMware product installation files. If you do not already have your virtual software set up, go to the VMware website ( to purchase VMware vsphere, or VMware vsphere Hypervisor (ESXi). McAfee Gateway 7.x Virtual Appliances Installation Guide 9

10 1 Introduction to McAfee Gateway Virtual Appliance What you get in the download package 10 McAfee Gateway 7.x Virtual Appliances Installation Guide

11 2 Preparing 2 to install To ensure the safe operation of your McAfee Gateway Virtual Appliance, consider the following before you begin the installation. Familiarize yourself with its operational modes and capabilities. It is important that you choose a valid configuration. Decide how to integrate the appliance into your network and determine what information you need before you start. For example, the name and IP address for the device. Contents Inappropriate use Considerations about network modes Deployment strategies for using the device in a DMZ System requirements Sample installation scenarios Inappropriate use Use this information to avoid using this product inappropriately. McAfee Gateway Virtual Appliance is: Not a firewall You must use it within your organization behind a correctly configured firewall. Not a server for storing extra software and files Do not install any software on the device or add any extra files to it unless instructed by the product documentation or your support representative. The device cannot handle all types of traffic. If you use explicit proxy mode, only protocols that are to be scanned should be sent to the device. Considerations about network modes Use this information to gain an understanding of the operational (or network) modes in which the device can operate. Before you configure your McAfee Gateway, you must decide which network mode to use. The mode you choose determines how you physically connect your VMware ESX host to your network. Different modes also have an impact on your vswitch configuration to which your virtual appliance will be connected to. Running the virtual appliance in explicit proxy mode requires the least amount of configuration on your VMware ESX host and is easier to set up. To installing the virtual appliance in either of the transparent modes, other considerations must be made. All necessary ESX configuration steps for either of the modes are described below. McAfee Gateway 7.x Virtual Appliances Installation Guide 11

12 2 Preparing to install Considerations about network modes You can choose from the following network modes: Explicit proxy mode The virtual appliance acts as a proxy server and a mail relay. Transparent router mode The virtual appliance acts as a router. Transparent bridge mode The virtual appliance acts as an Ethernet bridge. If you are still unsure about the mode to use after reading this and the following sections, consult your network expert. Explicit proxy mode Use this information to better understand explicit proxy mode on your McAfee Gateway. In explicit proxy mode, some network devices must be set up explicitly to send traffic to the device. The device then works as a proxy or relay, processing traffic on behalf of the devices. Figure 2-1 Explicit proxy mode apparent data path Explicit proxy mode is best suited to networks where client devices connect to the device through a single upstream and downstream device. This might not be the best option if several network devices must be reconfigured to send traffic to the device. Network and device configuration If the device is set to explicit proxy mode, you must explicitly configure your internal mail server to relay traffic to the device. The device scans the traffic before forwarding it, on behalf of the sender, to the external mail server. The external mail server then forwards the message to the recipient. In a similar way, the network must be configured so that incoming messages from the Internet are delivered to the device, not the internal mail server. The device scans the traffic before forwarding it, on behalf of the sender, to the internal mail server for delivery, as shown. For example, an external mail server can communicate directly with the device, although traffic might pass through several network servers before reaching the device. The perceived path is from the external mail server to the device. Protocols To scan a supported protocol, you must configure your other network servers or client computers to route that protocol through the device, so that no traffic bypasses the device. Firewall rules Explicit proxy mode invalidates any firewall rules set up for client access to the Internet. The firewall sees only the physical IP address information for the device, not the IP addresses of the clients, so the firewall cannot apply its Internet access rules to the clients. 12 McAfee Gateway 7.x Virtual Appliances Installation Guide

13 Preparing to install Considerations about network modes 2 Ensure that your firewall rules are updated. The firewall must accept traffic from McAfee Gateway, but must not accept traffic that comes directly from the client devices. Set up firewall rules to prevent unwanted traffic entering your organization. Where to place the device Configure the network devices so that traffic needing to be scanned is sent to the McAfee Gateway. This is more important than the location of the McAfee Gateway. The router must allow all users to connect to the McAfee Gateway. Figure 2-2 Positioning in Explicit proxy mode The McAfee Gateway must be positioned inside your organization, behind a firewall, as shown in Figure 6: Explicit proxy configuration. Typically, the firewall is configured to block traffic that does not come directly from the device. If you are unsure about your network s topology and how to integrate the device, consult your network expert. Use this configuration if: The device is operating in explicit proxy mode. You are using (SMTP). For this configuration, you must: Configure the external Domain Name System (DNS) servers or Network Address Translation (NAT) on the firewall so that the external mail server delivers mail to the device, not to the internal mail server. Configure the internal mail servers to send messages to the device. That is, the internal mail servers must use the device as a smart host. Ensure that your client devices can deliver messages to the mail servers within your organization. Ensure that your firewall rules are updated. The firewall must accept traffic from the device, but must not accept traffic that comes directly from the client devices. Set up rules to prevent unwanted traffic entering your organization. McAfee Gateway 7.x Virtual Appliances Installation Guide 13

14 2 Preparing to install Considerations about network modes Transparent bridge mode Use this information to better understand Transparent bridge mode on your McAfee Gateway. In transparent bridge mode, the communicating servers are unaware of the device the device s operation is transparent to the servers. Figure 2-3 Transparent bridge mode apparent data path In the figure, the external mail server (A) sends messages to the internal mail server (C). The external mail server is unaware that the message is intercepted and scanned by the device (B). The external mail server seems to communicate directly with the internal mail server the path is shown as a dotted line. In reality, traffic might pass through several network devices and be intercepted and scanned by the device before reaching the internal mail server. What the device does in transparent bridge mode In transparent bridge mode, the device connects to your network using the LAN1 and LAN2 ports. The device scans the traffic it receives, and acts as a bridge connecting two network segments, but treats them as a single logical network. Configuration in transparent bridge mode Transparent bridge mode requires less configuration than transparent router and explicit proxy modes. You do not need to reconfigure all your clients, default gateway, MX records, Firewall NAT or mail servers to send traffic to the device. Because the device is not a router in this mode, you do not need to update a routing table. Where to place the device when using transparent bridge mode For security reasons, you must use the device inside your organization, behind a firewall. Figure 2-4 Positioning in Transparent bridge mode In transparent bridge mode, position the device between the firewall and your router, as shown. In this mode, you physically connect two network segments to the device, and the device treats them as one logical network. Because the devices firewall, device, and router are on the same logical network, they must all have compatible IP addresses on the same subnet. 14 McAfee Gateway 7.x Virtual Appliances Installation Guide

15 Preparing to install Considerations about network modes 2 Devices on one side of the bridge (such as a router) that communicate with devices on the other side of the bridge (such as a firewall) are unaware of the bridge. They are unaware that traffic is intercepted and scanned, therefore the device is said to operate as a transparent bridge. Figure 2-5 Network structure Transparent bridge mode Transparent router mode Use this information to better understand Transparent router mode on your McAfee Gateway. In transparent router mode, the device scans traffic between two networks. The device has one IP address for outgoing scanned traffic, and must have one IP address for incoming traffic. The communicating network servers are unaware of the intervention of the device the device s operation is transparent to the devices. What the device does in transparent router mode In transparent router mode, the device connects to your networks using the LAN1 and LAN2 ports. The device scans the traffic it receives on one network, and forwards it to the next network device on a different network. The device acts as a router, routing the traffic between networks, based on the information held in its routing tables. Configuration in transparent router mode Using transparent router mode, you do not need to explicitly reconfigure your network devices to send traffic to the device. You need only configure the routing table for the device, and modify some routing information for the network devices on either side of it (the devices connected to its LAN1 and LAN2 ports). For example, you might need to make the device your default gateway. McAfee Gateway 7.x Virtual Appliances Installation Guide 15

16 2 Preparing to install Considerations about network modes In transparent router mode, the device must join two networks. The device must be positioned inside your organization, behind a firewall. Transparent router mode does not support Multicast IP traffic or non IP protocols, such as NETBEUI and IPX. Firewall rules In transparent router mode, the firewall connects to the physical IP address for the LAN1/LAN2 connection to the management blade. Where to place the device Use the device in transparent router mode to replace an existing router on your network. If you use transparent router mode and you do not replace an existing router, you must reconfigure part of your network to route traffic correctly through the device. Figure 2-6 Network structure Transparent bridge mode You need to: Configure your client devices to point to the default gateway. Configure the device to use the Internet gateway as its default gateway. Ensure your client devices can deliver messages to the mail servers within your organization. VMware vsphere network configuration This group of tasks presents how to prepare your vswitch configuration for each of the operating modes available. 16 McAfee Gateway 7.x Virtual Appliances Installation Guide

17 Preparing to install Considerations about network modes 2 Configure VMware vsphere for an explicit proxy mode installation Use this task to configure VMware vsphere to install the virtual appliance in the explicit proxy mode. Before you begin Ensure that you have at least two different physical interfaces available on your VMware ESX host. A third interface can be used for out of band management. For best performance, McAfee recommends that the interfaces used by the McAfee Gateway Virtual Appliance virtual machine are not shared with any other virtual machine on this VMware ESX host. Before you begin to install the virtual appliance, ensure that you have vswitches created to which LAN 1 and LAN 2 of the virtual appliance can connect, and that they have the correct configuration. When importing the McAfee Gateway Virtual Appliance.OVA file ensure that the LAN 1 interface is connected to your first vswitch and that the LAN 2 interface is connected to your second vswitch. You must create identical vswitches on each host in the High Availability (HA) cluster if vmotion is in use. 1 Log on to your vsphere client. 2 In the Hosts and Clusters view, select the host on the left on which you are planning to install the virtual appliance. 3 On the right hand side, select Configuration. 4 Click Networking. 5 Click Add Networking. 6 In the Add Network Wizard, select Virtual Machine, and click Next. 7 Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1 connection of your virtual appliance, and click Next. 8 Type a label for your new network, such as MEG LAN 1. 9 Click Next, then click Finish. 10 Repeat steps 5 10 to add a second vswitch for your LAN 2 interface. Configure VMware vsphere for a transparent bridge mode installation Use this task to configure VMware vsphere to install the virtual appliance in a transparent bridge mode. Before you begin Ensure that you have at least two different physical interfaces available on your VMware ESX host. The two interfaces used for the bridge must be connected to different broadcast domains to avoid network loops and cause severe disruption in your network. A third interface can be used for out of band management. McAfee Gateway 7.x Virtual Appliances Installation Guide 17

18 2 Preparing to install Considerations about network modes For best performance, McAfee recommends that the interfaces used by the bridge are dedicated to the McAfee Gateway Virtual Appliance virtual machine and not shared with any other virtual machine on this VMware ESX host. Before you begin to install the virtual appliance, ensure that you have vswitches created to which LAN 1 and LAN 2 of the virtual appliance can connect, and that they have the correct configuration. When importing the McAfee Gateway Virtual Appliance.OVA file make sure that the LAN 1 interface is connected to your first vswitch and that the LAN 2 interface is connected to your second vswitch. You must create identical vswitches on each host in the High Availability (HA) cluster if vmotion is in use. 1 Log on to your vsphere client. 2 In the Hosts and Clusters view, select the host on the left on which you are planning to install the virtual appliance. 3 On the right hand side, select Configuration. 4 Click Networking. 5 Click Add Networking. 6 In the Add Network Wizard, select Virtual Machine, and click Next. 7 Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1 connection of your virtual appliance, and click Next. 8 Type a label for your new network, such as MEG LAN 1. By default, VMware ESX removes VLAN tags. To have the virtual appliance see VLAN tagged traffic (for example, to create specific policies per VLAN) you have to enable Virtual Guest Tagging. To do so, see VMware Knowledge Base article Click Next, then click Finish. 10 Scroll down on the page to the virtual switch you just created, and click Properties. 11 In vswitch Properties, double click the vswitch entry in the list on the left hand side. 12 Click Security. 13 In Promiscuous Mode, change the value to Accept and click OK. 14 Click Close. 15 Repeat steps 5 14 to add a second vswitch for your LAN 2 interface. The second vswitch has to be connected to a different physical interface, which is connected to a different broadcast domain on your network than the interface used for your first vswitch. 18 McAfee Gateway 7.x Virtual Appliances Installation Guide

19 Preparing to install Deployment strategies for using the device in a DMZ 2 Configure VMware vsphere for a transparent router mode installation Use this task to configure VMware vsphere to install the virtual appliance in a transparent router mode. Before you begin Ensure that you have at least two different physical interfaces available on your VMware ESX host. A third interface can be used for out of band management. For best performance, McAfee recommends that the interfaces used by the McAfee Gateway Virtual Appliance virtual machine are not shared with any other virtual machine on this VMware ESX host. Before you begin to install the virtual appliance, ensure that you have vswitches created to which LAN 1 and LAN 2 of the virtual appliance can connect, and that they have the correct configuration. When importing the McAfee Gateway Virtual Appliance.OVA file ensure that the LAN 1 interface is connected to your first vswitch and that the LAN 2 interface is connected to your second vswitch. You must create identical vswitches on each host in the High Availability (HA) cluster if vmotion is in use. 1 Log on to your vsphere client. 2 In the Hosts and Clusters view, select the host on the left on which you are planning to install the virtual appliance. 3 On the right hand side, select Configuration. 4 Click Networking. 5 Click Add Networking. 6 In the Add Network Wizard, select Virtual Machine, and click Next. 7 Select Create a virtual switch, and select the physical interface that you would like to use for the LAN1 connection of your virtual appliance, and click Next. 8 Type a label for your new network, such as MEG LAN 1. 9 Click Next, then click Finish. 10 Repeat steps 5 10 to add a second vswitch for your LAN 2 interface. The second vswitch has to be connected to a different physical interface than the interface used for your first vswitch. Deployment strategies for using the device in a DMZ Use this information to understand about demilitarized zones within your network, and how to use them to protect your servers. A demilitarized zone (DMZ) is a network separated by a firewall from all other networks, including the Internet and other internal networks. The typical goal behind the implementation of a DMZ is to lock down access to servers that provide services to the Internet, such as . McAfee Gateway 7.x Virtual Appliances Installation Guide 19

20 2 Preparing to install Deployment strategies for using the device in a DMZ Hackers often gain access to networks by identifying the TCP/UDP ports on which applications are listening for requests, then exploiting known vulnerabilities in applications. Firewalls dramatically reduce the risk of such exploits by controlling access to specific ports on specific servers. The device can be added easily to a DMZ configuration. The way you use the device in a DMZ depends on the protocols you intend to scan. SMTP configuration in a DMZ Use this information to understand how to configure SMTP devices within a demilitarized zone on your network. The DMZ is a good location for encrypting mail. By the time the mail traffic reaches the firewall for the second time (on its way from the DMZ to the Internet), it has been encrypted. Devices which scan SMTP traffic in a DMZ are usually configured in explicit proxy mode. Configuration changes need only be made to the MX records for the mail servers. NOTE: You can use transparent bridge mode when scanning SMTP within a DMZ. However, if you do not control the flow of traffic correctly, the device scans every message twice, once in each direction. For this reason, explicit proxy mode is usually used for SMTP scanning. Mail relay Figure 2-7 Configuring as a mail relay If you have a mail relay already set up in your DMZ, you can replace the relay with the device. To use your existing firewall policies, give the device the same IP address as the mail relay. Mail gateway SMTP does not provide methods to encrypt mail messages you can use Transport Layer Security (TLS) to encrypt the link, but not the mail messages. As a result, some companies do not allow such traffic on their internal network. To overcome this, they often use a proprietary mail gateway, such as Lotus Notes or Microsoft Exchange, to encrypt the mail traffic before it reaches the Internet. 20 McAfee Gateway 7.x Virtual Appliances Installation Guide

21 Preparing to install System requirements 2 To implement a DMZ configuration using a proprietary mail gateway, add the scanning device to the DMZ on the SMTP side of the gateway. Figure 2-8 Configuring as a mail gateway In this situation, configure: The public MX records to instruct external mail servers to send all inbound mail to the device (instead of the gateway). The device to forward all inbound mail to the mail gateway, and deliver all outbound mail using DNS or an external relay. The mail gateway to forward all inbound mail to the internal mail servers and all other (outbound) mail to the device. The firewall to allow inbound mail that is destined for the device only. Firewalls configured to use Network Address Translation (NAT), and that redirect inbound mail to internal mail servers, do not need their public MX records reconfigured. This is because they are directing traffic to the firewall rather than the mail gateway itself. In this case, the firewall must instead be reconfigured to direct inbound mail requests to the device. System requirements Use this information to ensure that your host computer adheres to the system requirements for whichever VMware virtual environment you choose. See the VMware Knowledge Base article available from to get the minimum system requirements for VMware ESX or VMware ESXi 4.x. You need a computer that has a 64bit x86 CPU. McAfee Gateway 7.x Virtual Appliances Installation Guide 21

22 2 Preparing to install Sample installation scenarios Additionally, ensure that the virtual machine where you will run meets the following minimum system requirements: Item Processor Available virtual memory Free hard disk space Specification Two virtual processors 2 GB 80 GB If you plan to install McAfee Gateway Virtual Appliance in transparent bridge mode, you need to have two external network interfaces on your physical VMware ESX host which are connected to different broadcast domains. For best performance, McAfee recommends that these two interfaces are not shared with any other virtual machines on the same physical host. Connecting both interfaces of a bridge to the same broadcast domain creates an STP loop in your network which can cause network outages. Sample installation scenarios This section contains information about installing the virtual appliance in different server configurations. 22 McAfee Gateway 7.x Virtual Appliances Installation Guide

23 Preparing to install Sample installation scenarios 2 Running the virtual appliance as the only virtual machine on the host A possible single server deployment of the virtual appliance on your chosen VMware virtual environment. VMware vsphere or VMware vsphere Hypervisor are dedicated servers to the virtual appliance. Their hardware specification must exceed the minimum hardware requirements outlined in the McAfee Gateway Performance Data Guidelines. This example assumes you are installing the virtual appliance in the recommended explicit proxy mode. Figure 2-9 Single server deployment McAfee Gateway 7.x Virtual Appliances Installation Guide 23

24 2 Preparing to install Sample installation scenarios Running the virtual appliance with other virtual machines A possible deployment of the McAfee Gateway Virtual Appliance on your chosen virtual environment alongside other virtual machines. In this example, one VMware host is responsible for the virtual appliance as well as other virtual machines, all of which run on the same hardware. Refer to the VMware website for information on building a resource pool dedicated to the virtual appliance. The resource pool must also have the minimum levels of CPU and memory allocated to it as stated in the McAfee Gateway Performance Data Guidelines. This example assumes you are installing the virtual appliance in the recommended explicit proxy mode. Figure 2-10 Multiple server deployment 24 McAfee Gateway 7.x Virtual Appliances Installation Guide

25 3 Installing the McAfee Gateway Virtual Appliance This information helps you to set up your virtual environment and install the McAfee Gateway Virtual Appliance. Contents Overview of the virtual appliance installation process Installation best practices Convert from a VMtrial installation Download the installation software Install the appliance on VMware vsphere Improve performance on VMware vsphere Configure the virtual appliance Using the Configuration Console Overview of the virtual appliance installation process This information provides a short overview of the steps needed to install the virtual appliance. McAfee recommends that you install the virtual appliance in the following order: 1 Install your chosen VMware product. 2 Download the virtual appliance installation files. 3 Install the virtual appliance on the virtual environment. 4 Complete the graphical configuration wizard. 5 Log on to the virtual appliance. 6 Test the configuration. 7 Enable protocols. Installation best practices This information gives some important considerations to your installation on VMware vsphere. McAfee recommends that you read and act upon this information before you start the installation process. McAfee Gateway 7.x Virtual Appliances Installation Guide 25

26 3 Installing the McAfee Gateway Virtual Appliance Convert from a VMtrial installation The virtual appliance is easiest to set up and maintain when it runs in the default explicit proxy operating mode. Familiarize yourself with the information about creating clusters and resource pools. See the VMware website Use a Storage Area Network (SAN) rather than a Network File System (NFS) share to achieve optimal performance. If you run the virtual appliance in either of the transparent modes: The VMware Distributed Resource Scheduler (DRS) and High Availability (HA) features may cause network interruptions if a failover takes place. Ensure that the virtual appliance NICs do not link to the same broadcast domain and that their IP addresses are not in the same subnet to avoid network loops. Ensure that each network adapter on the virtual appliance is connected to a different physical network on the host computer. You will need at least three NICs in your VMware host. The virtual appliance needs two NICs and VMware recommend a dedicated NIC for the Service Console. Convert from a VMtrial installation Use this task to migrate any configuration settings from a McAfee Gateway Appliance (VMtrial) installation to the McAfee Gateway Virtual Appliance. 1 From your VMtrial installation, select System System Administration Configuration Management. 2 Click Backup Configuration to save the configuration details. 3 Install the McAfee Gateway Virtual Appliance software onto your chosen virtual environment. 4 Log on, and open the McAfee Gateway Virtual Appliance software. 5 Select System System Administration Configuration Management, and click Restore From File. You can also access restore configuration options from System Setup Wizard. 6 Browse to the VMtrial configuration file you want to restore and click Open. 7 Select the parts of the file that you want to restore and click OK. 8 Check that the settings were imported successfully and apply the changes. Download the installation software Use this task to download the most up to date version of the McAfee Gateway software. Before you begin Read your product installation guide. Get the McAfee grant ID number that you received when you purchased McAfee Gateway. 26 McAfee Gateway 7.x Virtual Appliances Installation Guide

27 Installing the McAfee Gateway Virtual Appliance Install the appliance on VMware vsphere 3 McAfee provides the software as an OVA file for installing onto virtual environments. 1 Go to the McAfee website Hover your cursor over your business type and click Downloads. 2 From My Products Downloads, click Login. 3 Type the McAfee grant ID number that you received when you purchased McAfee Gateway, and click Submit. 4 From the list of products, select Gateway. 5 Agree to the license terms, select the latest version and download it. McAfee recommends that you read the Release Notes that accompany the software image before you continue with the installation. Install the appliance on VMware vsphere Use this task to install McAfee Gateway Virtual Appliance onto a host computer running VMware vsphere 4 or VMware vsphere Hypervisor (ESXi) 4.0. Before you begin Ensure that you have configured VMware vsphere to work with your chosen operational mode. Download the McAfee Gateway Virtual Appliance package from the McAfee download site and extract it to a location where the VMware vsphere Client can see it. Install a fully licensed copy of VMware vsphere 4 or VMware vsphere Hypervisor (ESXi) 4. If you used the VMtrial product to test the software, you can save your VMtrial configuration and restore it onto the virtual appliance when the installation is complete. 1 Start the VMware vsphere Client application. 2 Log on to the VMware vsphere server, or the vcenter Server. 3 From the Inventory list, select the host or cluster onto which you want to import the virtual appliance software. 4 Click File Deploy OVF Template Deploy From File, and click Browse to go to where downloaded the.ova file. 5 Select McAfee MEG 7.x <build_number>.vmbuy.ova file, and click Open. 6 Click Next twice, and optionally type a new name. 7 Select the resource pool that you want to use if you have any configured. 8 Select the datastore that you want to use, and click Next. 9 Select the virtual networks to which the virtual appliance NICs will be connected. McAfee Gateway 7.x Virtual Appliances Installation Guide 27

28 3 Installing the McAfee Gateway Virtual Appliance Improve performance on VMware vsphere 10 Define the size of the data storage disk to increase the space allocated for quarantined, deferred, and logged items. You cannot set a disk size smaller than the default 40GB. 11 Click Next, read the summary, then click Finish and wait for the import process to finish. Improve performance on VMware vsphere Use this task to potentially improve system performance in VMware vsphere environments by changing the default hard disk, network adapter, memory, and CPU settings. 1 To edit the hard disk settings: a Check that the virtual machine is shut down. b Right click the virtual appliance in the Inventory list, and click Edit Settings. In the Virtual Machine Properties dialog box, there are three hard disks available to the virtual appliance: Hard disk 1 holds the virtual appliance installation files, and must not be removed or changed. Hard disk 2 is the main hard disk used by the virtual appliance. You can increase its size but McAfee recommends that you do not reduce it. Hard disk 3 will hold the temporary swap space of the virtual appliance. Putting the second and third hard disks on two separate datastores can potentially improve performance. 2 To edit the memory and virtual CPU settings: Check that the virtual machine is shut down. Right click the virtual appliance in the Inventory list, and click Edit Settings. In the Virtual Machine Properties dialog box, change the settings as necessary. McAfee recommends that you do not reduce the settings to less than the default settings or the recommended virtual appliance system requirements. After the appliance is installed, the disk size cannot be changed. Configure the virtual appliance Use this task to configure the virtual appliance. Before you begin Ensure your virtual environment is installed and running correctly. 28 McAfee Gateway 7.x Virtual Appliances Installation Guide

29 Installing the McAfee Gateway Virtual Appliance Using the Configuration Console 3 1 Start the virtual appliance. The installation starts automatically. 2 Read the End User License Agreement to continue with the installation, then click y to accept it and start the installation. 3 At the installation menu, select a to perform a full installation and y to continue. 4 When the installation is complete, the virtual appliance restarts. 5 On the Welcome screen, choose the language that you want to use. 6 Accept the terms of the license agreement. 7 Configure the virtual appliance from the graphical configuration wizard. 8 Apply the configuration to the virtual appliance. Depending on the settings you entered, it might restart. You can install the virtual appliance on more than one VMware vsphere, VMware vsphere Hypervisor, or VMware Player server. To do so: a Follow the steps in this task on another VMware vsphere, VMware vsphere Hypervisor, or VMware Player server. b c Return to the previously installed virtual appliance user interface. Select System System Administration Configuration Push to send the configuration details to the second virtual appliance. Using the Configuration Console Understand how to use the configuration console to set up your McAfee Gateway. You can configure your McAfee Gateway either from the Configuration Console, or from the Setup Wizard within the user interface. The Configuration Console launches automatically at the end of the startup sequence after either: an unconfigured McAfee Gateway starts, or an McAfee Gateway is reset to its factory defaults. When launched, the Configuration Console provides you with options to either configure your device in your preferred language from the McAfee Gateway console, or provides instructions for you to connect to the Setup Wizard within the user interface from another computer on the same class C (/24) subnet. Both methods provide you with the same options to configure your McAfee Gateway. From the Configuration Console, you can configure a new installation of the appliance software. However, to configure your appliance using a previously saved configuration file, you need to log onto the appliance user interface, and run (System Setup Wizard). This version of the software also introduces automatic configuration using DHCP for the following parameters: Host name DNS server Domain name Leased IP address Default gateway NTP server McAfee Gateway 7.x Virtual Appliances Installation Guide 29

30 3 Installing the McAfee Gateway Virtual Appliance Using the Configuration Console Further information about each page of the Configuration Console and the Setup Wizard is available on screen. Performing a Standard Setup Use this information to understand the purpose of the Standard Setup. Standard Setup enables you to quickly set up your McAfee Gateway using the most common options. Use this option to set up your device in transparent bridge mode, and configure it to protect your network. The SMTP protocol is enabled by default. You can choose to enable scanning of POP3 traffic. Choosing Standard Setup forces the device to run in transparent bridge mode. For the Standard Setup, the wizard includes these pages: Configuration Basic Settings Summary Performing a Custom Setup Use this information to understand the purpose of the custom setup. Use the Custom Setup to give you greater control in the options that you can select, including the operating mode for your device. You can choose to protect mail traffic using SMTP and POP3 protocols. You should use this configuration option if you need to configure IPv6 and to make other changes to the default configuration. For the Custom Setup, the wizard includes these pages: Configuration DNS and Routing Basic Settings Time Settings Network Settings Password Cluster Management Summary Restoring from a file Use this information to understand the purpose of restoring from a file When configuring your device from the Setup Wizard within the user interface, using the Restore from a file option enables you to import previously saved configuration information and apply it to your device. After this information has been imported you can make changes before applying the configuration. The Restore from a file option is not available from within the Configuration Console. To make use of this option, you must log into the McAfee Gateway and select Restore from a file from the System Setup Wizard menu. Once the configuration information has been imported, you are taken to the Custom Setup options within the Setup Wizard (see Performing a custom setup.) All imported options are shown on the wizard pages, giving you the opportunity to make any amendments before applying the configuration. When using the Restore from a file option, the wizard includes these pages: Import Config Values to Restore 30 McAfee Gateway 7.x Virtual Appliances Installation Guide

31 Installing the McAfee Gateway Virtual Appliance Using the Configuration Console 3 Once this information has been loaded, you are then taken to the Custom Setup pages, so that you can make further changes before applying the new configuration: Configuration DNS and Routing Basic Settings Time Settings Network Settings Password Cluster Management Summary epolicy Orchestrator Managed Setup Use this information to understand the purpose of the epolicy Orchestrator Managed Setup. McAfee epolicy Orchestrator enables you to manage all your McAfee software and hardware appliances from a single management console. Use the epolicy Orchestrator Managed Setup to set up your device so that it can be managed by yourmcafee epolicy Orchestrator server. Only minimal information is needed, as the device will get most of its configuration information from your McAfee epolicy Orchestrator server. Settings for epolicy Orchestrator Management Select epolicy Orchestrator Managed Setup within the Setup Wizard to configure your appliance for management by McAfee epolicy Orchestrator. Option epo Extensions Definition Download the McAfee epolicy Orchestrator extensions for McAfee Gateway products, including McAfee Gateway. The file MEGv7.x_ePOextensions.zip contains both the EWG and the MEG McAfee epolicy Orchestrator extensions. The EWG extension allows reporting from within McAfee epolicy Orchestrator for the following products: McAfee and Web Security appliances McAfee Web Gateway appliances McAfee Gateway appliances The MEG Extension provides full McAfee epolicy Orchestrator management for McAfee Gateway versions 7.0 onwards. For you to use McAfee epolicy Orchestrator for either reporting or management, the McAfee epolicy Orchestrator Extensions need to be installed on your McAfee epolicy Orchestrator server. epo Help Extensions Import epo connection settings Download the McAfee epolicy Orchestrator help extensions. The file MEGv7.x_ePOhelpextensions.zip contains the online help information for the above McAfee epolicy Orchestrator Extensions. This file installs the help extensions relating to the McAfee epolicy Orchestrator extensions for McAfee and Web Gateway and McAfee Gateway appliances onto your McAfee epolicy Orchestratorserver. Click to browse to the McAfee epolicy Orchestrator connection settings file, to import the McAfee epolicy Orchestrator connection information into the appliance. McAfee Gateway 7.x Virtual Appliances Installation Guide 31

32 3 Installing the McAfee Gateway Virtual Appliance Using the Configuration Console Configure the appliance to work with epolicy Orchestrator Use this task to set up the appliance to be managed by epolicy Orchestrator: 1 From your McAfee Gateway, on Settings for epo Management, select epo Extensions and click Save to download the extension file. 2 From your McAfee Gateway, on Settings for epo Management, select epo Help Extensions and click Save to download the help extension file. 3 On your McAfee epolicy Orchestrator server, install these extensions using Menu Software Extensions Install Extensions. 4 On the McAfee epolicy Orchestrator server, save the connections settings from Menu Gateway Protection and Web Gateway Actions Export Connection Settings. 5 On the McAfee Gateway, return to the Settings for epo Management page in the Setup Wizard, and click Import epo connection settings. Browse to the McAfee epolicy Orchestrator connections settings file. 6 Click Next to continue to the Basic Settings page in the Setup Wizard. Encryption Only Setup Use this information to understand the purpose of the Encryption Only setup options. For small to medium sized organizations, it is often sufficient to use the same McAfee Gateway to carry out your scanning tasks and also your encryption tasks. However, if you are part of a larger organization, or you work in an industry that requires that all, or a high percentage, of your messages must be delivered in a secure way, then you may want to configure one or more of your McAfee Gateway appliances as stand alone Encryption only servers. In this situation, the Encryption Only Setup options within the Setup Wizard provide you with the relevant settings needed for Encryption only use. 32 McAfee Gateway 7.x Virtual Appliances Installation Guide

33 4 A 4 tour of the Dashboard This section describes the Dashboard page, and how to edit its preferences. The Dashboard The Dashboard provides a summary of the activity of the appliance. Dashboard Use this page to access most of the pages that control the appliance. On a cluster master appliance, use this page also to see a summary of activity on the cluster of appliances. Benefits of using the Dashboard The Dashboard provides a single location for you to view summaries of the activities of the appliance through a series of portlets. Figure 4-1 Dashboard portlets McAfee Gateway 7.x Virtual Appliances Installation Guide 33

34 4 A tour of the Dashboard The Dashboard Some portlets display graphs that show appliance activity over the following periods of time: 1 hour 2 weeks 1 day (the default) 4 weeks 1 week Within the Dashboard, you can make some changes to the information and graphs displayed: Expand and collapse the portlet data using the and buttons in the portlet's top right hand corner. Drill down to specific data using the and buttons. See a status indicator that shows whether the item needs attention: Healthy the reported items are functioning normally Requires Attention a warning threshold has been exceeded Requires Immediate Attention a critical threshold has been exceeded Disabled a service is not enabled Use and to zoom in and zoom out of a timeline of information. There is a short delay while the view is updated. By default, the Dashboard shows data relating to the previous one day. Move a portlet to another location on the Dashboard, Double click the top bar of a portlet to expand it across the top of the Dashboard, Set your own alert and warning thresholds to trigger events. To do so, highlight the item and click it, edit the alert and warning threshold fields, and click Save. When the item exceeds the threshold you set, an event is triggered. Depending on the browser used to view the McAfee Gateway user interface, the Dashboard "remembers" the current state of each portlet (whether it is expanded or collapsed, and if you have drilled down to view specific data), and attempts to re create that view if you navigate to another page within the user interface and then return to the Dashboard within the same browsing session. Dashboard portlets Understand the portlets found on the dashboard within the user interface of your McAfee Gateway. Option Inbound Mail Summary Outbound Mail Summary SMTP Detections POP3 Detections System Summary Definition Use the Inbound Mail Summary portlet to get the delivery and status information about messages sent to your organization. Use the Outbound Mail Summary portlet to get the delivery and status information about messages sent from your organization. Use the SMTP Detections portlet to find out the total number of messages that triggered a detection based on the sender or connection, the recipient, or the content, and to view data specific to either inbound or outbound SMTP traffic. Use the POP3 Detections portlet to view how many messages triggered a detection based on threats such as viruses, packers, or potentially inappropriate images. Use the System Summary portlet displays information about load balancing, the disk space used for each partition, total CPU usage, used and available memory, and swap details. 34 McAfee Gateway 7.x Virtual Appliances Installation Guide

35 A tour of the Dashboard The Dashboard 4 Option Hardware Summary Network Summary Services Clustering s Definition Use the Hardware Summary portlet uses status indicators to show the status of network interfaces, UPS servers, bridge mode (if enabled), and RAID status. Use the Network Summary portlet provides information about the status of your connections, network throughput and counters relating to Kernel Mode Blocking Use the Services portlet displays update and service status statistics based on protocol and external servers used by the appliance. Use the Clustering portlet, when you have configured your appliance as part of a cluster or are using the blade server hardware, provides information about the entire cluster. Use the s portlet to link directly to the areas of the user interface that search the message queue, view reports, manage policies, configure mail protocol settings and network and system settings, and access troubleshooting features. McAfee Gateway 7.x Virtual Appliances Installation Guide 35

36 4 A tour of the Dashboard The Dashboard 36 McAfee Gateway 7.x Virtual Appliances Installation Guide

37 5 Testing 5 the configuration This information describes how to test that the appliance is functioning correctly after installation. Contents Test connectivity Update the DAT files Test mail traffic and virus detection Test spam detection Test connectivity Use this task to confirm basic connectivity. The McAfee Gateway checks that it can communicate with the gateway, update servers and DNS servers. It also confirms that the appliance name and domain name are valid. 1 From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from the s area. 2 Click the Tests tab. 3 Click Start Tests. Each test should return positively. Update the DAT files Use this task to ensure that the McAfee Gateway has the most up to date detection definition (DAT) files. We recommend updating them before you configure the scanning options. As you progress using the McAfee Gateway, you can choose to update individual types of definition file and change the default scheduled updates to suit your requirements. 1 Select System Component Management Update Status. 2 To update the anti virus engine and anti virus database, click Update Now. To check that the update applied correctly, open the Services portlet in the Dashboard, and expand the Updates status. The Anti virus components will have a green status. McAfee Gateway 7.x Virtual Appliances Installation Guide 37

38 5 Testing the configuration Test mail traffic and virus detection Test mail traffic and virus detection Use this task to test that mail traffic is passing successfully through the McAfee Gateway and that threats are correctly identified. We use the EICAR test file, a harmless file that triggers a virus detection. 1 Send an message from an outside account (such as Hotmail) to an internal mailbox and confirm that it arrived. 2 On the Dashboard, look at the Detections areas. The listing for the protocol you used to send the message should show that a message was received. 3 Copy the following line into a file, making sure you do not include any spaces or line breaks: STANDARD ANTIVIRUS TEST FILE!$H+H* 4 Save the file with the name EICAR.COM. Depending on your local anti virus software and configuration, this could cause a detection and quarantine on your local machine. 5 From an external account (SMTP client), create a message that contains the EICAR.COM file as an attachment and send the message to an internal mailbox. 6 Return to the Dashboard and look at the Detections areas. You should see that a virus was detected. 7 Delete the message when you finish testing your installation, to avoid alarming unsuspecting users. Test spam detection Use this task to run a General Test mail for Unsolicited Bulk (GTUBE) to verify that the McAfee Gateway is detecting incoming spam. 1 From an external account (SMTP client), create a new message. 2 In the body of the message, copy the following text: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE STANDARD ANTI UBE TEST *C.34X Make sure that you type this line with no line breaks. 3 Send the new message to an internal mailbox address. The device scans the message, recognizes it as a junk message, and deals with it accordingly. The GTUBE overrides blacklists and whitelists. For more information about the GTUBE, visit 38 McAfee Gateway 7.x Virtual Appliances Installation Guide

39 6 Exploring 6 the appliance features This information contains tasks to demonstrate the McAfee Gateway scanning features in action. It provides step by step instructions to create and test some sample policies and tells you how to generate applicable reports. Introduction to policies The appliance uses policies which describe the actions that the appliance must take against threats such as viruses, spam, unwanted files, and the loss of confidential information. Policies Policies are collections of rules or settings that can be applied to specific types of traffic or to groups of users. Encryption The Encryption pages enable you to set up McAfee Gateway to use the supported encryption methods to securely deliver your messages. Encryption The McAfee Gateway includes several encryption methodologies, and can be set up to provide encryption services to the other scanning features, or can be set up as an encryption only server used just to encrypt messages. Encrypt all traffic to a specific customer A common use of the encryption features is to configure a policy to use encryption for messages going to a specific customer. This group of tasks show how to configure your McAfee Gateway so that all messages being sent to s specific customer are sent using encryption. Create a new scanning policy Learn how to create a new scanning policy. Your appliance uses the policies you create to scan the messages sent through the appliance. You can create multiple policies to control the way different users use , or to specify different actions based on specific circumstances. McAfee Gateway 7.x Virtual Appliances Installation Guide 39

40 6 Exploring the appliance features Introduction to policies 1 Select Policies Scanning Policies. 2 Select the required protocol using steps in View policies for SMTP, POP3 or McAfee Secure Web Mail. 3 Click Add policy. 4 In the Scanning Policies New Policy page, enter the following information: a b c Name for the policy. Write an optional description for the new policy. Specify where the new policy inherits its settings from. If you have a similar policy already set up, select this to allow its settings to be inherited by the new policy. d e f g Choose if the policy is to apply to inbound or outbound traffic. (SMTP only) Select the required Match logic for the policy. Select the type of rule, how it should match, and the value that the rule tests against. If required, add additional rules, and use the and buttons to correctly order the rules. 5 Click OK. The new policy is added to the top of the list of policies. Configure the encryption settings Configure your McAfee Gateway to use encryption. 1 Select Encryption Secure Web Mail Basic Settings. 2 Select Enable the Secure Web Mail Client. 3 Select Encryption Secure Web Mail User Account Settings. Recipients are automatically enrolled, and receive a digitally signed notification in HTML format. The administrator chooses whether to do push and/or pull encryption. 4 Select Encryption Secure Web Mail Password Management. The minimum password length is eight characters. The password expires after 365 days. Enable Encryption for messages matching a compliance rule Enable the required encryption features on your McAfee Gateway for messages that match a compliance rule. In this example, messages that match the HIPAA Compliance rules will be encrypted. 1 Select Policies Compliance. 2 Click Enable compliance, and select Create new rule from template. 40 McAfee Gateway 7.x Virtual Appliances Installation Guide

41 Exploring the appliance features Introduction to policies 6 3 Search for the HIPAA Compliance rule and select it. 4 Click Next to progress through the wizard. 5 Select the primary action to Allow Through (Monitor). 6 In And also, select Deliver message using encryption. 7 Click Finish, and click OK to close the dialog box. 8 Select Policies Policy Options Encryption. 9 In When to Encrypt, select Only when triggered from a scanner action. 10 In On box Encryption Options, select Secure Web Mail, and click OK. 11 Apply the changes. Identify quarantined messages Use this task to discover which messages have been quarantined by your McAfee Gateway Appliance. To view a list of all messages that have been quarantined: 1 Click Reports Message Search. 2 Select Quarantined from the Message status drop down list. 3 Click Search/Refresh. All messages that have been quarantined are displayed in the lower part of the page. Refine the search You can further refine your search for quarantined messages to show only those that have been quarantined due to specific triggers. In this example, to find those messages quarantined due to compliance issues: 1 Complete the steps in Find out which messages are quarantined. 2 Select Compliance from the Category drop down list. 3 Click Search/Refresh. The lower part of the screen is refreshed to show only the messages that have been quarantined due to compliance issues. View a specific message You can view the content of a quarantined message. 1 Complete the steps in Refine the search. 2 Select the relevant quarantined message using the checkbox to the left of the page. 3 Click View Message. McAfee Gateway 7.x Virtual Appliances Installation Guide 41

42 6 Exploring the appliance features Introduction to policies The selected message is displayed in a new window. From this window, you can view the content of the message. You can also choose to view the detailed header information. After you have viewed the message, by clicking the relevant buttons, you can choose further actions to perform on the message. Release a quarantined message After viewing the message that has been quarantined, you may want to release the message from Quarantine. This task allows you to do this. To release a selected message from quarantine: 1 Complete the steps in View a specific message. 2 Click Release Selected. The selected message is released from quarantine. messages that contain viral content cannot be released from quarantine, as to do so would risk causing damage to your systems. Compliance Settings Use this page to create and manage compliance rules. Policies Compliance Compliance Benefits of the compliance settings Use compliance scanning to assist with conformance to regulatory compliance and corporate operating compliance. You can choose from a library of predefined compliance rules, or create your own rules and dictionaries specific to your organization. Compliance rules can vary in complexity from a straightforward trigger when an individual term within a dictionary is detected, to building on and combining score based dictionaries which will only trigger when a certain threshold is reached. Using the advanced features of compliance rules, dictionaries can be combined using logical operations of any of, all of, or except. Restrict the score contribution of a dictionary term Use this task to restrict the score contribution of a dictionary term. Before you begin This task assumes that your rule includes a dictionary which triggers the action based on a threshold score, such as the Compensation and Benefits dictionary. You can restrict how many times a term can contribute to the overall score. For example, if testterm within a dictionary has a score of 10 and is seen five times within an , it will add 50 to the overall score. Alternatively you can restrict this, for example to contribute only twice by setting Maximum term count to McAfee Gateway 7.x Virtual Appliances Installation Guide

43 Exploring the appliance features Introduction to policies 6 1 Select Policies Compliance. 2 Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose score you want to change. 3 In Maximum term count, type the maximum number of times that you want a term to contribute to the score. Edit the threshold associated with an existing rule Use this task to edit the threshold associated with an existing rule. Before you begin This task assumes that your rule includes a dictionary which triggers the action based on a threshold, such as the Compensation and Benefits dictionary. 1 Select Policies Compliance. 2 Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose score you want to change. 3 In dictionary threshold, type the score on which you want the rule to trigger, and click OK. Create a rule to monitor or block at a threshold For score based dictionaries you might want to monitor triggers that reach a low threshold, and only block the when a high threshold is achieved. 1 Select Policies Compliance. 2 Click Create new rule, type a name for it such as Discontent Low, and click Next. 3 Select the Discontent dictionary, and in Threshold, type Click Next, and Next again. 5 In If the compliance rule is triggered, accept the default action. 6 Click Finish. 7 Repeat steps 2 through 4 to create another new rule but name it Discontent High and assign it a threshold of In If the compliance rule is triggered, select Deny connection (Block). 9 Click Finish. 10 Click OK and apply the changes. McAfee Gateway 7.x Virtual Appliances Installation Guide 43

44 6 Exploring the appliance features Introduction to policies Add a dictionary to a rule Use this task to add a new dictionary to an existing rule. 1 Select Policies Compliance. 2 Expand the rule that you want to edit. 3 Select Add dictionaries. 4 Select the new dictionary that you want to include, and click OK. Create a complex custom rule Use this task to create a complex rule that triggers when both Dictionary A and Dictionary B are detected, except when Dictionary C is also detected. 1 Select Policies Scanning Policies and select Compliance. 2 In the Default Compliance Settings dialog box, click Yes to enable the policy. 3 Click Create new rule to open the Rule Creation Wizard. 4 Type a name for the rule, and click Next. 5 Select two dictionaries to include in the rule, and click Next. 6 Select a dictionary that you want to exclude from the rule in the exclusion list. 7 Select the action that you want to take place if the rule triggers. 8 From the And conditionally drop down list, select All, and click Finish. Create a simple custom rule Use this task to create a simple custom rule that blocks messages that contain social security numbers. 1 Select Policies Compliance. 2 In the Default Compliance Settings dialog box, click Yes to enable the policy. 3 Click Create new rule to open the Rule Creation Wizard. 4 Type a name for the rule, and click Next. 5 In the Search field, type social. 6 Select the Social Security Number dictionary, and click Next twice. 7 Select the Deny connection (Block) action, and click Finish. 44 McAfee Gateway 7.x Virtual Appliances Installation Guide

45 Exploring the appliance features Introduction to policies 6 Block messages that violate a policy Use this to task to block messages that violate a threatening language policy. 1 Select Policies Compliance. 2 In the Default Compliance Settings dialog box, click Yes to enable the policy. 3 Click Create new rule from template to open the Rule Creation Wizard. 4 Select the Acceptable Use Threatening Language policy, and click Next. 5 Optionally change the name of the rule, and click Next. 6 Change the primary action to Deny connection (Block), and click Finish. 7 Click OK and apply the changes. Data Loss Prevention settings Use this page to create a policy that assigns data loss prevention actions against the registered document categories. Policies Compliance Data Loss Prevention Benefits of using Data Loss Prevention (DLP) You can choose to restrict the flow of sensitive information sent in messages by SMTP through the appliance using the Data Loss Prevention feature. For example, by blocking the transmission of a sensitive document such as a financial report that is to be sent outside of your organization. Detection occurs whether the original document is sent as an attachment, or even as just a section of text taken from the original document. Configuring DLP takes place in two phases: Registering the documents that you want to protect Setting the DLP policy to action, and control the detection (this topic) If an uploaded registered document contains embedded documents, their content is also fingerprinted so the combined content is used when calculating the percentage match at scan time. To have embedded documents treated individually, they must be registered separately. Prevent a sensitive document from being leaked Use this task to block sensitive financial documents from being sent outside your organization. Before you begin This example assumes that you have already created a Finance category. 1 Select Policies Compliance Data Loss Prevention. 2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy. 3 Click Create new rule, select the Finance category, and click OK to have the category appear in the Rules list. McAfee Gateway 7.x Virtual Appliances Installation Guide 45

46 6 Exploring the appliance features Introduction to policies 4 Select the action associated with the category, change the primary action to Deny connection (Block), and click OK. 5 Click OK again, and apply the changes. Block a section of the document Use this task to block just a small section of the document from being sent outside your organization. 1 Select Policies Compliance Data Loss Prevention. 2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy. 3 Enable the consecutive signatures setting, and type the number of consecutive signatures against which the DLP policy will trigger a detection. The level is set to 10 by default. 4 Click Create new rule, select the Finance category, and click OK to have the category appear in the Rules list. 5 Select the action associated with the category, change the primary action to Deny connection (Block), and click OK. 6 Click OK again, and apply the changes. Exclude a specific document for a policy Use this task to prevent a specific financial document from triggering the DLP policy settings. 1 Select Policies Compliance Data Loss Prevention. 2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy. 3 Click Create document exclusion, select the document you want to ignore for this policy, and click OK. 4 Click OK again, and apply the changes. 46 McAfee Gateway 7.x Virtual Appliances Installation Guide

47 7 Additional 7 Configuration Options This information gives some best practice tips and some advanced configuration options. Contents Upgrading to the latest version of McAfee Gateway Virtual Appliance Change the default Power Off and Reset actions Configure the shutdown and restart option Upgrading to the latest version of McAfee Gateway Virtual Appliance Use this task to upgrade to the latest version of McAfee Gateway Virtual Appliance from McAfee Gateway Virtual Appliance version (or later) using the software.iso image. Before you begin You must have McAfee Gateway Virtual Appliance version (or later) already installed and configured. After an operating system is installed on a virtual appliance, the virtual machine always starts from the hard disk first. To work around this feature, you have to shut down the virtual machine and configure a power on boot delay so that you have enough time to access the Boot menu and tell it to start from the installation CD instead. 1 Download the latest version of the McAfee Gateway Virtual Appliance.ISO upgrade file from the McAfee download site and extract it. 2 Shut down the virtual appliance. a Log on to the virtual appliance user interface and select System System Administration System Commands. b c Enter the password. Select Shutdown Appliance. 3 Log on to VMware ESX Server, or use the VMware Infrastructure Client or the VMware vsphere Client to log on to VMware Virtual Center Server. 4 Enable a Power on Boot delay to get enough time to force the virtual machine to boot from CD: a Select the virtual appliance in the Inventory list and click Summary. b c Select Edit Settings Options Boot Options. In Power on Boot delay, type 10,000 in the text box, and click OK. McAfee Gateway 7.x Virtual Appliances Installation Guide 47

48 7 Additional Configuration Options Change the default Power Off and Reset actions 5 Turn on the virtual appliance. 6 Make sure the cursor focus is on the Virtual Appliance console. Then press the ESC key to open the Boot Menu. Do not select any options yet. 7 Release the cursor from the console and select Connect CD/DVD1. 8 Browse to the folder where you downloaded the McAfee Gateway Virtual Appliance.ISO file and double click <McAfee MEG 7.x <build number>.vmbuy.iso>. 9 When the.iso file is connected, click back on to the console screen. Select CD ROM Drive and press the ENTER key. 10 The virtual appliance starts from the.iso file. 11 Press y to agree to the terms of the license agreement. 12 Select the upgrade option that you want, and press the ENTER key to perform the upgrade. 13 Type y to confirm that you want to continue. Change the default Power Off and Reset actions Use this task to change the Power Off and Reset actions in VMware vsphere so the McAfee Gateway Virtual Appliance can shut down without corrupting the virtual machine file system. 1 Within VMware vsphere Client, right click the McAfee Gateway Virtual Appliance and select Edit Settings. 2 Select the Options tab and select VMware Tools. 3 Set the option next to the red square to Shut Down Guest. 4 Next to the Reset icon (red and green arrow), set the option to Restart Guest. Configure the shutdown and restart option Use this task to configure the McAfee Gateway Virtual Appliance to shut down automatically and restart if you restart VMware vsphere. 1 Select the vsphere Host and click the Configuration tab. 2 Select Virtual Machine Startup/Shutdown in the Software box, click Properties, and do the following: Enable the Allow virtual machines to start and stop automatically with the system option. Change the Shutdown Action to Guest Shutdown. 3 Select the McAfee Gateway Virtual Appliance in the list and click Move Up until it appears as the first item in the list. 4 Click Edit. 48 McAfee Gateway 7.x Virtual Appliances Installation Guide

Best Practices Revision A. McAfee Email Gateway 7.x Appliances

Best Practices Revision A. McAfee Email Gateway 7.x Appliances Best Practices Revision A McAfee Email Gateway 7.x Appliances COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee(R) Email Security Virtual Appliance 5.6 Installation Guide

McAfee(R) Email Security Virtual Appliance 5.6 Installation Guide McAfee(R) Email Security Virtual Appliance 5.6 Installation Guide COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored

More information

Data Center Connector for vsphere 3.0.0

Data Center Connector for vsphere 3.0.0 Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee(R) Email and Web Security Virtual Appliance 5.6 Installation Guide

McAfee(R) Email and Web Security Virtual Appliance 5.6 Installation Guide McAfee(R) Email and Web Security Virtual Appliance 5.6 Installation Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee Asset Manager Console

McAfee Asset Manager Console Installation Guide McAfee Asset Manager Console Version 6.5 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee SaaS Email Archiving

McAfee SaaS Email Archiving User Guide McAfee SaaS Email Archiving COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee

More information

Installation Guide. McAfee VirusScan Enterprise for Linux 1.9.0 Software

Installation Guide. McAfee VirusScan Enterprise for Linux 1.9.0 Software Installation Guide McAfee VirusScan Enterprise for Linux 1.9.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

McAfee Endpoint Encryption for PC 7.0

McAfee Endpoint Encryption for PC 7.0 Migration Guide McAfee Endpoint Encryption for PC 7.0 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

Administrators Guide Revision A. McAfee Email Gateway 7.5.0 Appliances

Administrators Guide Revision A. McAfee Email Gateway 7.5.0 Appliances Administrators Guide Revision A McAfee Email Gateway 7.5.0 Appliances COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Data Center Connector 3.0.0 for OpenStack

Data Center Connector 3.0.0 for OpenStack Product Guide Data Center Connector 3.0.0 for OpenStack For use with epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

Setup Guide Revision B. McAfee SaaS Email Archiving for Microsoft Exchange Server 2010

Setup Guide Revision B. McAfee SaaS Email Archiving for Microsoft Exchange Server 2010 Setup Guide Revision B McAfee SaaS Email Archiving for Microsoft Exchange Server 2010 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release)

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release) Product Guide McAfee SaaS Endpoint Protection (October, 2012 release) COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

McAfee Directory Services Connector extension

McAfee Directory Services Connector extension Getting Started Guide Revision A McAfee Directory Services Connector extension For use with epolicy Orchestrator 4.6.1 through 5.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission.

More information

McAfee MOVE AntiVirus Multi-Platform 3.5.0

McAfee MOVE AntiVirus Multi-Platform 3.5.0 Product Guide McAfee MOVE AntiVirus Multi-Platform 3.5.0 For use with epolicy Orchestrator 4.6.7, 4.6.8, 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee SiteAdvisor Enterprise 3.5 Patch 2

McAfee SiteAdvisor Enterprise 3.5 Patch 2 Installation Guide McAfee SiteAdvisor Enterprise 3.5 Patch 2 For use with epolicy Orchestrator 4.5, 4.6 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2 Upgrade Guide McAfee Vulnerability Manager Microsoft Windows Server 2008 R2 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection,

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2003

Setup Guide. Email Archiving for Microsoft Exchange Server 2003 Setup Guide Email Archiving for Microsoft Exchange Server 2003 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Product Guide. McAfee Endpoint Protection for Mac 2.1.0 Product Guide McAfee Endpoint Protection for Mac 2.1.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

McAfee MOVE AntiVirus 2.6.0

McAfee MOVE AntiVirus 2.6.0 Deployment Guide McAfee MOVE AntiVirus 2.6.0 For use with epolicy Orchestrator 4.5.0, 4.6.0 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

McAfee Email Gateway 7.6.400 VMtrial Appliances

McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide Revision D McAfee Email Gateway 7.6.400 VMtrial Appliances COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

McAfee Endpoint Security 10.0.0 Software

McAfee Endpoint Security 10.0.0 Software Installation Guide McAfee Endpoint Security 10.0.0 Software For use with epolicy Orchestrator 5.1.1 5.2.0 software and the McAfee SecurityCenter COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2010

Setup Guide. Email Archiving for Microsoft Exchange Server 2010 Setup Guide Email Archiving for Microsoft Exchange Server 2010 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Public Cloud Server Security Suite

McAfee Public Cloud Server Security Suite Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6 Integration Guide Manager for use with epolicy Orchestrator 4.6 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2007

Setup Guide. Email Archiving for Microsoft Exchange Server 2007 Setup Guide Email Archiving for Microsoft Exchange Server 2007 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Email Gateway 7.0 Appliances

McAfee Email Gateway 7.0 Appliances Installation Guide McAfee Email Gateway 7.0 Appliances COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

McAfee VirusScan Enterprise for Linux 1.7.0 Software

McAfee VirusScan Enterprise for Linux 1.7.0 Software Configuration Guide McAfee VirusScan Enterprise for Linux 1.7.0 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication

More information

Installation Guide. McAfee epolicy Orchestrator 5.0.0 Software

Installation Guide. McAfee epolicy Orchestrator 5.0.0 Software Installation Guide McAfee epolicy Orchestrator 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Content Security Reporter 2.0.0

McAfee Content Security Reporter 2.0.0 Product Guide Revision A McAfee Content Security Reporter 2.0.0 For use with epolicy Orchestrator 4.6.5 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Setup Guide Revision A. WDS Connector

Setup Guide Revision A. WDS Connector Setup Guide Revision A WDS Connector COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee

More information

McAfee Data Loss Prevention 9.3.0

McAfee Data Loss Prevention 9.3.0 Product Guide Revision E McAfee Data Loss Prevention 9.3.0 For use with epolicy Orchestrator 4.5, 4.6, 5.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Virtual Appliance Setup Guide

Virtual Appliance Setup Guide Virtual Appliance Setup Guide 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective

More information

McAfee Enterprise Mobility Management 11.0 Software

McAfee Enterprise Mobility Management 11.0 Software Product Guide McAfee Enterprise Mobility Management 11.0 Software For use with epolicy Orchestrator 4.6.5-5.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee Cloud Single Sign On

McAfee Cloud Single Sign On Setup Guide Revision B McAfee Cloud Single Sign On COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Hardware Sizing and Bandwidth Usage Guide. McAfee epolicy Orchestrator 4.6.0 Software

Hardware Sizing and Bandwidth Usage Guide. McAfee epolicy Orchestrator 4.6.0 Software Hardware Sizing and Bandwidth Usage Guide McAfee epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Installation Guide. McAfee SaaS Endpoint Protection 6.0

Installation Guide. McAfee SaaS Endpoint Protection 6.0 Installation Guide McAfee SaaS Endpoint Protection 6.0 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

McAfee Content Security Reporter 1.0.0 Software

McAfee Content Security Reporter 1.0.0 Software Product Guide Revision A McAfee Content Security Reporter 1.0.0 Software For use with epolicy Orchestrator 4.6.2 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK

More information

McAfee MOVE AntiVirus (Agentless) 3.6.0

McAfee MOVE AntiVirus (Agentless) 3.6.0 Product Guide McAfee MOVE AntiVirus (Agentless) 3.6.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software User Guide FIPS Mode For use with epolicy Orchestrator 4.6.x Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software Product Guide Revision A McAfee Secure Web Mail Client 7.0.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee VirusScan Enterprise for Storage 1.1.0

McAfee VirusScan Enterprise for Storage 1.1.0 Product Guide McAfee VirusScan Enterprise for Storage 1.1.0 For use with epolicy Orchestrator 4.5.7, 4.6.x, 5.0.x Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK

More information

McAfee Client Proxy 1.0.0 Software

McAfee Client Proxy 1.0.0 Software Product Guide McAfee Client Proxy 1.0.0 Software For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the

More information

Setting up Microsoft Office 365

Setting up Microsoft Office 365 Integration Guide Revision G McAfee SaaS Email Protection Securing Exchange Online in Microsoft Office 365 Setting up Microsoft Office 365 Use this guide to configure Microsoft Office 365 and Microsoft

More information

Virtualization Guide. McAfee Vulnerability Manager Virtualization

Virtualization Guide. McAfee Vulnerability Manager Virtualization Virtualization Guide McAfee Vulnerability Manager Virtualization COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Installation Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software

Installation Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software Installation Guide Revision B McAfee epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Product Guide Revision A. McAfee Web Reporter 5.2.1

Product Guide Revision A. McAfee Web Reporter 5.2.1 Product Guide Revision A McAfee Web Reporter 5.2.1 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Installation Guide. McAfee SaaS Endpoint Protection

Installation Guide. McAfee SaaS Endpoint Protection Installation Guide McAfee SaaS Endpoint Protection COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Product Guide Revision A. McAfee Data Loss Prevention Endpoint 9.3.0

Product Guide Revision A. McAfee Data Loss Prevention Endpoint 9.3.0 Product Guide Revision A McAfee Data Loss Prevention Endpoint 9.3.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Migration Guide Revision A. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x

Migration Guide Revision A. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide Revision A McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo,

More information

Core Protection for Virtual Machines 1

Core Protection for Virtual Machines 1 Core Protection for Virtual Machines 1 Comprehensive Threat Protection for Virtual Environments. Installation Guide e Endpoint Security Trend Micro Incorporated reserves the right to make changes to this

More information

Product Guide. McAfee Endpoint Security for Mac Threat Prevention 10.1.0

Product Guide. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide McAfee Endpoint Security for Mac Threat Prevention 10.1.0 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

McAfee Enterprise Mobility Management 11.0 Software

McAfee Enterprise Mobility Management 11.0 Software Installation Guide McAfee Enterprise Mobility Management 11.0 Software For use with epolicy Orchestrator 4.6.5-5.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK

More information

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10 Cyberoam Virtual Security Appliance - Installation Guide for XenServer Version 10 Document Version 10.6.1-01/07/2014 Contents Preface... 4 Base Configuration... 4 Installation Procedure... 4 Cyberoam Virtual

More information

F-Secure Internet Gatekeeper Virtual Appliance

F-Secure Internet Gatekeeper Virtual Appliance F-Secure Internet Gatekeeper Virtual Appliance F-Secure Internet Gatekeeper Virtual Appliance TOC 2 Contents Chapter 1: Welcome to F-Secure Internet Gatekeeper Virtual Appliance.3 Chapter 2: Deployment...4

More information

McAfee. b Under Self Service, click Product Documentation. d Download the model S7032 installation guide.

McAfee. b Under Self Service, click Product Documentation. d Download the model S7032 installation guide. Quick Start Guide McAfee Firewall Enterprise, Multi-Firewall Edition model S7032 This quick start guide provides high-level instructions for setting up McAfee Firewall Enterprise, Multi-Firewall Edition

More information

Building a Penetration Testing Virtual Computer Laboratory

Building a Penetration Testing Virtual Computer Laboratory Building a Penetration Testing Virtual Computer Laboratory User Guide 1 A. Table of Contents Collaborative Virtual Computer Laboratory A. Table of Contents... 2 B. Introduction... 3 C. Configure Host Network

More information

McAfee Endpoint Encryption for Files and Folders 4.2

McAfee Endpoint Encryption for Files and Folders 4.2 Product Guide McAfee Endpoint Encryption for Files and Folders 4.2 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Setting up Microsoft Office 365

Setting up Microsoft Office 365 Setup Guide Revision F Using McAfee SaaS Email Protection to Secure Exchange Online in Microsoft Office 365 Setting up Microsoft Office 365 Use this guide to configure Microsoft Office 365 and Microsoft

More information

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software Installation Guide McAfee Security for Microsoft Exchange 7.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2 RSA Authentication Manager 8.1 Setup and Configuration Guide Revision 2 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

Installing and Using the vnios Trial

Installing and Using the vnios Trial Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM

More information

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software Product Guide Revision A McAfee Secure Web Mail Client 7.0.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

EMC Data Domain Management Center

EMC Data Domain Management Center EMC Data Domain Management Center Version 1.1 Initial Configuration Guide 302-000-071 REV 04 Copyright 2012-2015 EMC Corporation. All rights reserved. Published in USA. Published June, 2015 EMC believes

More information

WatchGuard XCSv Setup Guide

WatchGuard XCSv Setup Guide WatchGuard XCSv Setup Guide All XCSv Editions Copyright and Patent Information Copyright 2010 2013 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, LiveSecurity, and

More information

Sophos for Microsoft SharePoint startup guide

Sophos for Microsoft SharePoint startup guide Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning

More information

Administration Guide Revision A. SaaS Email Protection

Administration Guide Revision A. SaaS Email Protection Administration Guide Revision A SaaS Email Protection COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

PHD Virtual Backup for Hyper-V

PHD Virtual Backup for Hyper-V PHD Virtual Backup for Hyper-V version 7.0 Installation & Getting Started Guide Document Release Date: December 18, 2013 www.phdvirtual.com PHDVB v7 for Hyper-V Legal Notices PHD Virtual Backup for Hyper-V

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Installation Guide. McAfee epolicy Orchestrator 4.6.0 Software

Installation Guide. McAfee epolicy Orchestrator 4.6.0 Software Installation Guide McAfee epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored

More information

Product Guide. McAfee epolicy Orchestrator 5.0.0 Software

Product Guide. McAfee epolicy Orchestrator 5.0.0 Software Product Guide McAfee epolicy Orchestrator 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Installing GFI MailSecurity

Installing GFI MailSecurity Installing GFI MailSecurity Introduction This chapter explains how to install and configure GFI MailSecurity. You can install GFI MailSecurity directly on your mail server or you can choose to install

More information

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide Abstract This guide describes the Virtualization Monitor (vmon), an add-on service module of the HP Intelligent Management

More information

GlobalSCAPE DMZ Gateway, v1. User Guide

GlobalSCAPE DMZ Gateway, v1. User Guide GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical

More information

Virtual Appliance Setup Guide

Virtual Appliance Setup Guide The Virtual Appliance includes the same powerful technology and simple Web based user interface found on the Barracuda Web Application Firewall hardware appliance. It is designed for easy deployment on

More information

VMware vsphere-6.0 Administration Training

VMware vsphere-6.0 Administration Training VMware vsphere-6.0 Administration Training Course Course Duration : 20 Days Class Duration : 3 hours per day (Including LAB Practical) Classroom Fee = 20,000 INR Online / Fast-Track Fee = 25,000 INR Fast

More information

Install Guide for JunosV Wireless LAN Controller

Install Guide for JunosV Wireless LAN Controller The next-generation Juniper Networks JunosV Wireless LAN Controller is a virtual controller using a cloud-based architecture with physical access points. The current functionality of a physical controller

More information

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10 Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi Version 10 Document Version 10.6.2-16/04/2015 Contents Preface... 4 Base Configuration... 4 Installation Procedure... 4 Cyberoam

More information

Technical Note. vsphere Deployment Worksheet on page 2. Express Configuration on page 3. Single VLAN Configuration on page 5

Technical Note. vsphere Deployment Worksheet on page 2. Express Configuration on page 3. Single VLAN Configuration on page 5 Technical Note The vfabric Data Director worksheets contained in this technical note are intended to help you plan your Data Director deployment. The worksheets include the following: vsphere Deployment

More information

Installing and Configuring vcenter Support Assistant

Installing and Configuring vcenter Support Assistant Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

Product Guide. McAfee epolicy Orchestrator 5.3.0 Software

Product Guide. McAfee epolicy Orchestrator 5.3.0 Software Product Guide McAfee epolicy Orchestrator 5.3.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Virtual Managment Appliance Setup Guide

Virtual Managment Appliance Setup Guide Virtual Managment Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance As an alternative to the hardware-based version of the Sophos Web Appliance, you can deploy

More information

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course The McAfee Firewall Enterprise System Administration course from McAfee University is a fast-paced,

More information

CommandCenter Secure Gateway

CommandCenter Secure Gateway CommandCenter Secure Gateway Quick Setup Guide for CC-SG Virtual Appliance - VMware, XEN, HyperV This Quick Setup Guide explains how to install and configure the CommandCenter Secure Gateway. For additional

More information

Quick Start Guide. for Installing vnios Software on. VMware Platforms

Quick Start Guide. for Installing vnios Software on. VMware Platforms Quick Start Guide for Installing vnios Software on VMware Platforms Copyright Statements 2010, Infoblox Inc. All rights reserved. The contents of this document may not be copied or duplicated in any form,

More information

Virtual Appliance for VMware Server. Getting Started Guide. Revision 2.0.2. Warning and Disclaimer

Virtual Appliance for VMware Server. Getting Started Guide. Revision 2.0.2. Warning and Disclaimer Virtual Appliance for VMware Server Getting Started Guide Revision 2.0.2 Warning and Disclaimer This document is designed to provide information about the configuration and installation of the CensorNet

More information

Installing GFI MailEssentials

Installing GFI MailEssentials Installing GFI MailEssentials Introduction to installing GFI MailEssentials This chapter explains the procedure on how to install and configure GFI MailEssentials. GFI MailEssentials can be installed in

More information

Setup for Failover Clustering and Microsoft Cluster Service

Setup for Failover Clustering and Microsoft Cluster Service Setup for Failover Clustering and Microsoft Cluster Service ESX 4.0 ESXi 4.0 vcenter Server 4.0 This document supports the version of each product listed and supports all subsequent versions until the

More information

Virtual Web Appliance Setup Guide

Virtual Web Appliance Setup Guide Virtual Web Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance This guide describes the procedures for installing a Virtual Web Appliance. If you are installing

More information

VMware Data Recovery. Administrator's Guide EN-000193-00

VMware Data Recovery. Administrator's Guide EN-000193-00 Administrator's Guide EN-000193-00 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product

More information

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN-000599-01

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN-000599-01 ESXi 5.0 vcenter Server 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

Administration Guide Revision E. SaaS Email Protection

Administration Guide Revision E. SaaS Email Protection Administration Guide Revision E SaaS Email Protection COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS

More information

Administration Guide Revision E. Account Management. For SaaS Email and Web Security

Administration Guide Revision E. Account Management. For SaaS Email and Web Security Administration Guide Revision E Account Management COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS

More information

vcloud Director User's Guide

vcloud Director User's Guide vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

SevOne NMS Download Installation and Implementation Guide

SevOne NMS Download Installation and Implementation Guide SevOne NMS Download Installation and Implementation Guide 5.3.X 530 V0002 Contents 1. Get Started... 3 2. SevOne Download Installation... 6 3. Appliance Network Configuration... 9 4. Install License and

More information

Installation Guide. McAfee epolicy Orchestrator 5.3.0 Software

Installation Guide. McAfee epolicy Orchestrator 5.3.0 Software Installation Guide McAfee epolicy Orchestrator 5.3.0 Software COPYRIGHT Copyright 2014 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK

More information

Product Guide. McAfee Endpoint Security 10

Product Guide. McAfee Endpoint Security 10 Product Guide McAfee Endpoint Security 10 COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE,

More information

Product Guide. McAfee SaaS Endpoint Protection 5.2.0

Product Guide. McAfee SaaS Endpoint Protection 5.2.0 Product Guide McAfee SaaS Endpoint Protection 5.2.0 COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

McAfee Policy Auditor 6.2.0 software Installation Guide

McAfee Policy Auditor 6.2.0 software Installation Guide McAfee Policy Auditor 6.2.0 software Installation Guide COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information