McAfee Email Gateway 7.6.400 VMtrial Appliances

Installation Guide Revision D McAfee Email Gateway 7.6.400 VMtrial Appliances

COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence, McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Contents 1 Introducing McAfee Email Gateway (VMtrial) 5 Description of McAfee Email Gateway.......................... 5 Supported platforms................................. 5 McAfee Email Gateway features............................ 6 Evaluation period.................................. 8 Performance.................................... 9 What you get................................... 9 2 Installing VMtrial 11 Decide how you want to use the evaluation....................... 11 Considerations before installing VMtrial........................ 11 Network information you need to collect........................ 12 System requirements................................ 12 - Install Email Gateway (VMtrial) on Hyper-V using PowerShell............. 12 - Run the Email Gateway (VMtrial) installation script.............. 13 - Install Email Gateway (VMtrial)...................... 14 - Install VMtrial on Hyper-V using SCVMM...................... 14 - Import the Email Gateway (VMtrial) installation files.............. 14 - Import the virtual machine template.................... 15 - Create a virtual machine......................... 15 - Run the Email Gateway (VMtrial)...................... 16 Install VMtrial on VMware vsphere.......................... 16 Install VMtrial on VMware Player........................... 17 - Configure the Email Gateway (VMtrial)...................... 18 3 Getting started with VMtrial 21 The Dashboard.................................. 21 Benefits of using the Dashboard......................... 22 Dashboard portlets.............................. 23 Testing the configuration.............................. 23 Test connectivity........................... 23 Update the DAT files.......................... 24 Using the test email generator............................ 24 Benefits of using the test email generator.................... 24 Generate test email.............................. 25 Generate a stream of test email messages................. 25 View a summary of scanned email traffic.................. 25 Find specific test email messages..................... 26 Exploring the appliance features........................... 26 Introduction to policies............................ 27 Encryption................................. 27 Compliance Settings............................. 29 Data Loss Prevention settings......................... 32 Identify quarantined email messages................... 33 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 3

Contents Index 35 4 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

1 Introducing McAfee Email Gateway (VMtrial) McAfee Email Gateway virtual trial (VMtrial) lets you evaluate the latest McAfee Email Gateway software. Contents Description of McAfee Email Gateway Supported platforms McAfee Email Gateway features Evaluation period Performance What you get Description of McAfee Email Gateway McAfee Email Gateway delivers comprehensive, enterprise-class protection against email threats in an integrated and simple-to-manage appliance for SMTP and POP3. If you purchase the McAfee Email Gateway after this evaluation, McAfee can either supply the relevant hardware and other items that accompany an appliance, or you can access the software using a virtual appliance. Supported platforms McAfee Email Gateway (VMtrial) works on the following virtual platforms: VMware vsphere 4.x or higher VMware vsphere Hypervisor (ESXi ) 4.x or higher Microsoft Hyper-V installations running on: Microsoft Windows 8 Pro Microsoft Windows 8.1 Enterprise Microsoft Windows 8 Enterprise Microsoft Windows Server 2012 Microsoft Windows 8.1 Pro Microsoft Windows Server 2012 R2 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 5

1 Introducing McAfee Email Gateway (VMtrial) McAfee Email Gateway features McAfee Email Gateway features This information describes the features of the product and where to locate them in the product interface. Email scanning features Feature Comprehensive scanning protection Anti-virus protection Anti-spam protection Encryption Description Offers anti-virus and anti-spam protection for the following network protocols: SMTP POP3 Email Email Policies Anti-Virus Reduce threats to all protocol traffic using: Anti-virus settings to identify known and unknown threats in viruses in archives files, and other file types Other threat detection settings to detect viruses, potentially unwanted programs, packers, and other malware McAfee Global Threat Intelligence file reputation to complement the DAT-based signatures by providing the appliances access to millions of cloud-based signatures; this reduces the delay between McAfee detecting a new malware threat and its inclusion in DAT files, providing broader coverage Email Email Policies Spam Reduce spam in SMTP and POP3 email traffic using: Anti-spam engine, the anti-spam, and anti-phishing rule sets Lists of permitted and denied senders McAfee Global Threat Intelligence message reputation to identify senders of spam email messages Permit and deny lists that administrators and users can create using a Microsoft Outlook plug-in (user-level only) Detect phishing attacks and take the appropriate action. Email Encryption The McAfee Email Gateway includes several encryption methodologies: Server-to-server encryption Secure Web Mail Pull delivery Push delivery The encryption features can be set up to provide encryption services to the other scanning features, or can be set up as an encryption-only server used just to encrypt email messages. 6 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Introducing McAfee Email Gateway (VMtrial) McAfee Email Gateway features 1 Feature McAfee Global Threat Intelligence feedback Compliance Settings Data Loss Prevention Message Search Quarantine features Message Transfer Agent Description Email Email Policies Policy Options McAfee GTI feedback System Setup Wizard McAfee analyzes data about detections and alerts, threat details, and usage statistics from a broad set of customers to combat electronic attacks, protect vulnerable systems from exploit, and thwart cyber crime. By enabling this feedback service in your product, you will help us improve McAfee Global Threat Intelligence, thereby making your McAfee products more effective, as well as help us work with law enforcement to address electronic threats. Email Email Policies Compliance This release of the product includes enhancements to the way the appliance uses compliance rules: In the Compliance policy, use the Rule Creation wizard to specify the inbuilt dictionaries that you want to comply with, or create the a new rule using an existing rule as a template. Use the Mail size filtering and File filtering policies to check SMTP email messages for true file types and take action on email based on size and number of attachments. Email DLP and Dictionaries Use the Data Loss Prevention policy to upload and analyze your sensitive documents known as training and to create a fingerprint of each document. Reports Message search From a single location within the user interface, Message Search allows you to confirm the status of email messages that have passed through the appliance. It provides you with information about the email, including whether it was delivered or blocked, if the message bounced, if it was quarantined, or held in a queue pending further action. Email Quarantine Configuration Quarantine Options Quarantine digests Allow users to handle quarantined items without involving the email administrator. McAfee Quarantine Manager Consolidate quarantine management for McAfee products. Reroute traffic on-the-fly based on criteria set by the administrator. For example, encrypted mail can be rerouted for decryption. Allow the administrator to determine the final status of each message. See a quick view summary of inbound email messages by domain with drill-down facilities per domain and undeliverable email by domain. Prioritize the redelivery of undeliverable email based on domain. Pipeline multiple email deliveries to each domain. Rewrite an email address on inbound and outbound email based on regular expressions defined by the administrator. Strip email headers on outbound messages to hide internal network infrastructure. Deliver messages using TLS. Manage certificates. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 7

1 Introducing McAfee Email Gateway (VMtrial) Evaluation period Reporting and System features Feature Scheduled Reports Logging options Dashboard statistics epolicy Orchestrator management of appliances Cluster Management Virtual Hosts Role-based Access Control Description Reports Scheduled Reports Schedule reports to run on a regular basis and send them to one or more email recipients. System Logging, Alerting and SNMP You can configure the appliance to send emails containing information about viruses and other detected threats, and to use SNMP to transfer information from your appliance. Dashboard The Dashboard provides a single location for you to view summaries of the activities of the appliance, such as the email flowing through the appliance, and the overall system health of the appliance. You can also go directly to areas of the user interface that you often use. System Setup Wizard Choose the epo Managed Setup option to monitor the status of your appliances and also manage your appliance from epolicy Orchestrator. You can directly manage your appliances from epolicy Orchestrator, without needing to launch the interface for each appliance. In epolicy Orchestrator, the user interface pages that you use to configure and manage your appliance have a familiar look-and-feel to the pages that you find within the appliances. System System Administration Cluster Management Cluster management enables you to set up groups of appliances that work together to share your scanning workloads, and to provide redundancy in the event of hardware failure. From these pages you can back up and restore your configurations, push configurations from one appliance to others, and set up load balancing between your appliances. System Virtual Hosting Virtual Hosts For the SMTP protocol, you can specify the addresses where the appliance receives or intercepts traffic on the Inbound Address Pool. Using virtual hosts, a single appliance can appear to behave like several appliances. Each appliance can manage traffic within specified pools of IP addresses, enabling the appliance to provide scanning services to traffic from many customers. System Users Users and Roles System Users Login Services In addition to the Kerberos authentication method, RADIUS authentication is also available. Evaluation period During the evaluation period, you get unlimited access to McAfee Email Gateway Appliance (VMtrial) features that can protect your organization from spam, phishing, viruses, undesirable content, data loss, and other threats. 8 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Introducing McAfee Email Gateway (VMtrial) Performance 1 The evaluation period lasts for 30 days, after which time the virtual appliance will cease to function. When the evaluation period ends, an Expiry Information dialog box on the VMtrial logon page tells you "The trial has now expired." All functionality stops working. Traffic continues to pass through the VMtrial appliance but is not scanned. If you run out of time to complete your evaluation before it expires, you can save your configuration, begin another evaluation, and apply your original configuration settings. To purchase the product based on your evaluation, contact your preferred reseller. To locate a reseller, go to http://www.mcafee.com to find a Reseller or Distribution Partner or contact a sales representative. Performance Using virtual software to simulate a McAfee appliance impacts appliance performance and traffic throughput. Scanning throughput during the evaluation is not representative of the performance that would be achieved on a McAfee appliance with a similar hardware specification. Performance and traffic throughput are also affected by the host computer specification and the size of your Internet connection. What you get The VMtrial versions of Email Gateway are provided as zip files specific to your chosen virtual environment In the evaluation.zip file, you have the following items: McAfee Email Gateway (VMtrial) installation files McAfee Email Gateway (VMtrial) Installation Guide Sources of information You can find installation and configuration information in the following locations: Online Help The configuration console contains page-sensitive Help information to guide you through the installation process. After installation, detailed context-sensitive Help with Search and Index features is available from the product interface. It provides an introduction to the product and its features, detailed instructions for configuring the software, information on recurring tasks, and operating procedures. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 9

1 Introducing McAfee Email Gateway (VMtrial) What you get KnowledgeBase Use the McAfee KnowledgeBase for answers to questions about McAfee Email Gateway. Go to https://support.mcafee.com/ and click Browse the KnowledgeBase. From the Product list, select Email Gateway. Documentation You have access to the latest version of the McAfee Email Gateway documentation. Go to https://support.mcafee.com/, click Product Documentation, and select Email Gateway. For help with your virtual environment, go to your chosen suppliers website, http:// www.vmware.com or http://www.microsoft.com. 10 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

2 Installing 2 VMtrial This information helps you prepare your evaluation environment and presents topics to consider before you install McAfee Email Gateway Appliance (VMtrial). Contents Decide how you want to use the evaluation Considerations before installing VMtrial Network information you need to collect System requirements - Install Email Gateway (VMtrial) on Hyper-V using PowerShell - Install VMtrial on Hyper-V using SCVMM Install VMtrial on VMware vsphere Install VMtrial on VMware Player - Configure the Email Gateway (VMtrial) Decide how you want to use the evaluation Before you start to install the evaluation, you must decide whether you want to: Use McAfee Email Gateway Appliance (VMtrial) to scan email traffic on your network. Just evaluate the McAfee Email Gateway Appliance features and interface options. Considerations before installing VMtrial If you want McAfee Email Gateway (VMtrial) to scan email traffic on your network, consider the following before you start the installation process: Which protocols do you want to scan? Choose from SMTP and POP3. Do you want to scan these protocols without changing settings on clients or servers? Does your network have a DMZ? If so, which servers are located in it? Do you have an internal DNS server? The operational mode that you want to use. Choose from explicit proxy mode, transparent bridge mode, or transparent router mode. Information about the features of each operating mode can be found in the McAfee Email Gateway Virtual Appliance Installation Guide available from https:// support.mcafee.com. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 11

2 Installing VMtrial Network information you need to collect Network information you need to collect Gather the following information before you start the installation process: Protocols to scan (SMTP, POP3) Host name Domain name Default gateway Choose your operational mode: explicit proxy, transparent router, transparent bridge. Information about the operational modes can be found in the McAfee Email Gateway Virtual Appliance Installation Guide available from https://support.mcafee.com. LAN1 port IP address and subnet mask LAN2 port IP address and subnet mask DNS server IP address Any onward email server IP address System requirements If you use McAfee Email Gateway (VMtrial) in your production environment, the traffic throughput and performance is slower than an appliance with a similar hardware specification. Component Processor Available memory Value 2.8 GHz Pentium 4 processor with Physical Address Extension (PAE) support 1 GB Free hard disk space 50 GB File system Virtual environment Automatically selected during the installation process Ensure that your chosen virtual environment is set up and running on suitable hardware, and that you have sufficient Network Interface Controllers attached to the system. - Install Email Gateway (VMtrial) on Hyper-V using PowerShell You can install an Email Gateway (VMtrial) onto a Microsoft Hyper-V virtual environment by running a PowerShell script. Before you begin McAfee recommends that you configure the required virtual switches within your Hyper-V host system before you install the virtual appliance. 12 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Installing VMtrial - Install Email Gateway (VMtrial) on Hyper-V using PowerShell 2 Ensure that you have downloaded the installation files and have saved them to a location you can reach from within your Hyper-V environment. Download the Email Gateway (VMtrial) package (McAfee-MEG-< version.number >-< build.number >.HyperV_Trial.zip) file from the McAfee download site. When downloaded, extract the package to a location where it can be accessed from the Hyper-V host. Install either a fully licensed, or an evaluation copy, of Microsoft Hyper-V on a compatible Microsoft operating system. See also - Configure the Email Gateway (VMtrial) on page 18 - Run the Email Gateway (VMtrial) installation script Run the PowerShell script file to create and set up the Email Gateway (VMtrial) within your Hyper-V environment without using SCVMM. Before you begin Download the Email Gateway (VMtrial) package (McAfee-MEG-< version.number >-< build.number >.HyperV_Trial.zip) file from the McAfee download site. When downloaded, extract the package to a location where it can be accessed from the Hyper-V host. Install either a fully licensed, or an evaluation copy, of Microsoft Hyper-V on a compatible Microsoft operating system. 1 From the computer hosting your Hyper-V installation, browse to the folder containing the Email Gateway (VMtrial) installation files. 2 Right-click the MEG_VMinstall.ps1 file and select Run with PowerShell. You need administrator or equivalent permissions to execute this PowerShell script. If prompted with an Execution Policy Change dialog box, type Y to continue running the installation script. 3 From the displayed dialog box, click Browse. 4 Select the folder into which the Email Gateway (VMtrial) virtual hard disks are installed. 5 Select the required interfaces for LAN1, LAN2 and (if necessary) OOB. 6 Click OK. 7 Type y and press Enter. The installation takes several minutes as the separate drives are created. When the Email Gateway (VMtrial) drives have been created, a "deployment complete" message is displayed. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 13

2 Installing VMtrial - Install VMtrial on Hyper-V using SCVMM - Install Email Gateway (VMtrial) Within the Hyper-V virtual machine, start the Email Gateway (VMtrial) and install the software. 1 From the computer hosting your Hyper-V installation, view the Virtual Machines. 2 Right-click the newly created virtual machine and select Start. The Virtual Machine Connection window opens and displays the progress of the virtual machine. 3 From the Virtual Machine Connection window within Hyper-V Manager, follow the installation steps detailed in Configure the Email Gateway (VMtrial). - Install VMtrial on Hyper-V using SCVMM The following sub-tasks describe a method of installing your Email Gateway (VMtrial), using the Microsoft System Center Virtual Machine Manager. McAfee recommends that you configure the required virtual switches within your Hyper-V host system before you install the Email Gateway (VMtrial). See also - Configure the Email Gateway (VMtrial) on page 18 - Import the Email Gateway (VMtrial) installation files Ensure that you have imported the Email Gateway (VMtrial) installation files into the library of your Microsoft System Center Virtual Machine Manager (SCVMM). Before you begin Make sure that you have the Email Gateway (VMtrial) installation package (McAfee-MEG-< version.number >-< build.number >.HyperV_Trial.zip ) for Hyper-V hosts, and that you can access this package from within SCVMM. Import the installation files so that they are available for the installation of your Email Gateway (VMtrial). 1 Start the Microsoft System Center Virtual Machine Manager. 2 Navigate to Library and your relevant Library Server. 3 From the top toolbar, click Import Physical Resource. 4 Click Add resource and browse to the folder containing the extracted McAfee-MEG-< version.number >-< build.number >.HyperV_Trial.zip package files. 5 Click Open. 6 Select all virtual hard disk (.vhdx) files. 7 Click Open. 8 Select the destination for the imported files. Click OK. 9 Click Import. 14 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Installing VMtrial - Install VMtrial on Hyper-V using SCVMM 2 The virtual hard disks required for the installation of your Email Gateway (VMtrial) are imported to the SCVMM library. - Import the virtual machine template A template is provided within the installation package to simplify the process of creating virtual machines on which to run the Email Gateway (VMtrial). 1 Start the Microsoft System Center Virtual Machine Manager. 2 Navigate to Library and your relevant Library Server. 3 From the top toolbar, click Import Template. 4 Browse to the extracted McAfee-MEG-< version.number >-< build.number >.HyperV_Trial.zip package files, and select the template (HyperV_Trial.xml) file. 5 Click Open. 6 Click Next. Optionally, enter a descriptive name for the template. 7 Click Next. 8 Click Import. The template is imported to Microsoft System Center Virtual Machine Manager, and appears within Templates VM Templates. - Create a virtual machine Before you can install a Email Gateway (VMtrial), you must create a virtual machine on your Hyper-V system. 1 Start the Microsoft System Center Virtual Machine Manager. 2 Navigate to VMs and Services and select VMs from the top toolbar. 3 Choose the Hyper-V host onto which you want to deploy the Email Gateway (VMtrial). 4 Right-click the selected host and select Create Virtual Machine. 5 Select Use an existing virtual machine, VM template, or virtual hard disk, browse to locate the virtual machine template you installed, and click OK 6 Click Next. 7 Type a name for the virtual machine. Optionally, provide a description for this virtual machine. 8 Click Next. The summary screen for the virtual machine configuration is displayed. 9 Click Next. 10 You can change the host upon which the virtual machine is installed. A list of the available hosts is displayed, together with a rating for each, to help you decide the best host to use. 11 Click Next.You can review the selected options and settings before creating the virtual machine. 12 Select the required network adaptors from the list. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 15

2 Installing VMtrial Install VMtrial on VMware vsphere 13 Click Next. 14 Click Create. The virtual machine is created using the settings within the template file and the information you selected. The virtual hard drive files are copied to the virtual machine, to be used during the Email Gateway (VMtrial) installation. - Run the Email Gateway (VMtrial) Turn on the imported Email Gateway (VMtrial) from Hyper-V manager or the SCVMM console. Before you begin If you installed your virtual machine on a different host to that running SCVMM, navigate to the relevant Hyper-V host and open Hyper-V Manager. Depending on the options selected during the creation of the virtual machine, you might need to manually start the virtual machine. To manually start the virtual machine, right-click the relevant virtual machine and select Start. Once the Email Gateway (VMtrial) software has been installed within Hyper-V, ensure the virtual machine is powered on before continuing with the installation process. 1 Start Hyper-V Manager. 2 Make sure the virtual machine running the Email Gateway (VMtrial) is running. 3 Select the virtual machine, and click Connect from within Actions. The Virtual Machine Connection window is displayed. 4 From the Virtual Machine Connection window within Hyper-V Manager, follow the installation steps detailed in Configure the Email Gateway (VMtrial). Install VMtrial on VMware vsphere Use this task to install McAfee Email Gateway Appliance (VMtrial) onto a host computer running VMware vsphere 4.x or VMware vsphere Hypervisor (ESXi) 4.x. Before you begin Download the McAfee Email Gateway Appliance (VMtrial) package.zip file from the McAfee download site and extract it to a location where the VMware vsphere Client can see it. Install a fully licensed copy of VMware vsphere 4.x or VMware vsphere Hypervisor (ESXi) 4.x. The McAfee Email Gateway Appliance (VMtrial) performs automatic configuration using DHCP for the following parameters: Host name Domain name Default gateway DNS server 16 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Installing VMtrial Install VMtrial on VMware Player 2 The console appears when the appliance restarts until you complete the settings. 1 Start the VMware vsphere Client application. 2 Log on to the VMware vsphere server, or the vcenter Server. 3 From the Inventory list, select the host or cluster onto which you want to import the virtual appliance software. 4 Click File Deploy OVF Template Deploy From File, and click Browse to go to where you extracted the.zip file you downloaded from the McAfee download site. 5 Open the VMtrial subfolder from the.zip file, and select the McAfee_MEG_VMtrial.vSphere_ESX.ovf file, and click Open. 6 Click Next twice, and optionally type a new name. 7 Select the resource pool that you want to use if you have any configured. 8 Select the datastore that you want to use, and click Next. 9 Select the virtual networks to which the virtual appliance NICs will be connected. 10 Click Next, read the summary, then click Finish and wait for the import process to finish. You can install the virtual appliance on more than one VMware vsphere server. See also - Configure the Email Gateway (VMtrial) on page 18 Install VMtrial on VMware Player Use this task to install McAfee Email Gateway Appliance (VMtrial) onto a host computer running VMware Player. Before you begin Download the McAfee Email Gateway Appliance (VMtrial) package.zip file from the McAfee download site and extract it to the computer on which you plan to run the evaluation. Download VMware Player from http://www.vmware.com/go/get-player. The McAfee Email Gateway Appliance (VMtrial) performs automatic configuration using DHCP for the following parameters: Host name Domain name Default gateway DNS server The console appears when the appliance restarts until you complete the settings. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 17

2 Installing VMtrial - Configure the Email Gateway (VMtrial) 1 Log on to the computer as an administrator. 2 Install VMware Player: a Double-click the VMware Player installation file and click Run to start the installer. b c Click Next and continue through the installer selecting the desired options. On the last page, click Continue to begin the installation. The computer must be restarted before you can run McAfee Email Gateway Appliance (VMtrial). 3 Run the VMtrial installation file: a Browse to the folder where you extracted the McAfee Email Gateway Appliance (VMtrial) package.zip file. b c Open the VMtrial folder. Double-click the McAfee_MEG_VMtrial.VMware_Player.vmx file. VMware Player starts, and the installation begins. You can install the virtual appliance on more than one VMware Player server. See also - Configure the Email Gateway (VMtrial) on page 18 - Configure the Email Gateway (VMtrial) Use this task to configure the Email Gateway (VMtrial). Before you begin Ensure your virtual environment is installed and running correctly. 1 Start the Email Gateway (VMtrial). The installation starts automatically. 2 Read the End-User License Agreement to continue with the installation, then click y to accept it and start the installation. 3 At the installation menu, select a to perform a full installation and y to continue. 4 When the installation is complete, the Email Gateway (VMtrial) restarts. 5 On the Welcome screen, choose the language that you want to use. 6 Accept the terms of the license agreement. 7 Configure the Email Gateway (VMtrial) from the graphical configuration wizard. 18 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Installing VMtrial - Configure the Email Gateway (VMtrial) 2 8 Apply the configuration to the Email Gateway (VMtrial). Depending on the settings you entered, it might restart. You can install the Email Gateway (VMtrial) on more than one virtual environment. To do so: a Follow the steps in this task on another virtual environment. b c Return to the previously installed Email Gateway (VMtrial) user interface. Select System System Administration Configuration Push to send the configuration details to the second Email Gateway (VMtrial). McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 19

2 Installing VMtrial - Configure the Email Gateway (VMtrial) 20 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

3 3 Getting started with VMtrial This information introduces you to the interface elements that make up McAfee Email Gateway Appliance (VMtrial). Contents The Dashboard Testing the configuration Using the test email generator Exploring the appliance features The Dashboard The Dashboard provides a summary of the activity of the appliance. Dashboard On a cluster master appliance, use this page also to see a summary of activity on the cluster of appliances. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 21

3 Getting started with VMtrial The Dashboard Benefits of using the Dashboard The Dashboard provides a single location for you to view summaries of the activities of the appliance through a series of portlets. Figure 3-1 Dashboard portlets Some portlets display graphs that show appliance activity over the following periods of time: 1 hour 2 weeks 1 day (the default) 4 weeks 1 week Within the Dashboard, you can make some changes to the information and graphs displayed: Expand and collapse the portlet data using the and buttons in the portlet's top right-hand corner. Drill down to specific data using the and buttons. See a status indicator that shows whether the item needs attention: Healthy The reported items are functioning normally. Requires Attention A warning threshold has been exceeded. Requires Immediate Attention A critical threshold has been exceeded. Disabled A service is not enabled. Use and to zoom in and zoom out of a timeline of information. There is a short delay while the view is updated. By default, the Dashboard shows data relating to the previous one day. Move a portlet to another location on the Dashboard. 22 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Getting started with VMtrial Testing the configuration 3 Double-click the top bar of a portlet to expand it across the top of the Dashboard. Set your own alert and warning thresholds to trigger events. To do so, highlight the item and click it, edit the alert and warning threshold fields, and click Save. When the item exceeds the threshold you set, an event is triggered. Depending on the browser used to view the McAfee Email Gateway user interface, the Dashboard "remembers" the current state of each portlet (whether it is expanded or collapsed, and if you have drilled down to view specific data), and attempts to re-create that view if you navigate to another page within the user interface and then return to the Dashboard within the same browsing session. Dashboard portlets The McAfee Email Gateway Dashboard portlets provide information about the state of email traffic, recent detections and the current status of your McAfee Email Gateway. Option Inbound Mail Summary Outbound Mail Summary SMTP Detections POP3 Detections System Summary Hardware Summary Network Summary Services Clustering s Definition Displays the delivery and status information about messages sent to your organization. Displays the delivery and status information about messages sent from your organization. Displays the total number of messages that triggered a detection based on the sender or connection, the recipient, or the content, and to view data specific to either inbound or outbound SMTP traffic. Displays how many messages triggered a detection based on threats such as viruses, packers, or potentially inappropriate images. Displays information about load balancing, the disk space used for each partition, total CPU usage, used and available memory, and swap details. Status indicators to show the status of network interfaces, UPS servers, bridge mode (if enabled), and RAID status. Provides information about the status of your connections, network throughput and counters relating to Kernel Mode Blocking Displays update and service status statistics based on protocol and external servers used by the appliance. Provides information about the entire cluster when appliance is part of a cluster or you are using the blade server hardware. Links directly to the areas of the user interface that search the message queue, view reports, manage policies, configure mail protocol settings and network and system settings, and access troubleshooting features. Testing the configuration This information describes how to test that the appliance is functioning correctly after installation. Contents Test connectivity Update the DAT files Test connectivity Use this task to confirm basic connectivity. The McAfee Email Gateway checks that it can communicate with the gateway, update servers and DNS servers. It also confirms that the appliance name and domain name are valid. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 23

3 Getting started with VMtrial Using the test email generator 1 From the navigation bar, select Troubleshoot, or from the dashboard, select Run System Tests from the s area. 2 Click the Tests tab. 3 Click Start Tests. Each test should return positively. Update the DAT files Use this task to ensure that the McAfee Email Gateway has the most up-to-date detection definition (DAT) files. We recommend updating them before you configure the scanning options. As you progress using the McAfee Email Gateway, you can choose to update individual types of definition file and change the default scheduled updates to suit your requirements. 1 Select System Component Management Update Status. 2 To update the anti-virus engine and anti-virus database, click Update Now. To check that the update applied correctly, open the Services portlet in the Dashboard, and expand the Updates status. The Anti-virus components will have a green status. Using the test email generator McAfee Email Gateway Appliance (VMtrial) includes a test email generator to allow you to fully test your trial of the software, without needing to configure external infrastructure to send and receive email messages. Troubleshoot Tools Generate Test Email Benefits of using the test email generator The test email generator demonstrates the reporting and detection capabilities of the McAfee Email Gateway Appliance (VMtrial) by simulating the continual sending and receiving various types of email traffic. The content of the emails is randomized and consists of a selection of detection types and legitimate data. The detections trigger defined actions for viral content, spam content, compliance or Data Loss Prevention (DLP) actions. These test emails do not contain any viral content, rather, they contain test strings designed specifically to ensure the anti-virus detections are working correctly. When you enable the test email generator, policies are automatically created. These policies are used to define the settings that are applied to the test email traffic as it is scanned by the appliance. The connection and envelope properties of the generated email messages are also randomized, to ensure that different policies are triggered when the messages are scanned. You can edit the policies created to test the email traffic. Doing so might affect the results of the scanned test email traffic. 24 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Getting started with VMtrial Using the test email generator 3 Generate test email Generate a stream of messages to test the effects of the scanning policies. Table 3-1 Option definitions Diagnostics: Generate continuous test email Option Enable Continuous Generation / Reset Continuous Generation Start Continuous Generation Disable Status Window Reminder Stop Continuous Generation Definition Creates new policies to define the configuration used to scan the test email messages generated using continuous generation. After you have enabled continuous generation and created the policies, you can reset these policies to their initial state by clicking Reset Continuous Generation. Creates test email traffic. When test email traffic is being generated, a reminder message is displayed on the Status Window every minute. Click to disable the reminder messages. Stops the flow of test email traffic. Generate a stream of test email messages Configure the McAfee Email Gateway Appliance (VMtrial) software to generate a continuous stream of test email messages. To fully evaluate and understand some features within McAfee Email Gateway, it is necessary for the appliance to scan email messages. Use Generate Test Email Diagnostics: Generate continuous test email to create a continuous stream of test email messages to be scanned by the appliance. 1 Select Troubleshoot Tools Generate Test Email. 2 Click Enable Continuous Generation. 3 Click OK to accept the notice about your policy customizations being overwritten. The enabling of email generation and the creation of the required scanning policies takes several minutes to complete. New policies are created. These are used to configure the scanning for the test email message stream. 4 Click Start Continuous Generation. Your McAfee Email Gateway Appliance (VMtrial) starts generating a stream of email messages that are scanned by the appliance. View a summary of scanned email traffic Use the Dashboard to get an "at a glance" overview of the email traffic scanned by the McAfee Email Gateway Appliance (VMtrial). Before you begin Either arrange for external email to be delivered though the virtual appliance, or generate a stream of test email messages using the Generate Test Email Diagnostics: Generate continuous test email feature. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 25

3 Getting started with VMtrial Exploring the appliance features 1 Select Dashboard. 2 View the counters shown within the Mail Summary portlets. The counters increment as the email traffic is scanned. Find specific test email messages Use Message Search to get detailed information about the email traffic scanned by the McAfee Email Gateway Appliance (VMtrial). Before you begin Either arrange for external email to be delivered though the virtual appliance, or generate a stream of test email messages using the Generate Test Email Diagnostics: Generate continuous test email feature. 1 Select Reports Message search. 2 Click Search / Refresh. The appliance reads the current information from its database, and displays it on the page. 3 To view only information about specific actions taken, for example, email messages that have been quarantined or bounced, use the available filtering options before clicking Search / Refresh. Detailed information about the scanned email traffic is displayed. For further information, see the online Help for Message Search. Exploring the appliance features This information contains tasks to demonstrate the McAfee Email Gateway scanning features in action. It provides step-by-step instructions to create and test some sample policies and tells you how to generate applicable reports. Contents Introduction to policies Encryption Compliance Settings Data Loss Prevention settings Identify quarantined email messages 26 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Getting started with VMtrial Exploring the appliance features 3 Introduction to policies The appliance uses policies which describe the actions that the appliance must take against threats such as viruses, spam, unwanted files, and the loss of confidential information. Email Email Policies Figure 3-2 Email Policies Policies are collections of rules or settings that can be applied to specific types of traffic or to groups of users. Encryption The Encryption pages enable you to set up McAfee Email Gateway to use the supported encryption methods to securely deliver your email messages. Email Encryption The McAfee Email Gateway includes several encryption methodologies, and can be set up to provide encryption services to the other scanning features, or can be set up as an encryption-only server used just to encrypt email messages. Encrypt all email traffic to a specific customer A common use of the encryption features is to configure a policy to use encryption for email messages going to a specific customer. This group of tasks show how to configure your McAfee Email Gateway so that all email messages being sent to s specific customer are sent using encryption. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 27

3 Getting started with VMtrial Exploring the appliance features Create a new scanning policy Learn how to create a new scanning policy. Your appliance uses the policies you create to scan the email messages sent through the appliance. You can create multiple policies to control the way different users use email, or to specify different actions based on specific circumstances. 1 Select Email Email Policies Scanning Policies. 2 Select the required protocol using steps in View policies for SMTP, POP3 or McAfee Secure Web Mail. 3 Click Add policy. 4 In the Scanning Policies New Policy page, enter the following information: a b c Name for the policy. Write an optional description for the new policy. Specify where the new policy inherits its settings from. If you have a similar policy already set up, select this to allow its settings to be inherited by the new policy. d e f g Choose if the policy is to apply to inbound or outbound email traffic. (SMTP only) Select the required Match logic for the policy. Select the type of rule, how it should match, and the value that the rule tests against. If required, add additional rules, and use the and buttons to correctly order the rules. 5 Click OK. The new policy is added to the top of the list of policies. Configure the encryption settings Configure your McAfee Email Gateway to use encryption. 1 Select Email Encryption Secure Web Mail Basic Settings. 2 Select Enable the Secure Web Mail Client. 3 Select Email Encryption Secure Web Mail User Account Settings. Recipients are automatically enrolled, and receive a digitally signed notification in HTML format. The administrator chooses whether to do push and/or pull encryption. 4 Select Email Encryption Secure Web Mail Password Management. The minimum password length is eight characters. The password expires after 365 days. Enable Encryption for messages matching a compliance rule Enable the required encryption features on your McAfee Email Gateway for messages that match a compliance rule. In this example, email messages that match the HIPAA Compliance rules will be encrypted. 28 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Getting started with VMtrial Exploring the appliance features 3 1 Select Email Email Policies Compliance. 2 Click Enable compliance, and select Create new rule from template. 3 Search for the HIPAA Compliance rule and select it. 4 Click Next to progress through the wizard. 5 Select the primary action to Allow Through (Monitor). 6 In And also, select Deliver message using encryption. 7 Click Finish, and click OK to close the dialog box. 8 Select Email Email Policies Policy Options Encryption. 9 In When to Encrypt, select Only when triggered from a scanner action. 10 In On-box Encryption Options, select Secure Web Mail, and click OK. 11 Apply the changes. Compliance Settings Use this page to create and manage compliance rules. Email Email Policies Compliance Compliance Benefits of the compliance settings Use compliance scanning to assist with conformance to regulatory compliance and corporate operating compliance. You can choose from a library of predefined compliance rules, or create your own rules and dictionaries specific to your organization. Compliance rules can vary in complexity from a straightforward trigger when an individual term within a dictionary is detected, to building on and combining score-based dictionaries which will only trigger when a certain threshold is reached. Using the advanced features of compliance rules, dictionaries can be combined using logical operations of any of, all of, or except. Restrict the score contribution of a dictionary term Use this task to restrict the score contribution of a dictionary term. Before you begin This task assumes that your rule includes a dictionary which triggers the action based on a threshold score, such as the Compensation and Benefits dictionary. You can restrict how many times a term can contribute to the overall score. For example, if testterm within a dictionary has a score of 10 and is seen five times within an email, it will add 50 to the overall score. Alternatively you can restrict this, for example to contribute only twice by setting Maximum term count to 2. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 29

3 Getting started with VMtrial Exploring the appliance features 1 Select Email Email Policies Compliance. 2 Expand the rule that you want to edit, then click the Edit icon next to the dictionary whose score you want to change. 3 In Maximum term count, type the maximum number of times that you want a term to contribute to the score. Edit the threshold associated with an existing rule Use this task to edit the threshold associated with an existing rule. Before you begin This task assumes that your rule includes a dictionary which triggers the action based on a threshold, such as the Compensation and Benefits dictionary. 1 Select Email Email Policies Compliance. 2 Expand the rule that you want to edit, then select the Edit icon next to the dictionary whose score you want to change. 3 In dictionary threshold, type the score on which you want the rule to trigger, and click OK. Create a rule to monitor or block at a threshold For score-based dictionaries you might want to monitor triggers that reach a low threshold, and only block the email when a high threshold is achieved. 1 Select Email Email Policies Compliance. 2 Click Create new rule, type a name for it such as Discontent - Low, and click Next. 3 Select the Discontent dictionary, and in Threshold, type 20. 4 Click Next, and Next again. 5 In If the compliance rule is triggered, accept the default action. 6 Click Finish. 7 Repeat steps 2 through 4 to create another new rule but name it Discontent - High and assign it a threshold of 40. 8 In If the compliance rule is triggered, select Deny connection (Block). 9 Click Finish. 10 Click OK and apply the changes. 30 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Getting started with VMtrial Exploring the appliance features 3 Add a dictionary to a rule Use this task to add a new dictionary to an existing rule. 1 Select Email Email Policies Compliance. 2 Expand the rule that you want to edit. 3 Select Add dictionaries. 4 Select the new dictionary that you want to include, and click OK. Create a complex custom rule Use this task to create a complex rule that triggers when both Dictionary A and Dictionary B are detected, except when Dictionary C is also detected. 1 Select Email Email Policies Scanning Policies and select Compliance. 2 In the Default Compliance Settings dialog box, click Yes to enable the policy. 3 Click Create new rule to open the Rule Creation Wizard. 4 Type a name for the rule, and click Next. 5 Select two dictionaries to include in the rule, and click Next. 6 Select a dictionary that you want to exclude from the rule in the exclusion list. 7 Select the action that you want to take place if the rule triggers. 8 From the And conditionally drop-down list, select All, and click Finish. Create a simple custom rule Use this task to create a simple custom rule that blocks messages that contain social security numbers. 1 Select Email Email Policies Compliance. 2 In the Default Compliance Settings dialog box, click Yes to enable the policy. 3 Click Create new rule to open the Rule Creation Wizard. 4 Type a name for the rule, and click Next. 5 In the Search field, type social. 6 Select the Social Security Number dictionary, and click Next twice. 7 Select the Deny connection (Block) action, and click Finish. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 31

3 Getting started with VMtrial Exploring the appliance features Block messages that violate a policy Use this to task to block messages that violate a threatening language policy. 1 Select Email Email Policies Compliance. 2 In the Default Compliance Settings dialog box, click Yes to enable the policy. 3 Click Create new rule from template to open the Rule Creation Wizard. 4 Select the Acceptable Use - Threatening Language policy, and click Next. 5 Optionally change the name of the rule, and click Next. 6 Change the primary action to Deny connection (Block), and click Finish. 7 Click OK and apply the changes. Data Loss Prevention settings Use this page to create a policy that assigns data loss prevention actions against the registered document categories. Email Email Policies Compliance Data Loss Prevention Benefits of using Data Loss Prevention (DLP) You can choose to restrict the flow of sensitive information sent in email messages by SMTP through the appliance using the Data Loss Prevention feature. For example, by blocking the transmission of a sensitive document such as a financial report that is to be sent outside of your organization. Detection occurs whether the original document is sent as an email attachment, or even as just a section of text taken from the original document. Configuring DLP takes place in two phases: Registering the documents that you want to protect Setting the DLP policy to action, and control the detection (this topic) If an uploaded registered document contains embedded documents, their content is also fingerprinted so the combined content is used when calculating the percentage match at scan time. To have embedded documents treated individually, they must be registered separately. Prevent a sensitive document from being leaked Use this task to block sensitive financial documents from being sent outside your organization. Before you begin This example assumes that you have already created a Finance category. 1 Select Email Email Policies Compliance Data Loss Prevention. 2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy. 3 Click Create new rule, select the Finance category, and click OK to have the category appear in the Rules list. 32 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Getting started with VMtrial Exploring the appliance features 3 4 Select the action associated with the category, change the primary action to Deny connection (Block), and click OK. 5 Click OK again, and apply the changes. Block a section of the document Use this task to block just a small section of the document from being sent outside your organization. 1 Select Email Email Policies Compliance Data Loss Prevention. 2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy. 3 Enable the consecutive signatures setting, and type the number of consecutive signatures against which the DLP policy will trigger a detection. The level is set to 10 by default. 4 Click Create new rule, select the Finance category, and click OK to have the category appear in the Rules list. 5 Select the action associated with the category, change the primary action to Deny connection (Block), and click OK. 6 Click OK again, and apply the changes. Exclude a specific document for a policy Use this task to prevent a specific financial document from triggering the DLP policy settings. 1 Select Email Email Policies Compliance Data Loss Prevention. 2 In the Default Data Loss Prevention Settings dialog box, click Yes to enable the policy. 3 Click Create document exclusion, select the document you want to ignore for this policy, and click OK. 4 Click OK again, and apply the changes. Identify quarantined email messages Use this task to discover which email messages have been quarantined by your McAfee Email Gateway Appliance. To view a list of all messages that have been quarantined: 1 Click Reports Message Search. 2 Select Quarantined from the Message status drop-down list. 3 Click Search/Refresh. All messages that have been quarantined are displayed in the lower part of the page. s Refine the search on page 34 View a specific email message on page 34 Release a quarantined email message on page 34 After viewing the email message that has been quarantined, you may want to release the message from Quarantine. This task allows you to do this. McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 33

3 Getting started with VMtrial Exploring the appliance features Refine the search You can further refine your search for quarantined email messages to show only those that have been quarantined due to specific triggers. In this example, to find those email messages quarantined due to compliance issues: 1 Complete the steps in Find out which email messages are quarantined. 2 Select Compliance from the Category drop-down list. 3 Click Search/Refresh. The lower part of the screen is refreshed to show only the messages that have been quarantined due to compliance issues. View a specific email message You can view the content of a quarantined email message. 1 Complete the steps in Refine the search. 2 Select the relevant quarantined message using the checkbox to the left of the page. 3 Click View Message. The selected message is displayed in a new window. From this window, you can view the content of the email message. You can also choose to view the detailed email header information. After you have viewed the message, by clicking the relevant buttons, you can choose further actions to perform on the email message. Release a quarantined email message After viewing the email message that has been quarantined, you may want to release the message from Quarantine. This task allows you to do this. To release a selected message from quarantine: 1 Complete the steps in View a specific email message. 2 Click Release Selected. The selected email message is released from quarantine. Email messages that contain viral content cannot be released from quarantine, as to do so would risk causing damage to your systems. 34 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide

Index B benefits of data loss prevention 32 benefits of DLP 32 C cluster configuration statistics 21 compliance 29 Compliance benefits of 29 scanning for 29 configuration change messages 21 D Dashboard 21 data loss prevention benefits 32 data loss prevention (DLP) 32 detections rates and statistics 21 dictionaries adding to policies 29 editing scores and terms 29 DLP benefits 32 DLP (data loss prevention) 32 E email generator 24 email policies compliance 29 email queues 21 email status 21 encryption 27 environment supported platforms 5 F feature descriptions 6 G graphs email and network statistics 21 M McAfee Global Threat Intelligence 21 N network status 21 P policies introduction to 27 status 21 product features 6 S Scanning for compliance 29 statistics Dashboard 21 supported platforms 5 T test email generator 24 benefits 24 threat feedback 21 V virtual platforms supported 5 W warning messages Dashboard 21 web policies compliance 29 McAfee Email Gateway 7.6.400 VMtrial Appliances Installation Guide 35

D00