Migration Guide Revision A. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x

Migration Guide Revision A McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x

COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Contents Preface 5 About this guide.................................. 5 Audience.................................. 5 Conventions................................. 5 What's in this guide.............................. 6 Find product documentation.............................. 6 1 Introduction 7 Why you need to migrate your web scanning settings................... 7 About McAfee Web Gateway............................. 7 Understand the differences between the products..................... 8 Compare rules-based and policy-based configuration methods............. 8 Available operational modes.......................... 9 2 Prepare for the migration process 11 View the product documentation........................... 11 McAfee Email and Web Security documentation.................. 11 McAfee Web Gateway documentation....................... 12 Review your McAfee Email and Web Security policies before migrating............ 12 Review default McAfee Web Gateway rule sets and rules................. 12 Comparable features and settings........................... 13 Unavailable features and settings........................... 13 Determine your physical or virtual appliance....................... 15 Determine your hardware platform....................... 16 Review the network placement......................... 16 Suggested migration setup............................. 17 3 Back up existing configurations 19 Back up the McAfee Email and Web Security configuration................. 19 Back up the McAfee Web Gateway configuration..................... 19 4 Create your McAfee Web Gateway configuration 21 Configure the initial McAfee Web Gateway settings.................... 21 Before you begin............................... 21 Create your initial policy........................... 22 Configure proxy settings........................... 22 Configure authentication and access management................. 23 Configure basic anti-virus settings.......................... 23 Use an existing anti-virus rule set........................ 24 Configure URL filtering settings............................ 28 Create a new rule set for URL filtering settings................... 28 Index 35 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 3

Contents 4 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Preface This guide discusses information that you need to know when you are manually migrating your web scanning settings from your McAfee Email and Web Security version 5.6 appliance to your McAfee Web Gateway version 7.x. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Security officers People who determine sensitive and confidential data, and define the corporate policy that protects the company's intellectual property. Conventions This guide uses the following typographical conventions and icons. Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis. Bold User input or Path Code Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program. A code sample. User interface Hypertext blue Words in the user interface including options, menus, buttons, and dialog boxes. A live link to a topic or to a website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 5

Preface Find product documentation Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. What's in this guide This guide is organized to help you find the information you need. Information about the compatible hardware platforms on which each product can run Discussion about the differences between the products Considerations before you attempt to manually migrate your web scanning settings Information about the settings that can be manually migrated Information about settings that are not compatible across the products Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access... User documentation Do this... 1 Click Product Documentation. 2 Select a product, then select a version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. 6 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

1 1 Introduction Learn about McAfee Web Gateway as you prepare to manually migrate your web configuration settings from your McAfee Email and Web Security appliances to your McAfee Web Gateway. Contents Why you need to migrate your web scanning settings About McAfee Web Gateway Understand the differences between the products Why you need to migrate your web scanning settings McAfee Email and Web Security appliances provide email and web scanning at your Internet gateway. McAfee Web Gateway provides comprehensive web security for your network. As McAfee continues to develop products to combat the threats to your organization, the McAfee Email and Web Security product range has now had its web protection features removed and its email scanning features enhanced. The name has changed to McAfee Email Gateway to reflect this change of emphasis. To migrate both email and web scanning away from McAfee Email and Web Security, you need to configure two appliances: McAfee Email Gateway to scan your email traffic, and McAfee Web Gateway to scan your web traffic. About McAfee Web Gateway Deployed on-premises with appliances or in a virtual environment, McAfee Web Gateway offers powerful, proactive protection against zero-day threats, spyware, and targeted attacks. A McAfee Web Gateway appliance is installed as a gateway that connects your network to the web and filters the web traffic that leaves and enters your network. Following the implemented web security rules, McAfee Web Gateway filters the requests that users send to the web from within your network and the responses that are sent back from the web. Embedded objects sent with requests or responses are also filtered. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 7

1 Introduction Understand the differences between the products Malicious and inappropriate content is blocked, while useful matter is allowed to pass through. Figure 1-1 Filtering web traffic McAfee Web Gateway offers many web scanning features that are not available within McAfee Email and Web Security appliances. These include: HTTPS traffic scanning Anti-malware engine which combines behavioral scanning with signature scanning of web traffic. Robust application control More authentication options Understand the differences between the products Although designed to perform similar roles, the McAfee Email and Web Security and McAfee Web Gateway appliances have differences in the way that they operate. These differences include: Policies or rules-based configuration Available operational modes Compare rules-based and policy-based configuration methods The two products under discussion use different methodologies to configure their scanning settings. The scanning settings used by McAfee Email and Web Security and McAfee Web Gateway are not directly equivalent. McAfee Email and Web Security uses policies to configure your email and web scanning parameters. Using policies allows a number of settings to be easily configured and deployed for specific circumstances, and for a new policy to be quickly configured for any additional circumstances as they arise. McAfee Web Gateway uses rule sets and rules to configure your web scanning parameters. Using a rules-based approach provides much greater flexibility when creating and fine-tuning your configuration to exactly match your web scanning requirements. You need to understand your McAfee Email and Web Security web scanning policies and your specific web scanning requirements in order to work out how best to implement these requirements using McAfee Web Gateway rules. 8 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Introduction Understand the differences between the products 1 Available operational modes The operational mode you select when installing your appliance dictates the way that your appliance is connected to your network. You can configure an McAfee Email and Web Security appliance to use one of these operational modes: Explicit proxy Transparent router Transparent bridge You can configure McAfee Web Gateway to use one of these operational modes: Proxy Transparent router Proxy and WCCP Transparent bridge Proxy HA McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 9

1 Introduction Understand the differences between the products 10 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

2 Prepare 2 for the migration process Prepare to manually migrate your web configuration and settings from your McAfee Email and Web Security appliance, and onto your McAfee Web Gateway appliance. Due to the complexity of each customers individual web scanning policies within McAfee Email and Web Security, it is impossible to give exact step-by-step instructions about moving your web scanning settings from your McAfee Email and Web Security appliance to your McAfee Web Gateway. This document provides information about performing example tasks that will be useful in helping you to migrate your own McAfee Email and Web Security policies into McAfee Web Gateway. Contents View the product documentation Review your McAfee Email and Web Security policies before migrating Review default McAfee Web Gateway rule sets and rules Comparable features and settings Unavailable features and settings Determine your physical or virtual appliance Suggested migration setup View the product documentation To become familiar with the configuration of both products, locate and read the product documentation for both the McAfee Email and Web Security and McAfee Web Gateway products. McAfee Email and Web Security documentation Locate and read the product documentation for McAfee Email and Web Security appliances. From the McAfee Email and Web Security user interface, click the context-sensitive Help. Help icon to view the The product guide and other McAfee Email and Web Security documentation can also be found at: https://mysupport.mcafee.com/eservice/productdocuments.aspx Select from the drop-down lists: Select a Product Email and Web Security Appliance Software Select a Version Email and Web Security Appliance Software 5.6 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 11

2 Prepare for the migration process Review your McAfee Email and Web Security policies before migrating McAfee Web Gateway documentation Locate and read the product documentation for McAfee Web Gateway products. From the McAfee Web Gateway user interface, click the Gateway Product Guide. Help icon to view the McAfee Web The product guide and other McAfee Web Gateway documentation can also be found at: https://contentsecurity.mcafee.com/ You need to provide your user name and password to access this website. Review your McAfee Email and Web Security policies before migrating Due to the differences between policies and rules, and the efforts required to migrate policies into rule sets, take time to review your existing policies, checking to see if any are no longer used, or if they do not work in quite the way you expect. By better understanding your McAfee Email and Web Security policies, you can make better decisions re-creating your existing functionality, because there are often multiple ways to create rules in Web Gateway that achieve similar results. Consider, for example, that you are planning on setting up different URL categorizations for specific users or groups of users. If this is for a single user or group, or for a small number of users or groups, and the URL categorizations only contain minor deviations from a common list, it is easiest to create a specific rule permitting those users or groups access to a specific URL categorization list. However, if you have many users or groups, or you are using many URL categorization lists, it might be clearer and more efficient to create a separate rule for each user or group, and maintain separate URL categorization lists for each user or group. Review default McAfee Web Gateway rule sets and rules Save time re-creating equivalent McAfee Email and Web Security policies by reviewing the pre-defined McAfee Web Gateway rule sets and rules. Depending on the options you select when you first install your McAfee Web Gateway, you will be presented with a number of pre-defined rule sets and rules. You can use the policy creation wizard to create a web security policy for your network, according to your selections. You can also choose not to make any selections and have a default policy implemented. McAfee Web Gateway includes many pre-defined rule sets. These pre-defined rule sets are available from within the user interface, from the Policy Rule Sets tab. To access them, click the Add button, then select Rule Set from Library. It might be simpler and faster to use an existing rule set or rule, or to modify an existing rule set or rule to meet your scanning objectives. You can also download pre-defined rule sets from the Online Rule Set Library, available from: https:// contentsecurity.mcafee.com/ruleset_library To learn about rule sets, rules, settings, and lists within McAfee Web Gateway, see the Rules and rule sets chapter and Appendix: Configuration lists within the McAfee Web Gateway Product Guide. 12 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Prepare for the migration process Comparable features and settings 2 Comparable features and settings Understand the type of settings that you can manually migrate from your McAfee Email and Web Security appliance to your McAfee Web Gateway. The majority of the configurations, features and settings from your McAfee Email and Web Security appliance either have directly comparable settings, or settings that can be re-created in other ways within McAfee Web Gateway. As the number of these comparable features is very large, it is not feasible or helpful to list them all within a document of this type. Instead, the features and settings that are not comparable are called out separately. Unavailable features and settings The majority of configurations, features, and settings from your McAfee Email and Web Security appliance either have directly comparable settings, or settings that can be re-created in other ways within McAfee Web Gateway. The following table shows McAfee Email and Web Security features and settings that are not directly comparable on McAfee Web Gateway. Table 2-1 Unavailable features and settings McAfee Email and Web Security path System Appliance Management UPS Settings System Appliance Management General System Appliance Management System Administration Each time you apply your configuration changes. System Appliance Management Remote Access System Appliance Management Remote Access Feature name Uninterruptible Power Supply (UPS) integration Fiber Network Interface Cards Rescue image Configuration comments Secure Shell (SSH) configuration available within the user interface Internet Protocol (IP) -based Access Control Lists available from the user interface Note Currently, McAfee Web Gateway does not support the integration of information from UPS systems. Currently, McAfee Web Gateway only uses copper NICs, not fiber-optic NICs. When installing McAfee Web Gateway, there is no rescue image saved to the hard disk. McAfee recommends that you keep an archived copy of the software, together with regular configuration backups available for disaster recovery. Within McAfee Email and Web Security, each time you apply any configuration changes, you are prompted to provide a comment on the changes you have made. This feature is not available within McAfee Web Gateway. The McAfee Email and Web Security user interface includes options for configuring SSH access to the appliance. SSH configuration is not included in the user interface, as it is configured during the initial setup of your McAfee Web Gateway. Although there is not a directly comparable feature available within McAfee Web Gateway, you can re-construct similar functionality using Configuration Network Protection rules. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 13

2 Prepare for the migration process Unavailable features and settings Table 2-1 Unavailable features and settings (continued) McAfee Email and Web Security path System Appliance Management Remote Access Web Web Policies Scanning Policies Anti-Virus Automatic features when installing new scanning blades into a configured McAfee Content Security Blade Server. System Users, Groups and Services Directory Services System Users, Groups and Services Role-Based User Accounts Feature name Out-of-Band NIC De-obfuscated content can be passed to further filters Blade automated installs and cluster membership LDAP configuration Note McAfee Email and Web Security enables you to configure management of the appliance via an additional, out-of-band network interface. This feature can be implemented within McAfee Web Gateway by binding the user interface to a specific IP address. McAfee Web Gateway uses its composite opener properties to define the exact file type for embedded content. When installing additional blades onto a McAfee Content Security Blade Server running McAfee Email and Web Security software, the new blade is automatically installed and joined to the scanning cluster. This feature is not available within McAfee Web Gateway. The McAfee Email and Web Security user interface queries LDAP to allow drop-down list selection of LDAP groups. McAfee Web Gateway uses text box entry only. Web Web Policies Scanning Policies Anti-Virus Basic Options Web Web Policies Scanning Policies Anti-Virus Basic Options Web Web Policies Scanning Policies Anti-Virus Packers Web Web Configuration HTTP Protocol Settings Find all macros and treat as infected, and Remove all macros GTI Sensitivity level Packer Detection HTTP Scanning Requests McAfee Email and Web Security enables you to select to scan just the Request Headers, the Request Body, or both. McAfee Web Gateway does not provide these exact options. You cannot select the GTI Sensitivity level for file reputation within McAfee Web Gateway. This setting is fixed at or equivalent to the "High" level. McAfee Web Gateway does not provide the same level of granularity for these options as McAfee Email and Web Security. McAfee Web Gateway scans both the headers and body of HTTP Scanning Requests. Web Web Configuration HTTP Protocol Settings HTTP Scanning Responses McAfee Email and Web Security enables you to select to scan just the Response Headers, the Response Body, or both. McAfee Web Gateway scans both the headers and body of HTTP Scanning Responses 14 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Prepare for the migration process Determine your physical or virtual appliance 2 Determine your physical or virtual appliance Depending on your chosen migration path from McAfee Email and Web Security to McAfee Web Gateway and whether you are implementing these within a virtual environment or on hardware appliances, you may consider re-imaging your current hardware with the McAfee Web Gateway software. You can configure McAfee Web Gateway on a new physical or a virtual appliance, or, depending on the age and model of your existing McAfee Email and Web Security appliance, you may be able to re-image your existing appliance. During the manual migration process, we recommend that you have both products running side-by-side, so that you can compare settings. You can also have both products running within a virtual environment. The following table shows the hardware models that are compatible with the McAfee Web Gateway software. Table 2-2 Hardware compatibility Hardware model Used on McAfee Email and Web Security model Compatible with McAfee Web Gateway Intel SR1530 3000 or 3100 Compatible Intel SR1625 3300 Compatible Intel SR1630 3200 Compatible Intel SR2625 3400 Compatible HP BL460 McAfee Content Security Blade Server Compatible Dell CR100 3000 or 3100 Hardware requires a BIOS update Dell R200 3200 Hardware requires a BIOS update Dell R610 3300 or 3400 Hardware requires a BIOS update All other hardware platforms used by the McAfee Email and Web Security product range Virtual image running on: VMware vsphere 4.x, or VMware vsphere Hypervisor (ESXi) 4.x McAfee Email and Web Security Virtual Appliance Not compatible New hardware is required, or McAfee Web Gateway can be run within a virtual environment. See the McAfee Web Gateway product documentation for further information. Compatible McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 15

2 Prepare for the migration process Determine your physical or virtual appliance Determine your hardware platform Determine the hardware platform used on your existing McAfee Email and Web Security appliance. Task 1 Log on to your McAfee Email and Web Security appliance. 2 Click About the Appliance. The About the Appliance dialog box is displayed: The hardware platform is reported. Review the network placement Confirm that your McAfee Web Gateway appliance is positioned within your network in the optimal configuration. When you added a McAfee Email and Web Security appliance into your network, you needed to consider its placement so as to optimize the scanning of both email and web traffic. Before adding a new McAfee Web Gateway or re-imaging an existing appliance with the McAfee Web Gateway software, give consideration to the optimal configuration within your network for scanning web traffic. Refer to the McAfee Web Gateway Product Guide for further information. 16 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Prepare for the migration process Suggested migration setup 2 Suggested migration setup Prepare for your migration by setting up your hardware. McAfee recommends that you do the following: Have your McAfee Email and Web Security appliance (either hardware-based, or a virtual appliance) running. Have your McAfee Web Gateway appliance (either hardware-based, or a virtual appliance) running in its default configuration, and test that everything is working as expected. This includes configuring network connectivity and authentication settings. You can create your McAfee Web Gateway configuration on a virtual appliance, then back up and restore the configuration to physical appliances at a later date. Back up both your McAfee Email and Web Security and McAfee Web Gateway appliances, so that you can roll back to a known, working environment if needed. Have both product user interfaces visible, either within separate browsers or browser tabs, or by arranging the monitors and keyboards so that the products are side-by-side. This will make it easier to see the comparable pages of both interfaces when migrating your settings. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 17

2 Prepare for the migration process Suggested migration setup 18 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

3 Back 3 up existing configurations Before starting to manually create a McAfee Web Gateway configuration that replicates your McAfee Email and Web Security policies, back up the configurations for both products. This allows you to reconfigure either product to a known working state if needed. Contents Back up the McAfee Email and Web Security configuration Back up the McAfee Web Gateway configuration Back up the McAfee Email and Web Security configuration Before attempting to migrate any setting from your McAfee Email and Web Security appliance, ensure that you back up your configurations. This allows you to roll back to a known working state if needed. Task 1 Select System System Administration Cluster Management Backup and Restore Configuration. 2 If needed, select the Include the Data Loss Prevention database and Include TLS certificates and private keys options. If you select Include TLS certificates and private keys, you also have the option of entering and confirming a Private key passphrase. 3 Click Backup Configuration. 4 When prompted, click on the link to download the configuration backup file to your local file system. Back up the McAfee Web Gateway configuration The McAfee Web Gateway configuration, including rules, lists, settings, and administrator accounts, can be stored in a backup file. Complete the following procedure to back up or restore the appliance configuration: Task 1 Select Troubleshooting Backup/Restore. 2 Under Backup Policy, Configuration, and Accounts, click Backup to file. A window opens to let you select a file for storing the configuration. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 19

3 Back up existing configurations Back up the McAfee Web Gateway configuration 20 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

4 4 Create your McAfee Web Gateway configuration Become familiar with the tasks needed to re-create your web scanning settings on McAfee Web Gateway. Setting can be re-created in a number of different ways; the simplest is often the easiest to understand and maintain. Many of these tasks are examples, and exact values are used for illustrative purposes only. Contents Configure the initial McAfee Web Gateway settings Configure basic anti-virus settings Configure URL filtering settings Configure the initial McAfee Web Gateway settings Configure the basic settings on your McAfee Web Gateway to allow your web traffic to be scanned. Before re-creating your McAfee Email and Web Security settings, you must create an initial policy on your McAfee Web Gateway and configure proxy and caching settings, authentication, and access management. Ensure that you import and activate a valid license for your McAfee Web Gateway, as you will be unable to perform some tasks without a license. Before you begin Ensure that you correctly install the McAfee Web Gateway appliance (either as a hardware appliance, or a virtual appliance within a virtual environment.) Refer to Chapter 2 Setup and Logon, within the McAfee Web Gateway Product Guide for more information about installing and carrying out the installation and initial configuration on your McAfee Web Gateway. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 21

4 Create your McAfee Web Gateway configuration Configure the initial McAfee Web Gateway settings Create your initial policy The first time you log on to the McAfee Web Gateway user interface, a policy creation wizard allows you to select initial policy options or accept the default policy. In the wizard window, do one of the following to implement a policy: Select values for organization, location, and a level of permission or restriction. Then click OK. A web security policy is implemented accordingly. Your location and organization selections are used to implement standard whitelists and recommended blocking lists. Your selection regarding permission or restriction is used to implement filtering rules. Click Default. A default web security policy is implemented. Figure 4-1 Policy creation dialog box Configure proxy settings Before re-creating your McAfee Email and Web Security policies within McAfee Web Gateway, you should configure your proxy settings. Refer to Chapter 3 Proxies and caching, within the McAfee Web Gateway Product Guide for more information about configuring the operational mode and related settings on your McAfee Web Gateway. Wherever possible, use similar settings to those on your McAfee Email and Web Security appliance. For example, if your McAfee Email and Web Security appliance is currently running in Explicit Proxy mode, configure your McAfee Web Gateway to do the same unless you have a reason to change the mode. The default HTTP Proxy ports are different: McAfee Email and Web Security defaults to port 80, and McAfee Web Gateway defaults to port 9090. You will need to either change the McAfee Web Gateway HTTP Proxy port to 80, or change the ports on all client machines ports to use 9090. 22 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Create your McAfee Web Gateway configuration Configure basic anti-virus settings 4 Configure authentication and access management To use many of the powerful web traffic scanning features included within McAfee Web Gateway, you must first set up authentication services and configure access management on your McAfee Web Gateway. Some information about your existing authentication services and access management can be found within the McAfee Email and Web Security user interface, in: System Users, Groups and Services Directory Services System Users, Groups and Services Web User Authentication System Users, Groups and Services Policy Groups System Users, Groups and Services Role-Based User Accounts Refer to Chapter 5 Authentication and access management, within the McAfee Web Gateway Product Guide for more information about configuring authentication services and related settings on your McAfee Web Gateway. Configure basic anti-virus settings Both McAfee Email and Web Security and McAfee Web Gateway provide anti-virus scanning options. Review the anti-virus settings in the two appliances: McAfee Email and Web Security Select Web Scanning Policies, then click the top link under Anti-Virus. The Default Anti-Virus Settings window appears. McAfee Web Gateway Anti-virus settings are configured in the Gateway Anti-Malware rule set by default. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 23

4 Create your McAfee Web Gateway configuration Configure basic anti-virus settings Use an existing anti-virus rule set Add a pre-defined rule set to provide anti-virus scanning capabilities. Before you begin Take the time to locate a suitable rule set from the Rule Set Library. Figure 4-2 Default Rule Sets This example is for illustrative purposes; your initial configurations already contains a rule set that includes rules for anti-virus detection. 24 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Create your McAfee Web Gateway configuration Configure basic anti-virus settings 4 Task 1 Select Policy. 2 From Rule Sets, click Add Top Level Rule Set and select Import rule set from Rule Set Library. The Add from a Rule Set Library dialog box is displayed. 3 Locate Gateway Anti-Malware from the Rule Set Library. When you select a rule set, information about the rules contained within it are displayed. Also, information about any conflicts between the selected rules and any rules within your current configuration are also displayed. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 25

4 Create your McAfee Web Gateway configuration Configure basic anti-virus settings 4 Resolve any conflicts. Conflicts arise when a rule set uses configuration objects, such as lists or settings, that already exist in an appliance configuration. You can do resolve conflicts by clicking Auto-Solve Conflicts or by clicking the manually selecting the required resolution. icons and then 5 When all conflicts have been resolved (noted by the icon appearing next to each rule), click OK. The selected rule set is added to your configuration. Details of each rule contained within the rule set are displayed on-screen. 6 Move the Gateway Anti-Malware rule set to the end of the list of rule sets. By listing your rule sets from the least-to-most resource intensive, any actions against the web object are carried out by the first, and least resource-intensive rule that applies to that object. Tasks Edit the pre-defined rule set on page 26 You can make changes to a pre-defined rule set to better match your scanning requirements. Edit a pre-defined rule on page 27 You can make changes to a pre-defined rule in a rule set to better match your scanning requirements. Edit the pre-defined rule set You can make changes to a pre-defined rule set to better match your scanning requirements. Before you begin Perform Use an existing Anti-Virus rule set. In this example, we will disable a rule contained within the rule set and change the order of the included rules. 26 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Create your McAfee Web Gateway configuration Configure basic anti-virus settings 4 Task 1 Select Policy Rule Sets. 2 Select Gateway Anti-Malware rule set. The rules within the selected rule set are displayed. 3 Perform the appropriate action. To disable a rule, deselect the checkbox next to the rule. To change the order of rules within a rule set, select the rule, then click the Move up or Move down arrows. Edit a pre-defined rule You can make changes to a pre-defined rule in a rule set to better match your scanning requirements. Before you begin Perform the Use an existing anti-virus rule set. Task 1 Select the rule to be edited. For this example, we will change the rule Block If Virus was Found to edit the Scanning Engines and Behavior. 2 Click Edit. The Edit Rule dialog box is displayed. 3 Click Rule Criteria. 4 Select the Antimalware.Infected property. Click Edit. 5 In the Edit Criteria dialog box, select Property. 6 Under Settings: (For 'Anti-Malware'), click Edit. The Edit Settings dialog box is displayed. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 27

4 Create your McAfee Web Gateway configuration Configure URL filtering settings 7 In Settings content, select Layered coverage: Full McAfee coverage plus specific Avira engine features - minor performance impact. 8 In Mobile Code Behavior, move the slider one division to the right, to increase the Classification threshold accuracy. This setting reduces the "false positive" detections, but might let some mobile code threats through. 9 Click OK. 10 Click OK. 11 Click Finish. 12 Click Save Changes. Configure URL filtering settings Both McAfee Email and Web Security and McAfee Web Gateway provide many URL filtering options. Review the URL filtering settings in the two appliances: McAfee Email and Web Security Select Web Scanning Policies, then click the links under Web Reputation and Categorization. McAfee Web Gateway URL filtering settings are configured in the URL Filtering rule set by default. For this exercise, we will create a new rule set and rules to add URL filtering into the McAfee Web Gateway configuration. Create a new rule set for URL filtering settings You can create a new rule set within McAfee Web Gateway to contain the configuration for URL filtering. A similar procedure can be followed to create other rule sets. Refer to Chapter 4 - Rules and rule sets, within the McAfee Web Gateway Product Guide for more information about rules and rule sets, and the importance of correctly positioning the rule sets within the rule set tree. Table 4-1 Example values for the new rule set Field Name Enable Applies to Apply this rule set Comment Example value URL Filter settings Checked (by default) Requests (and IM) Always URL filtering for the user group "strict_internet" Task 1 Select Policy Rule Sets. 2 On the rule set tree, navigate to the position where you want to insert the new rule set. 28 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Create your McAfee Web Gateway configuration Configure URL filtering settings 4 3 Above the rule set tree, click Add Rule Set. The Add New Rule Set dialog box opens. 4 Configure the following general settings for the rule set: Name Name of the rule set Enable When selected, the rule set is enabled Applies to Select if the rules within this rule set apply to Requests (and IM), Responses and Embedded Objects Apply this rule set Choose if this rule set is always used, or is only used if defined criteria are met [Optional] Comment Plain-text comment on the rule set 5 Click OK to add the rule set to the rule set tree. 6 Move the rule set towards the end of the list of rule sets. By listing your rule sets from the least-to-most resource intensive, any actions against the web object are carried out by the first, and least resource-intensive rule that applies to that object. 7 Click Save Changes. A new rule set, without any included rules, is created and added to the rule set tree. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 29

4 Create your McAfee Web Gateway configuration Configure URL filtering settings Tasks Create a new rule to specify URL filtering on page 30 You can create a new rule within an existing McAfee Web Gateway rule set. Define criteria for the rule on page 31 You can define criteria to further refine a rule. Specify the action on page 32 A rule must have an action that is applied when the rule is triggered. Define events for the rule on page 33 Specify alerts, reports, and other data to help you better configure and monitor your scanning configurations. Create a new rule to specify URL filtering You can create a new rule within an existing McAfee Web Gateway rule set. Before you begin Ensure that you have selected the rule set to which you intend adding this rule. This could be a rule set you have just created, or an existing rule set within your McAfee Web Gateway configuration. This task demonstrates how to create a rule to block access to Internet sites with a bad reputation. A similar procedure can be followed to create other rules. Table 4-2 Example values for the new rule set Field Name Comment Enable rule Apply this rule Example value Block sites with Bad Reputation Block sites with Bad Reputation Selected (by default) Select If the following criteria is matched 30 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Create your McAfee Web Gateway configuration Configure URL filtering settings 4 Task 1 Select the rule set that will contain the new rule. 2 Click Add Rule. The Add Rule dialog box opens. 3 Name the rule, and optionally add a comment to help identify the rule. 4 Click Finish to add the rule to the selected rule set, or Next to define the criteria for this rule. Define criteria for the rule You can define criteria to further refine a rule. This process assumes you have created a rule, but have not yet defined the criteria or lists that the rule will use. This example rule is created as a complex rule; there are two sets of criteria, connected using "OR" logic. Table 4-3 Example values for the rule criteria Field First criteria Property Operator Parameter Value Second criteria Property Operator Parameter Value Example value URL.IsHighRisk Refer to Appendix: Configuration lists in the McAfee Web Gateway Product Guide for a list of available Property values. equals true URL.IsMediumRisk equals true McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 31

4 Create your McAfee Web Gateway configuration Configure URL filtering settings Task 1 Select the rule set from within the rule set tree. 2 Select the required rule, then click Edit. 3 In the left pane, select Rule Criteria. 4 In the right pane, select Apply this rule: If the following criteria is matched. 5 Click Add to create the first criteria. The Add Criteria dialog box is displayed. 6 In Property, search for the McAfee Web Gateway property that you want to match against. 7 Select the required Operator. 8 In Parameter, select Value. 9 Click OK to close the Add Criteria dialog box. To create a complex rule, add more rule criteria. Select OR. Click Finish and Save Changes when you have added the required criteria. Specify the action A rule must have an action that is applied when the rule is triggered. Table 4-4 Example values for the rule action Field Action Settings Example value Block Refer to Appendix: Configuration lists in the McAfee Web Gateway Product Guide for information about the available actions. URL Blocked Task 1 Select the rule set from within the rule set tree. 2 Select the required rule, then click Edit. 32 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Create your McAfee Web Gateway configuration Configure URL filtering settings 4 3 In the left pane, select Action. The Action dialog box is displayed. 4 From the Action drop-down list, select an action. 5 From the Settings drop-down list, select your required options. 6 Click Finish. 7 Click Save Changes. Define events for the rule Specify alerts, reports, and other data to help you better configure and monitor your scanning configurations. Table 4-5 Example values for the rule events Field Event Example value Statistics.Counter.Increment (String, Number) Refer to Appendix: Configuration lists in the McAfee Web Gateway Product Guide for information about the available actions. Parameters Parameter 1: CounterName(String) Value is BlockedByURLFilter Parameter 2: Value (Number) Value is 1 Task 1 Select the rule set from within the rule set tree. 2 Select the required rule, then click Edit. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 33

4 Create your McAfee Web Gateway configuration Configure URL filtering settings 3 In the left pane, select Events. The Events dialog box is displayed. 4 Click Add Event. 5 Select the required Event: from the drop-down list. 6 Click Parameters. 7 Specify your required parameters. 8 Click OK. 9 Click OK. 10 Click Finish. 11 Click Save Changes. 34 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

Index A about McAfee Email and Web Security 7 about McAfee Web Gateway 7 about this guide 5 action specify 32 anti-virus configure 23 B back up configuration McAfee Email and Web Security 19 back up configurations 19 back up McAfee Web Gateway 19 basic McAfee Web Gateway configuration 21 C configure anti-virus 23 configure URL filtering 28 conventions and icons used in this guide 5 create a new rule set 28 creating web scanning settings 21 D default rule sets and rules 12 determine hardware platform 16 documentation audience for this guide 5 product 11 product-specific, finding 6 typographical conventions and icons 5 E events specify 33 existing configurations back up 19 existing policies review 12 F features not compatible 13 H hardware platform determine 16 I incompatible features 13 M McAfee Email and Web Security about 7 back up configuration 19 McAfee ServicePortal, accessing 6 McAfee Web Gateway about 7 back up 19 McAfee Web Gateway configuration basic 21 N network location 16 P product differences 8 product documentation 11 R review existing policies 12 rule editing 27 rule set create 28 editing 26 use existing 24 rule sets and rules default 12 S ServicePortal, finding product documentation 6 settings migrated 13 settings not migrated 13 specify action 32 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide 35

Index specify events 33 T W what's in this guide 6 Technical Support, finding product information 6 U URL filtering configure 28 36 McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide

700-3689A00