Installation Guide
Page 3
... a DMZ 15 Connecting and Configuring the Appliance 18 Installation quick reference table 18 Ports and Connections 19 3000, 3100 panel layout 19 3200 panel layout 19 3300 and 3400 panel layout 20 Panel components: 3000, 3100, 3200, 3300, 3400 20 Physically installing the appliance 23 Connect to the network 23 Port numbers 23 Using Copper LAN connections 24 Using Fiber LAN connections 24 Monitor and keyboard 24 Supplying power to the appliance 25 McAfee Email and Web Security Appliance 5.1 Installation Guide 3
... a DMZ 15 Connecting and Configuring the Appliance 18 Installation quick reference table 18 Ports and Connections 19 3000, 3100 panel layout 19 3200 panel layout 19 3300 and 3400 panel layout 20 Panel components: 3000, 3100, 3200, 3300, 3400 20 Physically installing the appliance 23 Connect to the network 23 Port numbers 23 Using Copper LAN connections 24 Using Fiber LAN connections 24 Monitor and keyboard 24 Supplying power to the appliance 25 McAfee Email and Web Security Appliance 5.1 Installation Guide 3
Installation Guide
Page 9
...; Preparing for storing extra software and files. If you use it within your organization behind a correctly configured firewall. • Not a server for installation. You must use explicit proxy mode, only protocols that you need to the unit and access the ports and connections. A rack-mounting kit is : • Not a firewall. Pre-installation Plan the installation Plan the installation Before unpacking your appliance, it unless instructed by the product documentation or your support representative.
...; Preparing for storing extra software and files. If you use it within your organization behind a correctly configured firewall. • Not a server for installation. You must use explicit proxy mode, only protocols that you need to the unit and access the ports and connections. A rack-mounting kit is : • Not a firewall. Pre-installation Plan the installation Plan the installation Before unpacking your appliance, it unless instructed by the product documentation or your support representative.
Installation Guide
Page 10
... mode to use . The mode you choose determines how you can choose from explicit proxy or transparent router mode, only the enabled IP addresses for the LAN1 and LAN2 ports. Contents Transparent bridge mode Transparent router mode Explicit proxy mode 10 McAfee Email and Web Security Appliance 5.1 Installation Guide You can set up multiple IP addresses for each port are aware of the existence of the transparent modes. • How the appliance physically connects to your network. • The configuration needed...
... mode to use . The mode you choose determines how you can choose from explicit proxy or transparent router mode, only the enabled IP addresses for the LAN1 and LAN2 ports. Contents Transparent bridge mode Transparent router mode Explicit proxy mode 10 McAfee Email and Web Security Appliance 5.1 Installation Guide You can set up multiple IP addresses for each port are aware of the existence of the transparent modes. • How the appliance physically connects to your network. • The configuration needed...
Installation Guide
Page 11
... a router) that McAfee Email and Web Security Appliance 5.1 Installation Guide 11 Where to your clients, default gateway, MX records, Firewall NAT or mail servers to send traffic to update a routing table. They are unaware that communicate with the internal mail server - What the appliance does In transparent bridge mode, the appliance connects to place the appliance For security reasons, you do not need to the appliance. Figure 2: Single logical network TIP: In transparent bridge mode, position the appliance between the firewall...
... a router) that McAfee Email and Web Security Appliance 5.1 Installation Guide 11 Where to your clients, default gateway, MX records, Firewall NAT or mail servers to send traffic to update a routing table. They are unaware that communicate with the internal mail server - What the appliance does In transparent bridge mode, the appliance connects to place the appliance For security reasons, you do not need to the appliance. Figure 2: Single logical network TIP: In transparent bridge mode, position the appliance between the firewall...
Installation Guide
Page 12
... network devices to send traffic to the appliance. Configuration Using transparent router mode, you might need to explicitly reconfigure your organization, behind a firewall. The appliance acts as NETBEUI and IPX. 12 McAfee Email and Web Security Appliance 5.1 Installation Guide NOTE: Transparent router mode does not support Multicast IP traffic or non-IP protocols, such as a router, routing the traffic between two networks. For example, you do not need to make the appliance your networks using the LAN1 and LAN2 ports. The appliance has one IP address for incoming traffic...
... network devices to send traffic to the appliance. Configuration Using transparent router mode, you might need to explicitly reconfigure your organization, behind a firewall. The appliance acts as NETBEUI and IPX. 12 McAfee Email and Web Security Appliance 5.1 Installation Guide NOTE: Transparent router mode does not support Multicast IP traffic or non-IP protocols, such as a router, routing the traffic between two networks. For example, you do not need to make the appliance your networks using the LAN1 and LAN2 ports. The appliance has one IP address for incoming traffic...
Installation Guide
Page 13
... device. The appliance then works as its default gateway. • Ensure your client devices can deliver email messages to the mail servers within your network. The appliance scans the email traffic before forwarding it, on behalf of the devices. McAfee Email and Web Security Appliance 5.1 Installation Guide 13 Network and device configuration If the appliance is best suited to networks where client devices connect to the recipient. Explicit proxy mode is set up explicitly to send traffic to the appliance. The external...
... device. The appliance then works as its default gateway. • Ensure your client devices can deliver email messages to the mail servers within your network. The appliance scans the email traffic before forwarding it, on behalf of the devices. McAfee Email and Web Security Appliance 5.1 Installation Guide 13 Network and device configuration If the appliance is best suited to networks where client devices connect to the recipient. Explicit proxy mode is set up explicitly to send traffic to the appliance. The external...
Installation Guide
Page 14
... appliance, so that traffic needing to be scanned is configured to block traffic that incoming email messages from the Internet are unsure about Network Modes In a similar way, the network must be configured so that does not come directly from the external mail server to the appliance. The router must be positioned inside your network expert. 14 McAfee Email and Web Security Appliance 5.1 Installation Guide Figure 6: Explicit proxy configuration The appliance must allow all users to connect...
... appliance, so that traffic needing to be scanned is configured to block traffic that incoming email messages from the Internet are unsure about Network Modes In a similar way, the network must be configured so that does not come directly from the external mail server to the appliance. The router must be positioned inside your network expert. 14 McAfee Email and Web Security Appliance 5.1 Installation Guide Figure 6: Explicit proxy configuration The appliance must allow all users to connect...
Installation Guide
Page 15
... a DMZ A demilitarized zone (DMZ) is usually used for the mail servers. Hackers often gain access to networks by controlling access to specific ports on specific servers. Configuration changes need only be added easily to the Internet, such as a smart host. For this reason, explicit proxy mode is a network separated by a firewall from the appliance, but must not accept traffic that provide services to a DMZ configuration. The firewall must accept traffic from all other networks, including the Internet and...
... a DMZ A demilitarized zone (DMZ) is usually used for the mail servers. Hackers often gain access to networks by controlling access to specific ports on specific servers. Configuration changes need only be added easily to the Internet, such as a smart host. For this reason, explicit proxy mode is a network separated by a firewall from the appliance, but must not accept traffic that provide services to a DMZ configuration. The firewall must accept traffic from all other networks, including the Internet and...
Installation Guide
Page 19
... McAfee Email and Web Security Appliance 5.1 Installation Guide 19 Testing the appliance 13. is being scanned. Connect the appliance to the administration interface. Connect to the network. Run the Setup Wizard. Using policies to the network 5. Install the software. Configure production traffic through the appliance. Configuring the appliance using the Setup Wizard 8. Connecting and Configuring the Appliance Ports and Connections This step ... Installing the software 6. Test that the network traffic is described here ... 4. Connect to manage...
... McAfee Email and Web Security Appliance 5.1 Installation Guide 19 Testing the appliance 13. is being scanned. Connect the appliance to the administration interface. Connect to the network. Run the Setup Wizard. Using policies to the network 5. Install the software. Configure production traffic through the appliance. Configuring the appliance using the Setup Wizard 8. Connecting and Configuring the Appliance Ports and Connections This step ... Installing the software 6. Test that the network traffic is described here ... 4. Connect to manage...
Installation Guide
Page 20
... power supplies. 20 McAfee Email and Web Security Appliance 5.1 Installation Guide whenthe appliance is off . • Lights green - when the System Identification ( ) button is pressed. • Flashes amber when there is in standby mode. Connecting and Configuring the Appliance Ports and Connections 3300 and 3400 panel layout Panel components: 3000, 3100, 3200, 3300, 3400 CD-ROM drive Use the CD-ROM drive only when restoring, upgrading, or diagnosing system faults on and off . HDD LED • Flashes...
... power supplies. 20 McAfee Email and Web Security Appliance 5.1 Installation Guide whenthe appliance is off . • Lights green - when the System Identification ( ) button is pressed. • Flashes amber when there is in standby mode. Connecting and Configuring the Appliance Ports and Connections 3300 and 3400 panel layout Panel components: 3000, 3100, 3200, 3300, 3400 CD-ROM drive Use the CD-ROM drive only when restoring, upgrading, or diagnosing system faults on and off . HDD LED • Flashes...
Installation Guide
Page 21
...-SX Ethernet network connections. McAfee Email and Web Security Appliance 5.1 Installation Guide 21 NOTE: 3100 only - when the port has a good link to stop the LEDs flashing. Fiber LAN1 port and LAN2 port (3300 and 3400 appliances only) The 3300 and 3400 appliances also have covers to make a management connection; a local management connection using copper LAN2, or a remote Management Connection using the Setup Wizard. NOTE: The fiber ports have two fiber LC connectors for more information. Connecting and Configuring the Appliance Ports and Connections System...
...-SX Ethernet network connections. McAfee Email and Web Security Appliance 5.1 Installation Guide 21 NOTE: 3100 only - when the port has a good link to stop the LEDs flashing. Fiber LAN1 port and LAN2 port (3300 and 3400 appliances only) The 3300 and 3400 appliances also have covers to make a management connection; a local management connection using copper LAN2, or a remote Management Connection using the Setup Wizard. NOTE: The fiber ports have two fiber LC connectors for more information. Connecting and Configuring the Appliance Ports and Connections System...
Installation Guide
Page 22
The LAN1 port has a default IP address of 10.1.1.108 (subnet mask 255.255.255.0) to allow you are two "hot-pluggable" SCSI hard disk drives, managed in use to your network. The LAN2 port is only used to connect the appliance to access the appliance's user interface. You can cause data loss or hardware damage. 22 McAfee Email and Web Security Appliance 5.1 Installation Guide The LEDs show the following traffic: • Inbound and outbound protocol traffic. • Management and log data...
The LAN1 port has a default IP address of 10.1.1.108 (subnet mask 255.255.255.0) to allow you are two "hot-pluggable" SCSI hard disk drives, managed in use to your network. The LAN2 port is only used to connect the appliance to access the appliance's user interface. You can cause data loss or hardware damage. 22 McAfee Email and Web Security Appliance 5.1 Installation Guide The LEDs show the following traffic: • Inbound and outbound protocol traffic. • Management and log data...
Installation Guide
Page 23
... FTP, use to connect the appliance to use the appliance. The ports and cables that the card is about Network Modes. Both LEDs are going to install the appliance in a 19-inch rack, perform the steps in Mounting the appliance in a rack. 3 Connect a monitor and keyboard to the appliance. 4 Connect power leads to the monitor and the appliance, but do not connect to the power supplies yet. 5 Connect the appliance to your network. McAfee Email and Web Security Appliance 5.1 Installation Guide 23 The bottom LED flashes...
... FTP, use to connect the appliance to use the appliance. The ports and cables that the card is about Network Modes. Both LEDs are going to install the appliance in a 19-inch rack, perform the steps in Mounting the appliance in a rack. 3 Connect a monitor and keyboard to the appliance. 4 Connect power leads to the monitor and the appliance, but do not connect to the power supplies yet. 5 Connect the appliance to your network. McAfee Email and Web Security Appliance 5.1 Installation Guide 23 The bottom LED flashes...
Installation Guide
Page 24
... LAN connections Use the fiber cables to connect the LAN1 and LAN2 connectors to your local computer's network card. Transparent router mode Use the fiber cables to connect the LAN1 and LAN2 switches to the appliance. 24 McAfee Email and Web Security Appliance 5.1 Installation Guide Explicit proxy mode Use a copper LAN cable (supplied) to connect the LAN1 or LAN2 switch to your network. The connectors use depend on different IP subnets. Do this by changing the IP address or the netmask used as a dedicated management port. Transparent bridge mode Use...
... LAN connections Use the fiber cables to connect the LAN1 and LAN2 connectors to your local computer's network card. Transparent router mode Use the fiber cables to connect the LAN1 and LAN2 switches to the appliance. 24 McAfee Email and Web Security Appliance 5.1 Installation Guide Explicit proxy mode Use a copper LAN cable (supplied) to connect the LAN1 or LAN2 switch to your network. The connectors use depend on different IP subnets. Do this by changing the IP address or the netmask used as a dedicated management port. Transparent bridge mode Use...
Installation Guide
Page 25
... console prompts you to configure the basic network settings for the appliance • LAN1 settings • LAN2 Settings • NIC settings • Gateway information McAfee Email and Web Security Appliance 5.1 Installation Guide 25 Task 1 Connect the monitor and appliance power cables to its factory defaults. Tasks 1 From a computer with internet access, download the latest version of the startup sequence after either: • an unconfigured appliance starts, • or after an applianceis reset to power outlets. See Using the Configuration Console. Installing the software Use...
... console prompts you to configure the basic network settings for the appliance • LAN1 settings • LAN2 Settings • NIC settings • Gateway information McAfee Email and Web Security Appliance 5.1 Installation Guide 25 Task 1 Connect the monitor and appliance power cables to its factory defaults. Tasks 1 From a computer with internet access, download the latest version of the startup sequence after either: • an unconfigured appliance starts, • or after an applianceis reset to power outlets. See Using the Configuration Console. Installing the software Use...
Installation Guide
Page 28
... lookup. Specifies the date and the local time. You cannot change any value, click its blue link to best practice. 28 McAfee Email and Web Security Appliance 5.1 Installation Guide To change or disable this setup wizard. Domain name) must type the new password twice to be deleted. However, you can add more login accounts after installation. The original default password is the super administrator. Specifies a subnet address, such as 198.168.200...
... lookup. Specifies the date and the local time. You cannot change any value, click its blue link to best practice. 28 McAfee Email and Web Security Appliance 5.1 Installation Guide To change or disable this setup wizard. Domain name) must type the new password twice to be deleted. However, you can add more login accounts after installation. The original default password is the super administrator. Specifies a subnet address, such as 198.168.200...
Installation Guide
Page 29
... email before forwarding it is transparent to configure the IP address and network speeds for your network and to best practice. The appliance's operation is not set . McAfee Email and Web Security Appliance 5.1 Installation Guide 29 You can communicate with this page to the devices. Connecting and Configuring the Appliance Configuring the appliance using the Setup Wizard Option Definition The value is probably not correct. The value has not been changed from the default. Check the value...
... email before forwarding it is transparent to configure the IP address and network speeds for your network and to best practice. The appliance's operation is not set . McAfee Email and Web Security Appliance 5.1 Installation Guide 29 You can communicate with this page to the devices. Connecting and Configuring the Appliance Configuring the appliance using the Setup Wizard Option Definition The value is probably not correct. The value has not been changed from the default. Check the value...
Installation Guide
Page 30
... specify multiple IP addresses for file transfer. • Email traffic includes SMTP and POP3. 30 McAfee Email and Web Security Appliance 5.1 Installation Guide If no servers in the order that information to configure their own routing information. Specifies the IP addresses of other modes, click Network Interface 1 or Network Interface 2 to work on port 53), specify the IP address of traffic that provides name resolution. The devices can use that they are listed here. The first server in Transparent Bridge mode, the IP addresses...
... specify multiple IP addresses for file transfer. • Email traffic includes SMTP and POP3. 30 McAfee Email and Web Security Appliance 5.1 Installation Guide If no servers in the order that information to configure their own routing information. Specifies the IP addresses of other modes, click Network Interface 1 or Network Interface 2 to work on port 53), specify the IP address of traffic that provides name resolution. The devices can use that they are listed here. The first server in Transparent Bridge mode, the IP addresses...
Installation Guide
Page 39
...-spam scanning policy Use this protects users from to Deny connection (Block), then click OK. 19 Send the same email and check the denied connection. McAfee Email and Web Security Appliance 5.1 Installation Guide 39 A policy like this task to set up a policy to send a benign email. It has the IP address of your client machine (example IP address). 20 Try to protect your servers. To the sending server, it contains a virus...
...-spam scanning policy Use this protects users from to Deny connection (Block), then click OK. 19 Send the same email and check the denied connection. McAfee Email and Web Security Appliance 5.1 Installation Guide 39 A policy like this task to set up a policy to send a benign email. It has the IP address of your client machine (example IP address). 20 Try to protect your servers. To the sending server, it contains a virus...
Installation Guide
Page 44
... connected correctly. 44 McAfee Email and Web Security Appliance 5.1 Installation Guide If you have not used the blue cable supplied with the appliance, ensure that the cable you have not disabled the LAN2 port • The appliance has a working connection to the appliance's LAN2 port and your web browser. My password does not work. Using the appliance's recovery CD, return the appliance's password to your device is not, use the default IP address and, if that : • You have not disabled the LAN2 port. Check...
... connected correctly. 44 McAfee Email and Web Security Appliance 5.1 Installation Guide If you have not used the blue cable supplied with the appliance, ensure that the cable you have not disabled the LAN2 port • The appliance has a working connection to the appliance's LAN2 port and your web browser. My password does not work. Using the appliance's recovery CD, return the appliance's password to your device is not, use the default IP address and, if that : • You have not disabled the LAN2 port. Check...