McAfee Web Security Appliance 5.6.0, MAP-3300-SWG - Web Security Appliance 3300 User manual

  • Hello! I am an AI chatbot trained to assist you with the McAfee Web Security Appliance 5.6.0 User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Product Guide
McAfee Email and Web Security
Appliances 5.6.0
COPYRIGHT
Copyright © 2010 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by
any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE),
MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of
McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
2
McAfee Email and Web Security Appliances 5.6.0 Product Guide
Contents
Preface 7
About this guide ..................................7
Audience ..................................7
Conventions .................................7
Finding product documentation .........................8
Contact information ..............................8
Optional components and related products ........................8
Working with your McAfee Email and Web Security Appliances ................9
The interface ................................10
Common tasks within the interface ....................... 12
Ports used by Email and Web Security Appliances .................16
Resources .................................17
Overview of Dashboard features 21
Dashboard ....................................21
Edit Preferences ...............................25
Graphs Edit Preferences ............................27
Overview of Reports features 29
Types of reports ..................................29
Scheduled Reports .................................30
Email Reports overview ...............................33
Interactive Reporting — Total view ....................... 37
Interactive Reporting — Time view .......................38
Interactive Reporting — Itemized view ......................38
Interactive Reporting — Detail view .......................39
Selection — Favorites .............................40
Selection — Filter ..............................40
Web Reports overview ...............................43
Interactive Reporting — Total view ....................... 46
Interactive Reporting — Time view .......................47
Interactive Reporting — Itemized view ......................47
Interactive Reporting — Detail view .......................48
Selection — Favorites .............................49
Selection — Filter ..............................49
System Reports ..................................52
Interactive Reporting — Detail view .......................54
Selection — Favorites .............................54
Selection — Filter ..............................55
Overview of Email features 59
Life of an email message ..............................59
Message Search ..................................62
Email Overview ..................................70
Email Configuration ................................ 71
McAfee Email and Web Security Appliances 5.6.0 Product Guide
3
Protocol Configuration ............................ 72
Receiving Email ...............................86
Sending Email ................................97
Email Policies ..................................101
Introduction to policies ............................101
Email Scanning Policies menu .........................103
About Protocol Presets ............................109
Email Scanning Policies ...........................109
Dictionaries ................................146
Registered Documents ............................155
Quarantine Configuration ..............................159
Quarantine Options .............................159
Quarantine Digest Options ..........................160
Digest Message Content ...........................161
Overview of Web features 163
Web Configuration ................................163
HTTP Connection Settings ...........................163
HTTP Protocol Settings ............................165
ICAP Connection Settings ...........................169
ICAP Authentication .............................171
ICAP Protocol Settings ............................172
FTP Connection Settings ...........................174
FTP Protocol Settings ............................175
Web Policies ...................................178
Introduction to policies ............................178
Web Scanning Policies ............................179
Dictionaries ................................197
Overview of System features 207
Appliance Management ..............................207
General ..................................207
DNS and Routing ..............................212
Time and Date ...............................214
Appliance Management — Remote Access ....................215
UPS Settings ................................219
Database Maintenance ............................222
Appliance Management — System Administration .................225
Default Server Settings ...........................232
Cluster Management ...............................233
Backup and Restore Configuration .......................233
Configuration Push .............................235
Load Balancing ...............................236
Resilient Mode ...............................239
Users, Groups and Services .............................240
Directory Services .............................240
Web User Authentication ...........................240
Policy Groups ...............................241
Role-Based User Accounts ..........................241
Virtual Hosting ..................................250
Virtual Hosts ................................250
Virtual Networks ..............................255
Certificate Management ..............................256
Certificates ................................256
Certificate Revocation lists (CRLs) .......................259
Logging, Alerting and SNMP .............................261
Contents
4
McAfee Email and Web Security Appliances 5.6.0 Product Guide
Email Alerting ...............................261
SNMP Alert Settings .............................268
SNMP Monitor Settings ............................268
System Log Settings ............................269
WebReporter ................................275
Logging Configuration ............................275
Component Management ..............................276
Update Status ...............................276
Package Installer ..............................282
ePO ...................................283
Setup Wizard ..................................284
Welcome .................................285
Overview of Troubleshoot features 311
Troubleshooting Tools ...............................311
Ping and Trace Route ............................312
System Load ................................312
Route Information .............................313
Disk Space ................................314
Troubleshooting Reports ..............................314
Minimum Escalation Report ..........................314
Capture Network Traffic ...........................315
Save Quarantine ..............................316
Log Files .................................316
Error Reporting Tool .............................318
Tests ......................................318
System Tests ...............................318
How appliances work with ePolicy Orchestrator 321
Configuring your appliance for ePolicy Orchestrator management 323
Managing your appliances from within ePolicy Orchestrator 325
Index 327
Contents
McAfee Email and Web Security Appliances 5.6.0 Product Guide
5
Preface
This guide provides the information you need to configure, use, and maintain your McAfee product.
About this guide
This information describes the guide's target audience, the typographical conventions and icons used
in this guide, and how the guide is organized.
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
• Administrators — People who implement and enforce the company's security program.
Conventions
This guide uses the following typographical conventions and icons.
Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.
Bold Text that is strongly emphasized.
User input or Path Commands and other text that the user types; the path of a folder or program.
Code
A code sample.
User interface
Words in the user interface including options, menus, buttons, and dialog
boxes.
Hypertext blue A live link to a topic or to a website.
Note: Additional information, like an alternate method of accessing an option.
Tip: Suggestions and recommendations.
Important/Caution: Valuable advice to protect your computer system,
software installation, network, business, or data.
Warning: Critical advice to prevent bodily harm when using a hardware
product.
McAfee Email and Web Security Appliances 5.6.0 Product Guide
7
Finding product documentation
McAfee provides the information you need during each phase of product implementation, from
installation to daily use and troubleshooting. After a product is released, information about the product
is entered into the McAfee online KnowledgeBase.
Task
1
Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
2
Under Self Service, access the type of information you need:
To access... Do this...
User documentation
1
Click Product Documentation.
2
Select a Product, then select a Version.
3
Select a product document.
KnowledgeBase
• Click Search the KnowledgeBase for answers to your product questions.
• Click Browse the KnowledgeBase for articles listed by product and version.
Contact information
Use this information to contact McAfee.
To contact McAfee, either contact your local representative, or visit http://www.mcafee.com.
Optional components and related products
The appliances have several components and related products. Some components can be fully
integrated into the appliances. Other products provide a central point for monitoring and managing
several McAfee
®
products, including the appliances. The next table describes the optional components
and related products. For more information, see the McAfee website.
Related products
The following McAfee products can be used with your McAfee
®
Email and Web Security Appliances
product.
Component/ Product Description Compatible with type of
appliances
McAfee Quarantine Manager Consolidates quarantine
management for many McAfee
products, including the
appliances.
Email
Email+Web
McAfee ePolicy Orchestrator Provides a central control point
for reporting activity on several
appliances.
All
Preface
Optional components and related products
8
McAfee Email and Web Security Appliances 5.6.0 Product Guide
Auxiliary hardware
Some appliances include auxiliary hardware:
Auxiliary hardware Features Appliance
Accelerator card Higher throughput for HTTP
protocol.
3400
Fiber card Connection via optical fiber
instead of copper wire.
3300, 3400
Remote Access card Remote access and some
management of the appliance.
For example, the card can
re-image the appliance remotely
using a CD in another computer.
3300, 3400
Your appliance has all auxiliary hardware pre-installed for the hardware
and software combination that you have purchased.
Combinations of software and hardware
The following combinations of software and hardware are possible:
Appliance Combined Email and Web Email only Web only
3000 Yes No No
3100 Yes No No
3200 Yes No No
3300 Yes No No
3400 No Yes Yes
M3 Content
Security Blade
Server
Yes Yes Yes
M7 Content
Security Blade
Server
Yes Yes Yes
Virtual appliances
The McAfee
®
Email and Web Security Appliance software is also available as a virtual appliance,
running within a VMware environment. It is available as the combined Email and Web version of the
software.
Working with your McAfee Email and Web Security Appliances
This section describes important concepts to help you configure your McAfee
®
Email and Web Security
Appliance.
Preface
Working with your McAfee Email and Web Security Appliances
McAfee Email and Web Security Appliances 5.6.0 Product Guide
9
The interface
Use this page to get to know your way around the user interface.
The interface you see might look slightly different from that shown here,
because it can vary depending on the appliance's hardware platform,
software version, and language.
Refer
ence
Option
A Navigation bar
B User information bar
C Section icons
D Tab bar
E Support control buttons
F View control
G Content area
A — Navigation bar
The navigation bar contains four areas: user information, section icons, tab bar, and support controls.
B — User information bar
C — Section icons
The number of section icons depends on the software version that you are using. Click an icon to
change the information in the content area and the tab bar. The icons include the following:
Preface
Working with your McAfee Email and Web Security Appliances
10
McAfee Email and Web Security Appliances 5.6.0 Product Guide
Icon Menu Features
Dashboard
Use this page to see a summary of the appliance. From this page
you can access most of the pages that control the appliance.
Reports
Use the Reports pages to view events recorded on the appliance,
such as viruses detected in email messages or during web access,
and system activities such as details of recent updates and logins.
Email
Use the Email pages to manage threats to email messages,
quarantine of infected email, and other aspects of email
configuration.
Web
Use the Web pages to manage threats to web downloads, and to
manage other aspects of web configuration.
System
Use the System pages to configure various features on the appliance.
Troubleshoot
Use the Troubleshoot pages to diagnose any problems with the
appliance.
D — Tab bar
The contents of the tab bar are controlled by the selected section icon. The selected tab dictates what
is displayed in the content area.
E — Support control buttons
The support control buttons are actions that apply to the content area.
Icon Description
Refreshes or updates the content.
Returns you to the previously viewed page. We recommend that you click this button,
rather than your browser's Back button.
Appears when you configure something to allow you to apply your changes.
Appears when you configure something to allow you to cancel your changes.
Opens a window of Help information. Much of the information in this window also
appears in the Product Guide.
F — View control
The view control button shows or hides a status window.
The status window, which appears in the bottom right of the interface, shows recent activity. New
messages are added at the top of the window. If a message is blue and underlined, you can click the
link to visit another page. You can also manage the window with its own Clear and Close links.
Preface
Working with your McAfee Email and Web Security Appliances
McAfee Email and Web Security Appliances 5.6.0 Product Guide
11
G — Content area
The content area contains the currently active content and is where most of your interaction will be.
The changes that you make take effect after you click the green
checkmark.
Common tasks within the interface
This section describes some common procedures for setting up, configuring, and managing your
appliance.
Tasks
• Enabling each feature on page 12
To ensure good detection and best performance, some features on the appliance are on
(enabled) by default, while others are off (disabled). Many dialog boxes and windows have
an Enabled checkbox. To use any feature, make sure you have selected this checkbox.
• Making changes to the appliance's configuration on page 12
Use this task to make changes to the operation of the appliance.
Enabling each feature
To ensure good detection and best performance, some features on the appliance are on (enabled) by
default, while others are off (disabled). Many dialog boxes and windows have an Enabled checkbox. To
use any feature, make sure you have selected this checkbox.
Making changes to the appliance's configuration
Use this task to make changes to the operation of the appliance.
Task
1
In the navigation bar, click an icon. The blue tabs below the icons change to show the available
features.
2
Click the tabs until you reach the page you need.
To locate any page, examine the tabs, or locate the subject in the Help index. The location of the
page is often described at the foot of the Help page. Example:
System | Appliance Management | Database Maintenance
3
On the page, select the options. Click the Help button (?) for information about each option.
4
Navigate to other pages as needed.
5
To save your configuration changes, click the green checkmark icon at the top right of the window.
6
In the Configuration change comment window, type a comment to describe your changes, then click OK.
Wait a few minutes while the configuration is updated.
7
To see all your comments, select System | Cluster Management | Backup and Restore Configuration [+] Review
Configuration Changes in the navigation bar.
Preface
Working with your McAfee Email and Web Security Appliances
12
McAfee Email and Web Security Appliances 5.6.0 Product Guide
Using lists
The following information explains the use of lists within Email and Web Security Appliances.
Contents
Making and viewing lists
Adding information to a list
Removing single items from a list
Removing many items from a list
Changing information in a list
Viewing information in a long list
Ordering information in a list
Ordering information alphabetically in a list
Making and viewing lists
Lists specify information such as domains, addresses and port numbers on many pages in the
interface. You can add new items to a list, and delete existing items.
Although the number of rows and columns might vary, all lists behave in similar ways. In some lists,
you can also import items from a prepared file, and change the order of the items. Not all lists have
these actions. This section describes all the actions that are available in the interface.
Adding information to a list
Use this task to add information into a list within the user interface.
Task
1
Click Add below the list.
A new row appears in the table. If this is your first item, a column of checkboxes appears on the
left of the table. You might also see a Move column on the right of the table.
2
Type the details in the new row. Press Tab to move between fields.
3
For help with typing the correct information, move your cursor over the table cell, and wait for a
pop-up to appear. For more information, click
.
4
To save the new items immediately, click the green checkmark: .
Removing single items from a list
Some lists take a long time to create, and therefore you can delete only one entry at a time to prevent
the accidental deletion of a lot of information.
Click the trashcan icon .
If the item cannot be deleted, the icon is unavailable:
Alternatively, do the following:
Task
1
Click the item to select it. The row turns pale blue.
2
Click Delete at the bottom of the list.
Removing many items from a list
On some long lists, you can remove many items quickly.
Preface
Working with your McAfee Email and Web Security Appliances
McAfee Email and Web Security Appliances 5.6.0 Product Guide
13
Task
1
In the column of checkboxes on the left of the table, select each item. To select many items, select
the checkbox in the table's heading row to select all the items, then deselect those that you want
to keep.
2
Click Delete at the bottom of the list.
3
To save the new changes immediately, click the green checkmark:
.
Changing information in a list
Use this task to change hte information contained within a list within the user interface.
If an item cannot be changed, the icon is unavailable: .
Task
1
Click the edit icon
.
2
Click on the text, then delete or retype it.
3
To save the new changes immediately, click the green checkmark:
4
To cancel any recent changes, click the close button at the top right of the window:
Viewing information in a long list
If the list has many items, you might not be able to see them all at the same time.
Task
1
To determine the position of an item in the list or the size of the list, view the text at the bottom of
the list, such as Items 20 to 29 of 40.
2
To move through the list or to move quickly to either end of the list, click the arrows at the bottom
right of the list. (
).
Ordering information in a list
Some lists display items in priority order. The first item in the list is the highest priority, the last item
is the lowest priority. To change the item's priority:
Task
1
Find the row that contains the item.
2
In the Move column (on the right of the table), click the upward or downward arrow:
Preface
Working with your McAfee Email and Web Security Appliances
14
McAfee Email and Web Security Appliances 5.6.0 Product Guide
Ordering information alphabetically in a list
When information is given in a list, you can sort the list alphabetically.
Task
•
To change the order:
• To force items in a column into alphabetical order, click the column heading. Items in other
columns are automatically sorted accordingly. An icon appears in the column heading to indicate
that this column is sorted:
• To sort the information differently, click the other column headings.
• To reverse and restore the alphabetical order of the information within a single column, click the
icons in the column heading:
Importing and exporting information
Topics describing how to import and export information.
Contents
Importing prepared information
Exporting prepared information
Importing prepared information
From some pages, you can import information from other devices, appliances, or software for use on
the appliance, such as from a previously prepared comma-separated value (.csv).
Imported information normally overwrites the original information.
Table 1 Some formats for comma-separated value (.csv) files
Type of information Format Example
Domain D, domain, IP address D, www.example.com,
192.168.254.200
Network address N, IP address, IP subnet mask N, 192.168.254.200,
255.255.255.0
Email address E, email-address E, [email protected]
Each item in the file is on a single line.
Task
1
Click Import.
2
In the Import window, browse to the file.
If further options are displayed in the dialog box, make the relevant choices based on the type of
file or information you are importing.
3
Click Open to import the information from the file.
Exporting prepared information
From some pages, you can export information from the appliance for use on other devices, appliances,
or software.
The information is generated in various forms, such as a .zip file, a .pdf, or a .csv file.
Preface
Working with your McAfee Email and Web Security Appliances
McAfee Email and Web Security Appliances 5.6.0 Product Guide
15
Table 2 Some formats for comma-separated value (.csv) files
Type of information Format Example
Domain D, domain, IP address D, www.example.com,
192.168.254.200
Network address N, IP address, IP subnet mask N, 192.168.254.200,
255.255.255.0
Email address E, email-address E, [email protected]
Each item in the file is on a single line.
Task
1
Click Export.
2
In the Export window, follow the instructions to create the file.
Ports used by Email and Web Security Appliances
Use this topic to review the ports used by your McAfee Email and Web Security Appliance.
The appliance uses various ports to communicate with your network and other devices.
Table 3 Ports used by Email and Web Security Appliances
Use Protocol Port Number
Software updates FTP 21
Anti-virus HTTP
FTP
80
21
McAfee Global Threat
Intelligence file reputation
DNS 53
Anti-spam rules and streaming
updates
HTTP 80
Anti-spam engine updates FTP 21
McAfee Global Threat
Intelligence message reputation
SSL 443
McAfee Global Threat
Intelligence web reputation
lookup
SSL 443
McAfee Global Threat
Intelligence web reputation
database update
HTTP 80
Domain Name System (DNS) DNS 53
McAfee Quarantine Manager HTTP 80
Active directory 389
McAfee Global Threat
Intelligence feedback
SSL 443
Preface
Working with your McAfee Email and Web Security Appliances
16
McAfee Email and Web Security Appliances 5.6.0 Product Guide
Intercept ports
When operating in either of the transparent modes — transparent bridge mode or transparent router
mode — the appliance uses the following intercept ports to intercept traffic to be scanned.
Table 4 Intercept ports
Protocol Port number
FTP 21
HTTP 80 or 8080
ICAP 1344
POP3 110
SMTP 25
Listening ports
The appliance typically uses the following ports to listen for traffic on each protocol. The appliance
listens for traffic arriving on the designated ports. You can set up one or more listening ports for each
type of traffic being scanned by your appliance.
Table 5 Typical listening ports
Protocol Port number
FTP 21
HTTP 80
ICAP 1344
POP3 110
SMTP 25
Ports used for ePolicy Orchestrator communication
When you configure your Email and Web Security Appliances to be managed by ePolicy Orchestrator
®
,
or when you set ePolicy Orchestrator to monitor and report on your appliances, the following ports are
used by default for communication between ePolicy Orchestrator and your appliances.
Table 6 ePolicy Orchestrator communication ports
Port usage Port number
Agent-to-server communication port
80
Agent-to-server communication secure port
443 (when enabled)
Agent wake-up communication port
8081 (default)
Agent broadcast communication port
8082 (default)
Console-to-application server communication port
8443
Client-to-server authenticated communication port
8444
Resources
This topic describes the information, links, and supporting files that you can find from the Resources
dialog box.
Click Resources from the black information bar at the top of the Email and Web Security Appliance user
interface.
Preface
Working with your McAfee Email and Web Security Appliances
McAfee Email and Web Security Appliances 5.6.0 Product Guide
17
The Resources dialog box contains links to different areas or to files that you might need when setting
up your appliance.
Link name Description
Technical
support
Clicking this link takes you to the McAfee Technical Support ServicePortal login page
(https://mysupport.mcafee.com/Eservices/Default.aspx).
From this page, you can search the KnowledgeBase, view product documentation and
video tutorials, as well as access other technical support services.
Submit a sample
If you have a file that you believe to be malicious, but that your McAfee systems are
not detecting, you can safely submit it to McAfee for further analysis.
Follow the Submit a sample link and either log on or register as a new user to access the
McAfee Labs Tool to submit suspicious files.
Virus Information
Library
Viruses are continually evolving, with new malicious files being developed daily. To
find out more about particular viruses or other threats, follow the link to the McAfee
Threat Center.
McAfee Spam
Submission Tool
This free tool integrates into Microsoft Outlook and allows users to submit missed
spam samples and email that was wrongly categorized as spam to McAfee Labs.
McAfee Spam Submission Tool (MSST) version 2.2 can also be used with McAfee
Secure Content Management appliances and McAfee Quarantine Manager to train the
Bayesian database.
The tool supports automated blacklisting and whitelisting, and has an installer that
supports automated script-based installations. Supported platforms: Windows 2000
and Windows XP with Microsoft Outlook 2000 or later.
The latest MSST and documents can be downloaded from the following location:
http://www.mcafee.com/us/enterprise/downloads/free_tools/index.html
ePO Extensions
Download the ePolicy Orchestrator extensions for Email and Web Security Appliances.
This file contains both the EWG and the EWS extensions.
The EWG extension allows reporting from within ePolicy Orchestrator for the following
products:
• Email and Web Security Appliances version 5.5
• Email and Web Security Appliances version 5.6
• McAfee Web Gateway
• McAfee Email Gateway
The EWS extension provides full ePolicy Orchestrator management for Email and Web
Security Appliances version 5.6.
For you to use ePolicy Orchestrator for either reporting or management, the ePO
extensions need to be installed on your ePolicy Orchestrator server.
ePO 4.5 Help
Download the ePolicy Orchestrator Help extensions for the two ePO extensions listed
above.
This file installs the Help extensions relating to the ePolicy Orchestrator extensions for
Email and Web Security Appliances onto your ePolicy Orchestrator server.
SMI File
Download the Structure of Managed Information (SMI) file for use with the Simple
Network Management Protocol (SNMP).
This file provides information about the syntax used by the SNMP Management
Information Base (MIB) file.
Preface
Working with your McAfee Email and Web Security Appliances
18
McAfee Email and Web Security Appliances 5.6.0 Product Guide
Link name Description
MIB File
Download the MIB file for use with SNMP.
This file is used to define the information that your Email and Web Security Appliance
can transmit using SNMP.
HP OpenView
NNM Smart
Plug-in Installer
Download the HP OpenView installer file to enable you to configure your Email and
Web Security Appliance to communicate with HP OpenView.
Preface
Working with your McAfee Email and Web Security Appliances
McAfee Email and Web Security Appliances 5.6.0 Product Guide
19
/