McAfee MAP-3300-SWG Product Guide
McAfee MAP-3300-SWG - Web Security Appliance 3300 Manual
 |
UPC - 731944547008
View all McAfee MAP-3300-SWG manuals
Add to My Manuals
Save this manual to your list of manuals |
McAfee MAP-3300-SWG manual content summary:
- McAfee MAP-3300-SWG | Product Guide - Page 1
Product Guide McAfee Email and Web Security Appliances 5.6.0 - McAfee MAP-3300-SWG | Product Guide - Page 2
SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 3
Contents Preface 7 About this guide 7 Audience 7 Conventions 7 Finding product documentation 8 Contact information 8 Optional components and related products 8 Working with Email Overview 70 Email Configuration 71 McAfee Email and Web Security Appliances 5.6.0 Product Guide 3 - McAfee MAP-3300-SWG | Product Guide - Page 4
Configuration Push 235 Load Balancing 236 Resilient Mode 239 Users, Groups and Services 240 Directory Services 240 Web User Authentication 240 Policy Groups 241 Role-Based User Accounts Logging, Alerting and SNMP 261 4 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 5
Package Installer 282 ePO 283 Setup Wizard 284 Welcome 285 Overview of Troubleshoot features 311 Troubleshooting Tools 311 Ping and Trace Route 312 System Load 312 Route Information ePolicy Orchestrator 325 Index 327 McAfee Email and Web Security Appliances 5.6.0 Product Guide 5 - McAfee MAP-3300-SWG | Product Guide - Page 6
- McAfee MAP-3300-SWG | Product Guide - Page 7
need to configure, use, and maintain your McAfee product. About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the - McAfee MAP-3300-SWG | Product Guide - Page 8
troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service 8 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 9
fiber instead of copper wire. 3300, 3400 Remote access and some management using a CD in another computer. 3300, 3400 Your appliance has all auxiliary possible: Appliance 3000 3100 3200 3300 3400 M3 Content Security Blade concepts to help you configure your McAfee® Email - McAfee MAP-3300-SWG | Product Guide - Page 10
A - Navigation bar The navigation bar contains four areas: user information, section icons, tab bar, and support controls. B - User information bar C - Section icons The number of section icons depends on the software the following: 10 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 11
to configure various features on the appliance. Use the Troubleshoot pages to diagnose any problems with the appliance. D - Tab bar The contents of changes. Opens a window of Help information. Much of the information in this window also appears in the Product Guide. F - View control The view - McAfee MAP-3300-SWG | Product Guide - Page 12
any page, examine the tabs, or locate the subject in the Help index. The location of the page is often described at the foot of the Help page. Example: System | Appliance Management | Database Maintenance 3 On the the navigation bar. 12 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 13
right of the table. 2 Type the details in the new row. Press Tab to move between fields. 3 For help with typing the correct information, move your cursor over the table cell, and wait for a pop-up to appear. remove many items quickly. McAfee Email and Web Security Appliances 5.6.0 Product Guide 13 - McAfee MAP-3300-SWG | Product Guide - Page 14
many items, select the checkbox in the table's heading row to select all the items, then deselect those that you want to keep. 2 Click Delete at the bottom of the list. 3 To save the new changes immediately, click or downward arrow: 14 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 15
, appliances, or software. The information is generated in various forms, such as a .zip file, a .pdf, or a .csv file. McAfee Email and Web Security Appliances 5.6.0 Product Guide 15 - McAfee MAP-3300-SWG | Product Guide - Page 16
in the file is on a single line. Task 1 Click Export. 2 In the Export window, follow the instructions to create the file. Ports used by Email and Web Security Appliances Use this topic to review the ports 443 Intelligence feedback 16 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 17
communication port Port number 80 443 (when enabled) 8081 (default) 8082 (default) 8443 8444 Resources This topic describes the information, links, and supporting files that you can find from the Resources dialog box. Click Resources from the black information bar at the top of the Email and Web - McAfee MAP-3300-SWG | Product Guide - Page 18
product documentation and video tutorials, as well as access other technical support services. Submit a sample If you have a file that you believe Help Download the ePolicy Orchestrator Help extensions for the two ePO extensions listed above. This file installs the Help 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 19
installer file to enable you to configure your Email and Web Security Appliance to communicate with HP OpenView. McAfee Email and Web Security Appliances 5.6.0 Product Guide 19 - McAfee MAP-3300-SWG | Product Guide - Page 20
- McAfee MAP-3300-SWG | Product Guide - Page 21
use, providing you with a quick and easy method of moving to the correct area of the user interface. McAfee Email and Web Security Appliances 5.6.0 Product Guide 21 - McAfee MAP-3300-SWG | Product Guide - Page 22
Updates, a green checkmark indicates that the components will update itself automatically. To make a manual update, click the blue link • For other components, a green checkmark indicates that the the queues, click Quick search 22 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 23
- Email Security Appliance - Web Security Appliance Name - Web Gateway Appliance Displays the name of the appliance as configured McAfee Email and Web Security Appliances 5.6.0 Product Guide 23 - McAfee MAP-3300-SWG | Product Guide - Page 24
more than one email is received in the same SMTP conversation • When messages are sent over SMTPS 24 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 25
you can specify using Edit on each dashboard area matches relates to the selected area of the appliance. McAfee Email and Web Security Appliances 5.6.0 Product Guide 25 - McAfee MAP-3300-SWG | Product Guide - Page 26
want statistics, the counters that you want you want to report on, the counters you want to the levels at which you want to receive a warning based the protocols for which you want to display connection and at which you want to receive which you want policies to display, and whether you want to see - McAfee MAP-3300-SWG | Product Guide - Page 27
and deselect the relevant warnings. Dashboard | Tasks | Edit Use this page to specify the tasks that you want to be available directly from the Dashboard, and change their position in the list. If you change the is the past week. McAfee Email and Web Security Appliances 5.6.0 Product Guide 27 - McAfee MAP-3300-SWG | Product Guide - Page 28
- McAfee MAP-3300-SWG | Product Guide - Page 29
Definition System | Logging, Alerting and SNMP. Supports the common event formats for Splunk and ArcSight. System | Logging, Alerting and SNMP. Supports the SNMP Alert Settings and SNMP Monitor Settings occur on your appliance. McAfee Email and Web Security Appliances 5.6.0 Product Guide 29 - McAfee MAP-3300-SWG | Product Guide - Page 30
reports about Uniform Resource Locator (URL) filtering activities. See the McAfee Web Reporter Product Guide, available from the McAfee download site. Use the appliance Dashboard to see high-level event Enable scheduled delivery. 30 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 31
that you created in the Email Interactive Reports, or Web Interactive Reports section are available from here too. McAfee Email and Web Security Appliances 5.6.0 Product Guide 31 - McAfee MAP-3300-SWG | Product Guide - Page 32
to 1 week. 4 Click OK, and apply the changes to the appliance. 5 Click Download to generate the report. 32 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 33
a set of predefined filters, or edit the filters, test the results, and save the report as a new report. McAfee Email and Web Security Appliances 5.6.0 Product Guide 33 - McAfee MAP-3300-SWG | Product Guide - Page 34
each Favorite report using standard and advanced filter settings, and set the period of time for which you want to retrieve data. See Filter types. View types Each report that you generate can be presented in one the report results. 34 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 35
and Next buttons adjust the From date, for example, moving it to next week or the previous day. Protocol Traffic Displays the protocols you want to view, such as SMTP. Displays traffic, whether inbound or outbound. In a simple network, you might see reports on compliancy for outbound traffic and - McAfee MAP-3300-SWG | Product Guide - Page 36
up a schedule to send the report regularly to the email administrator Subtask - Run a standard email activity report 36 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 37
. If you see no information, click Apply on the Filter tab, or change the period and click Apply. McAfee Email and Web Security Appliances 5.6.0 Product Guide 37 - McAfee MAP-3300-SWG | Product Guide - Page 38
information about the Filter or Favorites section on the right, click its tab, then click the Help button (?). Table 14 Option definitions Option Definition Start Displays the start of the period, such is displayed in a pie chart. 38 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 39
the Filter or Favorites section on the right, click its tab, then click the Help button (?). Table 15 Option definitions Option Definition Pie chart Displays the percentage of all right, click its tab, then click the Help button (?). McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 40
or "filter" the information in the report. Reports | Email Reports | Selection | Filter Reports | Web Reports | Selection | Filter 40 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 41
date, for example, moving it to next week or the previous day. Protocol Traffic Displays the protocols you want to view, such as SMTP. Displays traffic, whether inbound or outbound. In a simple network, you are being sent from. McAfee Email and Web Security Appliances 5.6.0 Product Guide 41 - McAfee MAP-3300-SWG | Product Guide - Page 42
for example, moving it to next week or the previous day. Protocol User login Displays the protocols you want to view, such as HTTP. Displays information about one user. When selected, the advanced options, Source optional software. 42 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 43
results. See View types: • Total view • Time view • Itemized view • Detail view There are two pages beneath Selection: McAfee Email and Web Security Appliances 5.6.0 Product Guide 43 - McAfee MAP-3300-SWG | Product Guide - Page 44
each Favorite report using standard and advanced filter settings, and set the period of time for which you want to retrieve data. See Filter types. View types Each report that you generate can be presented in one previous 24 hours 44 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 45
example, moving it to next week or the previous day. Protocol User login Displays the protocols you want to view, such as HTTP. Displays information about one user. When selected, the advanced options, a standard web activity report McAfee Email and Web Security Appliances 5.6.0 Product Guide 45 - McAfee MAP-3300-SWG | Product Guide - Page 46
you see no information, click Apply on the Filter tab, or change the period and click Apply. 46 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 47
about the Filter or Favorites section on the right, click its tab, then click the Help button (?). Table 24 Option definitions Option Definition Start Displays the start of the period, such is displayed in a pie chart. McAfee Email and Web Security Appliances 5.6.0 Product Guide 47 - McAfee MAP-3300-SWG | Product Guide - Page 48
the Filter or Favorites section on the right, click its tab, then click the Help button (?). Table 25 Option definitions Option Definition Pie chart Displays the percentage of all right, click its tab, then click the Help button (?). 48 McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 49
refine or "filter" the information in the report. Reports | Email Reports | Selection | Filter Reports | Web Reports | Selection | Filter McAfee Email and Web Security Appliances 5.6.0 Product Guide 49 - McAfee MAP-3300-SWG | Product Guide - Page 50
date, for example, moving it to next week or the previous day. Protocol Traffic Displays the protocols you want to view, such as SMTP. Displays traffic, whether inbound or outbound. In a simple network, you might are being sent from. 50 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 51
example, moving it to next week or the previous day. Protocol User login Displays the protocols you want to view, such as HTTP. Displays information about one user. When selected, the advanced options, Source any optional software. McAfee Email and Web Security Appliances 5.6.0 Product Guide 51 - McAfee MAP-3300-SWG | Product Guide - Page 52
immediately. See Report types. • Filter enables you to further define the data in each Favorite report, and set the period of time for which you want to retrieve data. See Filter types. 52 McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 53
. 6 Click Save, type a name for the report, and click OK. The report appears in the list of Favorites. McAfee Email and Web Security Appliances 5.6.0 Product Guide 53 - McAfee MAP-3300-SWG | Product Guide - Page 54
about the Filter or Favorites section on the right, click its tab, then click the Help button (?). Table 33 Option definitions Option Date and other headings Definition Displays the details of each | Selection | Favorites 54 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 55
date, for example, moving it to next week or the previous day. Protocol Traffic Displays the protocols you want to view, such as SMTP. Displays traffic, whether inbound or outbound. In a simple network, you might and 192.168.254.200. McAfee Email and Web Security Appliances 5.6.0 Product Guide 55 - McAfee MAP-3300-SWG | Product Guide - Page 56
Next buttons adjust the From date, for example, moving it to next week or the previous day. Protocol User login Displays the protocols you want to view, such as HTTP. Displays information about one user. When selected, the advanced options, Source domain and Source IP, further specify the domain - McAfee MAP-3300-SWG | Product Guide - Page 57
Network. Select individual events based on the chosen Event type. Select individual reasons based on the chosen Event. McAfee Email and Web Security Appliances 5.6.0 Product Guide 57 - McAfee MAP-3300-SWG | Product Guide - Page 58
- McAfee MAP-3300-SWG | Product Guide - Page 59
Configuration on page 123 Permit and Deny Lists on page 86 Permit and Deny Lists on page 86 McAfee Email and Web Security Appliances 5.6.0 Product Guide 59 - McAfee MAP-3300-SWG | Product Guide - Page 60
page 120 Anti-Spam Settings - Blacklists and Whitelists on page 120 Anti-Phish Settings on page 121 60 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 61
triggered and the primary actions defined for each scanner. Primary actions are prioritized as follows: • Deny connection • Refuse McAfee Email and Web Security Appliances 5.6.0 Product Guide 61 - McAfee MAP-3300-SWG | Product Guide - Page 62
message queued pending further action? You can use a wide range of different criteria to search on, including: 62 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 63
fields, use the backslash (\) character before the search term. For example, use: \* to search for the asterisk character. McAfee Email and Web Security Appliances 5.6.0 Product Guide 63 - McAfee MAP-3300-SWG | Product Guide - Page 64
search on All Dates , or you can specify a Date Range , using From and To dates and times. 64 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 65
the list if you have changed any of the parameters. Resets all search parameters to their default states. McAfee Email and Web Security Appliances 5.6.0 Product Guide 65 - McAfee MAP-3300-SWG | Product Guide - Page 66
. Download Message Downloads the selected queued or quarantined message to your local file system in .eml format. 66 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 67
. 2 Select the relevant quarantined message using the check-box to the left of the page. 3 Click View Message. McAfee Email and Web Security Appliances 5.6.0 Product Guide 67 - McAfee MAP-3300-SWG | Product Guide - Page 68
the sending of the messages and then see the results within the page, click Real-Time Retry. 68 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 69
selected date from "user@domain", with the subject "abc", are displayed in the lower part of the page. McAfee Email and Web Security Appliances 5.6.0 Product Guide 69 - McAfee MAP-3300-SWG | Product Guide - Page 70
, changes your view of the information. For example, view the top 20 records for the past week. 70 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 71
areas such as DKIM signing, delivering email domains and fallback relays. Contents Protocol Configuration Receiving Email Sending Email McAfee Email and Web Security Appliances 5.6.0 Product Guide 71 - McAfee MAP-3300-SWG | Product Guide - Page 72
25. Secure ports Specifies the type of port. The default value is 465. SMTPS uses a secure port. 72 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 73
affect performance. If you are not sure about the impact of making any changes, ask your network expert. McAfee Email and Web Security Appliances 5.6.0 Product Guide 73 - McAfee MAP-3300-SWG | Product Guide - Page 74
DATA phase when handling SMTP email. Denial of service protection on page Use this area to specify how the appliance prevents possible 75 denial-of-service attacks on your mail server. Message processing on page email addresses. 74 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 75
connection. Default value is No limit. Denial of service protection Use this area to specify how the appliance prevents possible denial-of-service attacks on your mail server. Table 49 Option Default value is No. not routable McAfee Email and Web Security Appliances 5.6.0 Product Guide 75 - McAfee MAP-3300-SWG | Product Guide - Page 76
of A records Specifies the response to messages that use A (address) records excessively. used Default value is 100. 76 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 77
No. Dump input email to disk Provides information for troubleshooting. Select only if instructed to do so. Otherwise performance will be affected. Default Dump output email to disk Provides information for troubleshooting. Select only if instructed to do so. Otherwise performance will be affected - McAfee MAP-3300-SWG | Product Guide - Page 78
. Add a Received header to email Adds Received (RCPT) commands to the email headers. Default value is Yes. 78 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 79
email for several people to one person. • Modify the email headers to hide information about your internal domains. McAfee Email and Web Security Appliances 5.6.0 Product Guide 79 - McAfee MAP-3300-SWG | Product Guide - Page 80
regular expression will not replace the email address, as expected. Replacement Test Displays the address you want to put in place of the original email address. When clicked, opens a further window where new email specifications. 80 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 81
regular expression will not replace the email address, as expected. Replacement Test Displays the address you want to put in place of the recipient email address. When clicked, opens a further window where for TLS encryption. McAfee Email and Web Security Appliances 5.6.0 Product Guide 81 - McAfee MAP-3300-SWG | Product Guide - Page 82
typically have a lifetime of several months or years, so they do not need to be managed often. 82 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 83
the virtual hostname and virtual IP address for your cluster, rather than one of the physical IP addresses. McAfee Email and Web Security Appliances 5.6.0 Product Guide 83 - McAfee MAP-3300-SWG | Product Guide - Page 84
or greater. Allow no encryption Allow anonymous key exchange If selected, ciphers without encryption are supported. McAfee does not recommend using unencrypted TLS connections, so this setting is disabled by ask your network expert. 84 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 85
mail server that receives the email message. Default values: • Establishing a connection - 60 seconds • Completing data transfer - 60 seconds McAfee Email and Web Security Appliances 5.6.0 Product Guide 85 - McAfee MAP-3300-SWG | Product Guide - Page 86
. Respond to CAPA requests Responds to a POP3 CAPA command, which returns a list of capabilities supported by the POP3 server. Default value is No. For more information, see RFC 2449. Receiving Lists The page has these sections: 86 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 87
permit and deny lists help prevent your users from being swamped by unwanted email messages, whilst helping ensure that email addresses to the list when an existing address expires or is removed manually by clicking Unblock. Default value is 5000. Import List Export List 5.6.0 Product Guide 87 - McAfee MAP-3300-SWG | Product Guide - Page 88
Email | Permit and Deny Lists | Permitted and blocked connections | Permitted connections. 2 Click Add. 3 Type the IP address and the netmask for the connection that you want listed as permitted. 4 Save the changes. 88 McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 89
.168.0.0/24. The anti-relay feature checks the contents of three lists to determine whether a recipient is acceptable. McAfee Email and Web Security Appliances 5.6.0 Product Guide 89 - McAfee MAP-3300-SWG | Product Guide - Page 90
, wildcard domain names, network addresses, and MX lookups from which the appliance will accept or refuse email. 90 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 91
response code or a SMTP 421 (Temporarily unavailable service due to potential threat message), then closes the connection Lists/ Export Lists On an appliance from which you want to save a list of domains for anti-relay , the appliance does not support routing characters in email addresses Guide 91 - McAfee MAP-3300-SWG | Product Guide - Page 92
as a permitted domain. 1 Go to Email | Email Configuration | Receiving Email | Anti-Relay Settings. 2 Click Add Domain. 3 Type the domain name that you want to deny using a wildcard, such as *example.dom to reject all messages sent to that domain. 4 In Category, select Denied domain, and click OK - McAfee MAP-3300-SWG | Product Guide - Page 93
Email Configuration 5 Click Add Domain again, and type the name of the subdomain that you want to accept, such as sub.example.dom. 6 in Category, select Permitted domain, and click • Recipient Checks • Directory harvest prevention McAfee Email and Web Security Appliances 5.6.0 Product Guide 93 - McAfee MAP-3300-SWG | Product Guide - Page 94
appliance starts deleting old records. The range is 50,000 to 2,000,000. Default value is 2000000. 94 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 95
LDAP LDAP. To connect to an LDAP server, select System | Users, Groups and Services | Directory Services on the navigation bar. Take the following action • Accept and ignore the recipient - Default value is Deny connection. McAfee Email and Web Security Appliances 5.6.0 Product Guide 95 - McAfee MAP-3300-SWG | Product Guide - Page 96
lifetime. To distribute the information between your appliances, use the import and export features in the interface. 96 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 97
fallback relays to make the delivery (providing the recipient's domain matches those listed in the Fallback relays field). McAfee Email and Web Security Appliances 5.6.0 Product Guide 97 - McAfee MAP-3300-SWG | Product Guide - Page 98
host names returned by the MX lookup in the order of priority given by the DNS server. 98 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 99
We recommend that you specify an email address here, so that any delivery problems are handled promptly. You can specify a distribution list or a single user server or give it to your Internet Service Provider, so that recipients can verify email from your organization. McAfee Email and Web - McAfee MAP-3300-SWG | Product Guide - Page 100
this Emails per connection domain. Task - Deliver all email using MX record delivery 1 Use the default settings. 100 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 101
of rules or settings that can be applied to specific types of traffic or to groups of users. McAfee Email and Web Security Appliances 5.6.0 Product Guide 101 - McAfee MAP-3300-SWG | Product Guide - Page 102
, including: • Phish • Compliance, including: • Mail size filtering • Scanner Options, including: • Scanning limits • Content handling • Alert settings POP3 102 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 103
users to disclose personal identity and financial information. Criminals can use the stolen identity to fraudulently obtain goods and services and to steal directly from bank accounts. Use these pages to manage the use of authentication systems such as DKIM and SPF. Compliance Email | Email - McAfee MAP-3300-SWG | Product Guide - Page 104
or size. By restricting large files and some other types of file, you can help control the use of bandwidth in your network. (Not available with POP3.) Mail size PUPs), which are any software that a cautious network administrator might want to be informed of, and possibly remove, such as password - McAfee MAP-3300-SWG | Product Guide - Page 105
packer is detected. • Protects your network from PUPs. A cautious user might want to be informed of PUPs, and might want to remove them. McAfee® anti-spyware software detects and, with your permission to new anti-virus technology. McAfee Email and Web Security Appliances 5.6.0 Product Guide 105 - McAfee MAP-3300-SWG | Product Guide - Page 106
programs, files with the extension .txt are simple text files. You can specify the types of files you want to scan according to their file name extension. • Scanning inside archive files By default, the scanner does not to be scanned. 106 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 107
the document to detect these kinds of computer instructions. Program file heuristics scans program files and identifies files according to file name extension. You can specify the types of files you want to scan according to their file name extensions. • Treat all macros as Product Guide 107 - McAfee MAP-3300-SWG | Product Guide - Page 108
scanner analyzes the program code to detect these kinds of computer instructions. It also searches for legitimate behavior, such as prompting packers and PUPs differently, use the Custom Malware Options tab. Problems with alerts for mass mailers Normally, the appliance handles all Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 109
connection requires a different time-out value. • Part of the network must use an alternative authentication service. By creating a protocol preset, you can cater for this exception to the connection settings. relevant information. McAfee Email and Web Security Appliances 5.6.0 Product Guide 109 - McAfee MAP-3300-SWG | Product Guide - Page 110
provides you with an interface that is familiar to you. Some of the options described on this help page do not apply to POP3 scanning policies. Where options only apply to one protocol, this is -Virus Settings - Custom Malware Options 110 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 111
Filtering Settings -- Message Size • Mail Size Filtering Settings -- Attachment Size • Mail Size Filtering Settings -- Attachment Count • Compliance Settings . McAfee Email and Web Security Appliances 5.6.0 Product Guide 111 - McAfee MAP-3300-SWG | Product Guide - Page 112
Policies | Scanning Policies page refreshes to show the policies that have been defined for the selected protocol. 112 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 113
next to the default policy, then one or other of the icons will not be available for selection. McAfee Email and Web Security Appliances 5.6.0 Product Guide 113 - McAfee MAP-3300-SWG | Product Guide - Page 114
will be prompted to select a directory group. • User group - for a complex combination of email addresses and groups. 114 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 115
your mouse pointer over the option for help with the format of the value. mouse pointer over the option for help with the format of the value mouse pointer over the option for help with the format of the value. help with the format of the value. McAfee Email and Web Security Appliances 5.6.0 - McAfee MAP-3300-SWG | Product Guide - Page 116
against unwanted content. The techniques that detect hidden viruses and malware are made available to content scanning. 116 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 117
to build a list of names of packers to scan or ignore. If detected Provides a main action to take. McAfee Email and Web Security Appliances 5.6.0 Product Guide 117 - McAfee MAP-3300-SWG | Product Guide - Page 118
if the object has already been cleaned Provides further actions to take. When selected, prevents further processing. 118 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 119
Add a prefix to the subject line of spam messages and Prefix text When selected, adds some text that helps users to find suspicious messages in their email inbox. Default value is [spam]. Add a spam score When , or change it. McAfee Email and Web Security Appliances 5.6.0 Product Guide 119 - McAfee MAP-3300-SWG | Product Guide - Page 120
users who often receive spam. Specifies each email address. You can use wildcards, for example: user_?@example.* 120 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 121
Address Use this to make a list of users who want to send email messages that the appliance normally treats as this page to make a list of users who want to receive email messages that are normally identified as goods and services and to steal directly from bank accounts. McAfee Email and - McAfee MAP-3300-SWG | Product Guide - Page 122
Add a prefix to the subject line of phishing messages Definition When selected, adds a prefix to help users to see phishing messages in their email inbox quickly. Specifies text for the prefix. We recommend or click and Shift-click. 122 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 123
most likely to trigger to reduce the number of lookups the appliance carries out for each incoming connection. McAfee Email and Web Security Appliances 5.6.0 Product Guide 123 - McAfee MAP-3300-SWG | Product Guide - Page 124
response to the email message. Add to score - combines the results of several methods of sender authentication. 124 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 125
default value of 5 seconds is often effective in deterring a denial-of-service attack. If the appliance is preceded by Mail Transfer Agents (MTAs), specify opens a further window where you can specify the types of file you want to detect. Change the default alert text If clicked, opens a further - McAfee MAP-3300-SWG | Product Guide - Page 126
you might allow graphic files to moved around the network, you can restrict their size to prevent the service running too slowly for other users. When you create settings to control the use of any file, remember the POP3 protocol. 126 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 127
from the original document. Configuring DLP takes place in two phases: • Registering the documents that you want to protect. • Setting the DLP policy to action, and control the detection (this topic) If must be registered separately. McAfee Email and Web Security Appliances 5.6.0 Product Guide 127 - McAfee MAP-3300-SWG | Product Guide - Page 128
its original size. The algorithm involved in DLP is sophisticated and involves text normalization, common word removal, and signature generation. An approximate guide is that 1 signature represents 8 words of text after common words have been removed. Create new rule Create document exclusion If - McAfee MAP-3300-SWG | Product Guide - Page 129
dialog box, click Yes to enable the policy. 3 Click Create document exclusion, select the document you want to ignore for this policy, and click OK. 4 Click OK again, and apply the changes. Mail Compliance | Mail Size Filtering McAfee Email and Web Security Appliances 5.6.0 Product Guide 129 - McAfee MAP-3300-SWG | Product Guide - Page 130
Definition If an attachment size exceeds Specifies the limit. The default values are: Attachment size - 32000KB (32MB). Use the Attachment size only as a guide. When encoded as an attachment, a file can become up to 33% larger. (Menu) Use the default alert And also Provides a main action to - McAfee MAP-3300-SWG | Product Guide - Page 131
the Rule Creation Wizard. 4 Type a name for the rule, and click Next. 5 In the Search field, type social. McAfee Email and Web Security Appliances 5.6.0 Product Guide 131 - McAfee MAP-3300-SWG | Product Guide - Page 132
rule to monitor at a low threshold and block at a high threshold For score-based dictionaries you might want to monitor triggers that reach a low threshold, and only block the email when a high threshold is achieved the changes. 132 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 133
Policies Introduction to the Rule Creation Wizard Set the dictionaries that you want the rule to use, and the actions that you want the appliance to take when the rule triggers. Table 108 Option towards a threshold score. McAfee Email and Web Security Appliances 5.6.0 Product Guide 133 - McAfee MAP-3300-SWG | Product Guide - Page 134
of the wizard. Use it to select the primary type of action from the drop-down list that you want the appliance to take when it triggers a compliancy detection. And also Optionally, select secondary actions that can that you select. 134 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 135
Settings pages. See Email | Email Policies | Scanner Options | Notification and routing. Specify whether you want the actions to take place when Any or All of the dictionaries in the rule trigger a match. the text of the alert. McAfee Email and Web Security Appliances 5.6.0 Product Guide 135 - McAfee MAP-3300-SWG | Product Guide - Page 136
re-encoding if the message was cleaned. Offers a choice of re-encoding. Offers a choice of re-encoding. 136 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 137
a choice of encoding: • 8-bit - for SMTP servers that support the transport SMTP extension, 8BITMIME. • Base64 - for non-text the Character Sets tab. Specifies a maximum, which can help prevent denial-of-service attacks. Default value is 10000. Treat corrupt message headers the Product Guide 137 - McAfee MAP-3300-SWG | Product Guide - Page 138
communications standard that enables the transfer of non-ASCII formats over protocols, like SMTP, that support only 7-bit ASCII characters. Email | Email Policies | Scanning Policies [Scanner Options] -- Content in the MIME message. 138 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 139
specify one or more alternative character sets to try if you have problems decoding email messages in the given character set. Email | Email Options | Content Handling | Email Options You can select a fixed mapping (always use the alternative character set) or a list of alternatives Guide 139 - McAfee MAP-3300-SWG | Product Guide - Page 140
several further actions to take. To select several items, use Ctrl-click or click and Shift-click. 140 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 141
message. The message contains a reference to an external resource and the scheme (usually FTP) that retrieves that resource. McAfee Email and Web Security Appliances 5.6.0 Product Guide 141 - McAfee MAP-3300-SWG | Product Guide - Page 142
| Email Policies | Scanning Policies [Scanner Options] -- Alert settings Web | Web Policies | Scanning Policies [Scanner Options] -- Alert settings 142 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 143
From address that the appliance uses when sending a response to the sender of email that cannot be delivered. McAfee Email and Web Security Appliances 5.6.0 Product Guide 143 - McAfee MAP-3300-SWG | Product Guide - Page 144
. Manage the list of relays When clicked, opens a window where you can make a list of SMTP relays. 144 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 145
systems from exploit, and thwart cyber crime. By enabling this feedback service in your product, you will help us improve McAfee Global Threat Intelligence, thereby making your McAfee products more malware outbreaks, zero-day McAfee Email and Web Security Appliances 5.6.0 Product Guide 145 - McAfee MAP-3300-SWG | Product Guide - Page 146
send information about threat detections, alerts, threat details and usage statistics to McAfee, to help improve detection rates within your McAfee products. Task - Enable GTI feedback for outbound email Email Policies | Dictionaries 146 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 147
as an XML file. You can send the file to other appliances, ensuring that content scanning is consistent. McAfee Email and Web Security Appliances 5.6.0 Product Guide 147 - McAfee MAP-3300-SWG | Product Guide - Page 148
, click Add. To find out more about using thresholds and scores, see the tasks in Compliance Settings. 148 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 149
term in the list of dictionary terms. • Enable near matching - Enable or disable triggers based on proximity. • Condition - Specify the conditions under which you want the term to trigger. • Within a block - Set the proximity within which the terms must be found. • Word or phrase - The list of terms - McAfee MAP-3300-SWG | Product Guide - Page 150
new lists that are combined using the logical OR operator using the following settings: • Name - The name that you want to apply to the list of terms. • Description - A unique description for the list. • Match type - the subject line. 150 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 151
near matching - Enable or disable triggers based on proximity. • Condition - Specify the conditions under which you want the term to trigger. • Within a block - Set the proximity within which the terms must be found. metacharacters: McAfee Email and Web Security Appliances 5.6.0 Product Guide 151 - McAfee MAP-3300-SWG | Product Guide - Page 152
1 Go to Email | Email Policies | Dictionaries. 2 Click Add Dictionary and specify its details: • Type the name of the dictionary • Optionally provide a description • Select whether you want to match simple strings or regular expressions 152 McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 153
page. 4 Click the edit icon next to the default term 'new term', replace it with the text you want to trigger on, and click OK. 5 Click Insert Term to add new terms to the dictionary. 6 based dictionary (indicated by a red book). McAfee Email and Web Security Appliances 5.6.0 Product Guide 153 - McAfee MAP-3300-SWG | Product Guide - Page 154
terms within this dictionary. Select what the term applies to. Click the link and select from the available options. Term Enter the term that you want the appliance to search for. 154 McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 155
from the original document. Configuring DLP takes place in two phases: • Registering the documents that you want to protect (this topic) • Setting the DLP policy to action, and control the detection Sensitive any category selected. McAfee Email and Web Security Appliances 5.6.0 Product Guide 155 - McAfee MAP-3300-SWG | Product Guide - Page 156
document. Signatures The number of signatures representing this document. Trained on The date the document was registered. 156 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 157
Option Upload Definition Click to register documents against this category, either individually or within an archive. Supported archive formats are: • Zip (*.zip) • Gzip (*.gz) • Bzip2 (*.bz2, *.bz) category, and click Upload. McAfee Email and Web Security Appliances 5.6.0 Product Guide 157 - McAfee MAP-3300-SWG | Product Guide - Page 158
Go to Email | Email Policies | Registered Documents. 2 In the document list, locate the file that you want to remove as registered document, and try to click the Delete icon. 3 Hover the mouse cursor over the Exclusions list. 158 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 159
own database to hold quarantined email messages. Select this to use a McAfee Quarantine Manager (MQM) service hosted on another server. When selected, the following fields are made active: • Appliance ID - Banned File Type McAfee Email and Web Security Appliances 5.6.0 Product Guide 159 - McAfee MAP-3300-SWG | Product Guide - Page 160
or a distribution list. Message format Specifies the format of the digest message. For interactive digests, choose HTML. 160 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 161
the appearance of quarantine digests and the responses to users' requests. Email | Quarantine Configuration | Digest Message Content Options McAfee Email and Web Security Appliances 5.6.0 Product Guide 161 - McAfee MAP-3300-SWG | Product Guide - Page 162
message, if it is in HTML format. You can edit the HTML content directly or at source. 162 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 163
not sure about the impact of making any changes, ask your network expert. The page has these sections: McAfee Email and Web Security Appliances 5.6.0 Product Guide 163 - McAfee MAP-3300-SWG | Product Guide - Page 164
this policy. By default, authentication is disabled. To set up authentication services, select System | Users, Groups and Services | Web User Authentication on the navigation bar. Table 143 Option This is normally set to GET. 164 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 165
handles some features of the HTTP protocol, such as denial-of-service protection and data trickling. Web | Web Configuration | HTTP | ask your network expert. The page has these sections: • Denial-of-service protection • Client alert messages • Download status pages and data trickling • Download - McAfee MAP-3300-SWG | Product Guide - Page 166
Option definitions Option Refuse the HTTP header if Definition Specifies some limits to prevent denial of service. Default values are: The header size - 200KB Number of header lines - 200 Client deselect the Javascript option. 166 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 167
Use this section to: • Block some request and response headers. • Add Via headers to HTTP requests and responses. McAfee Email and Web Security Appliances 5.6.0 Product Guide 167 - McAfee MAP-3300-SWG | Product Guide - Page 168
appliance drops the connection. Default value is 256. Some clients and servers support HTTP version 1.0 only. The appliance supports HTTP version 1.1 protocol. To communicate with older clients and servers, the required for Kerberos. 168 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 169
not sure about the impact of making any changes, ask your network expert. The page has these sections: McAfee Email and Web Security Appliances 5.6.0 Product Guide 169 - McAfee MAP-3300-SWG | Product Guide - Page 170
string Definition Specifies a comma-separated list of any ICAP header extension names that you want the ICAP client to add to requests. Default value is X-Client-IP, X-Server-IP, X-Authenticated-User. ICAP service name OPTIONS time to live Default value is appliance. Indicates to the ICAP client - McAfee MAP-3300-SWG | Product Guide - Page 171
for its user-based policies and URL filtering reports, without the need to configure authentication services or authentication groups on the appliance. The appliance can extract the user name and group value is ou=([^\s,=]+).*)$ McAfee Email and Web Security Appliances 5.6.0 Product Guide 171 - McAfee MAP-3300-SWG | Product Guide - Page 172
• Data trickling (response modification only) • Permissions (request modification only) • Service Settings Basic ICAP settings Table 158 Option definitions Option Definition Denied REQMOD headers Specifies the text of the alert. 172 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 173
SSL. The entry 1025- means port number 1025 or above. Typical values are 443 (HTTPS) and 563 (SNEWS). McAfee Email and Web Security Appliances 5.6.0 Product Guide 173 - McAfee MAP-3300-SWG | Product Guide - Page 174
ICAP clients do not accept values greater than 4096 bytes. Default value is 4 Kilobytes. Service ID Specifies the ICAP service ID that is returned when an ICAP client makes an ICAP OPTIONS request. Default value network expert. 174 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 175
. Web | Web Configuration | FTP | Protocol Settings The page has these sections: • Data processing • Download status and data trickling McAfee Email and Web Security Appliances 5.6.0 Product Guide 175 - McAfee MAP-3300-SWG | Product Guide - Page 176
data trickling • Handoff host Data processing Table 165 Option definitions Option Enable client messages Help message Definition Configure client messages that are generated by the appliance and seen by users within its data. 176 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 177
, if your firewall has an FTP proxy server, use this option to redirect FTP requests to the firewall. McAfee Email and Web Security Appliances 5.6.0 Product Guide 177 - McAfee MAP-3300-SWG | Product Guide - Page 178
ICAP • Anti-virus • URL filtering • Scanner control The appliance can also handle the following types of content: 178 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 179
• Alert settings • HTML settings The appliance can apply different policies according to the ICAP service - request modification (RESPMOD) or response modification (REQMOD). HTTP policies Web | Web Policies that is familiar to you. McAfee Email and Web Security Appliances 5.6.0 Product Guide 179 - McAfee MAP-3300-SWG | Product Guide - Page 180
features and options you need to configure your policy. You can configure: • Compliance • Streaming Media • Instant messaging 180 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 181
Policies. 2 Select the required protocol using steps in Task - View policies for the HTTP, ICAP or FTP protocols. McAfee Email and Web Security Appliances 5.6.0 Product Guide 181 - McAfee MAP-3300-SWG | Product Guide - Page 182
to be deleted. 3 Click . 4 Confirm that you intend to delete the policy. The identified policy is deleted. 182 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 183
Displays the value, such as an IP address. Move your mouse pointer over the option for help with the format of the value. Add user group Table 171 Option definitions Option Definition Group users within a specified directory group. McAfee Email and Web Security Appliances 5.6.0 Product Guide 183 - McAfee MAP-3300-SWG | Product Guide - Page 184
Value Displays the value, such as an IP address. Move your mouse pointer over the option for help with the format of the value. Anti-Virus Settings - Basic options Use this page to specify basic Virus] -- Anti-Virus | Basic options 184 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 185
-Spyware settings for anti-virus scanning. Email | Email Policies | Scanning Policies | Viruses: | Anti-Virus Settings | McAfee Anti-Spyware McAfee Email and Web Security Appliances 5.6.0 Product Guide 185 - McAfee MAP-3300-SWG | Product Guide - Page 186
several further actions to take. To select several items, use Ctrl-click, or click and Shift-click. 186 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 187
does not include www.mcafee.com, the appliance cannot block a secure HTTP connection to 123.123.123.123. McAfee Email and Web Security Appliances 5.6.0 Product Guide 187 - McAfee MAP-3300-SWG | Product Guide - Page 188
page contains the following tabs, each allowing you to define different lists: • Blacklisted URLs • Blacklisted URLs (Regex) 188 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 189
Untested classification includes internal web sites and network infrastructure. If the action is set to Deny Access, this access is blocked, and unexpected problems might arise. For example, if management access to the appliance is through the appliance, then the appliance will block access to its - McAfee MAP-3300-SWG | Product Guide - Page 190
you have selected Timed setting, you can also specify periods when the access to websites can vary. 190 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 191
definitions Option Enable compliance Rules Definition Select to activate the Compliance policy settings. Lists the configured compliance rules. McAfee Email and Web Security Appliances 5.6.0 Product Guide 191 - McAfee MAP-3300-SWG | Product Guide - Page 192
Creation Wizard. 4 Type a name for the rule, and click Next. 5 Select two dictionaries to include in the rule, and click Next. 6 Select a dictionary that you want to exclude from the rule in the exclusion list. 192 McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 193
' rule to monitor at a low threshold and block at a high threshold For score-based dictionaries you might want to monitor triggers that reach a low threshold, and only block the email when a high threshold is achieved: about the score McAfee Email and Web Security Appliances 5.6.0 Product Guide 193 - McAfee MAP-3300-SWG | Product Guide - Page 194
the rule that you want to edit, then click the Edit icon next to the dictionary whose score you want to change. 3 In Maximum term count, type the maximum number of times that you want a Definition By default, no instant messaging service is blocked. Scanner Limits Use this - McAfee MAP-3300-SWG | Product Guide - Page 195
elements and components embedded in HTML data. Email | Email Policies | Scanning Policies | Scanner Options | Content Handling | HTML Options McAfee Email and Web Security Appliances 5.6.0 Product Guide 195 - McAfee MAP-3300-SWG | Product Guide - Page 196
| Protected files Web | Web Policies | Scanning Policies | Scanner Options | Content Handling | Corrupt or Unreadable Content | Protected files 196 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 197
HTTP response body information. Dictionaries Use this page to view and edit compliance dictionaries. Email | Email Policies | Dictionaries McAfee Email and Web Security Appliances 5.6.0 Product Guide 197 - McAfee MAP-3300-SWG | Product Guide - Page 198
an XML file. You can send the file to other appliances, ensuring that content scanning is consistent. 198 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 199
-based, click Add. To find out more about using thresholds and scores, see the tasks in Compliance Settings. McAfee Email and Web Security Appliances 5.6.0 Product Guide 199 - McAfee MAP-3300-SWG | Product Guide - Page 200
term in the list of dictionary terms. • Enable near matching - Enable or disable triggers based on proximity. • Condition - Specify the conditions under which you want the term to trigger. • Within a block - Set the proximity within which the terms must be found. • Word or phrase - The list of terms - McAfee MAP-3300-SWG | Product Guide - Page 201
lists that are combined using the logical OR operator using the following settings: • Name - The name that you want to apply to the list of terms. • Description - A unique description for the list. • Match type - the subject line. McAfee Email and Web Security Appliances 5.6.0 Product Guide 201 - McAfee MAP-3300-SWG | Product Guide - Page 202
Enable near matching - Enable or disable triggers based on proximity. • Condition - Specify the conditions under which you want the term to trigger. • Within a block - Set the proximity within which the terms must be found. : 202 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 203
1 Go to Email | Email Policies | Dictionaries. 2 Click Add Dictionary and specify its details: • Type the name of the dictionary • Optionally provide a description • Select whether you want to match simple strings or regular expressions McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 204
page. 4 Click the edit icon next to the default term 'new term', replace it with the text you want to trigger on, and click OK. 5 Click Insert Term to add new terms to the dictionary. 6 Apply dictionary (indicated by a red book). 204 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 205
terms within this dictionary. Select what the term applies to. Click the link and select from the available options. Term Enter the term that you want the appliance to search for. McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 206
- McAfee MAP-3300-SWG | Product Guide - Page 207
its configuration. System Contents Appliance Management Cluster Management Users, Groups and Services Virtual Hosting Certificate Management Logging, Alerting and SNMP Component Management Setup appliance is in the appropriate mode. McAfee Email and Web Security Appliances 5.6.0 Product Guide 207 - McAfee MAP-3300-SWG | Product Guide - Page 208
is configured according to STP rules. Additionally, you can set up a bypass device in transparent bridge mode. 208 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 209
IP address at the top of a list is the primary address. Any IP addresses below it are aliases. McAfee Email and Web Security Appliances 5.6.0 Product Guide 209 - McAfee MAP-3300-SWG | Product Guide - Page 210
selected, the appliance accepts connections on that IP address. Add a new address, or remove a selected IP address. 210 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 211
in transparent router mode, or is part of a cluster configuration, or running as part of a Blade Server installation. McAfee Email and Web Security Appliances 5.6.0 Product Guide 211 - McAfee MAP-3300-SWG | Product Guide - Page 212
NIC Adapter Options. • Select bypass device - choose from two supported devices. • Watchdog timeout (seconds) • Heartbeat interval (seconds , and change their priority. Domain Name System (DNS) servers translate or "map" the names of network devices into IP addresses. Use the arrows to move Guide - McAfee MAP-3300-SWG | Product Guide - Page 213
use dynamic routing, if: • The appliance is in transparent router mode • Your network supports it By default, the appliance uses the common dynamic routing protocol called Routing Information Protocol ( the user interface over RIP. McAfee Email and Web Security Appliances 5.6.0 Product Guide 213 - McAfee MAP-3300-SWG | Product Guide - Page 214
takes its value from appliance with client Client Time. You can use this checkbox as an alternative to manual setting of Appliance Time (UTC). The appliance calculates the UTC time based on the time zone that it of the screen. 214 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 215
devices in a network. Some Internet Service Providers (ISPs) provide a timekeeping service. Because NTP messages are not sent password authentication. Use the out-of-band interface if you do not want the user interface or secure shell to be accessible on the same Appliances 5.6.0 Product Guide 215 - McAfee MAP-3300-SWG | Product Guide - Page 216
select New Address to add only the specified devices access. You can use your SSH client to access the support account on the appliance. Use the same password that you use to access the interface from a remote computer. not be used. 216 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 217
to have it separately enabled. To find out whether this applies to your appliance, see the Email and Web Security Appliance Port Identification Guide. Table 209 Option definitions - Out of Band Management Option Enable the out of band interface Definition When selected, allows you to control the - McAfee MAP-3300-SWG | Product Guide - Page 218
interface. • New Port • Delete Selected Port Remote Access Card In 3300 and 3400 versions of the appliance, there is a built-in remote • Add the primary and secondary DNS servers • Select whether you want the appliance to obtain DNS information dynamically using DHCP • DRAC Adapter Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 219
password are those specified when you set up the master device. See Add UPS Device on page 221. McAfee Email and Web Security Appliances 5.6.0 Product Guide 219 - McAfee MAP-3300-SWG | Product Guide - Page 220
the list displays the UPS. 2 Go to System | Appliance Management | UPS Settings. 3 Click Enable UPS support, and click New Device. 4 Select USB Device, then click Next. 5 Select the appropriate values for Management | UPS Settings. 220 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 221
Go to System | Appliance Management | UPS Settings. 3 Click Enable UPS support, and click New Device. 4 Select Get Power status from another EWS appliance Device Use this wizard to select the type of UPS device that you want to add, and specify its details. System | Appliance Management | Guide 221 - McAfee MAP-3300-SWG | Product Guide - Page 222
supported vendors UPS device model Select from the list of supported USB models supplied by the vendor you chose Serial port Select the serial port that you want link below to view the help page specific to the database maintenance tasks, and to manually trigger these tasks. Retention Limits Guide - McAfee MAP-3300-SWG | Product Guide - Page 223
- 31 days or 100000 items. • 3200 hardware or the Virtual appliance - 500000 items. • 3300/3400 hardware - 1000000 items. Quarantined emails Maximum number or length of time that messages can be held Reporter, and email detections. McAfee Email and Web Security Appliances 5.6.0 Product Guide 223 - McAfee MAP-3300-SWG | Product Guide - Page 224
to access the appliance. Define the address and subnet mask for the external hosts to which you want to allow access. Define the user that the external client uses to log into the appliance. • Web_details • Configuration_change_view. 224 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 225
its default state. All information within the database will be lost. Maintain Database Click to manually start the database maintenance tasks ever X minutes. The database checks for items in the to import and export rescue images. McAfee Email and Web Security Appliances 5.6.0 Product Guide 225 - McAfee MAP-3300-SWG | Product Guide - Page 226
reboot the appliance, either as part of a software upgrade, or to restart all services. Occasionally, you may want to clear all configured options from your appliance, and to revert to the factory and reboots after about 5 minutes. 226 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 227
USB device. To prevent tampering or accidental stopping, you must type the appliance password to operate these features. McAfee Email and Web Security Appliances 5.6.0 Product Guide 227 - McAfee MAP-3300-SWG | Product Guide - Page 228
Image. 2 Verify the version information displayed under Rescue image details, or from the About the Appliance window. 228 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 229
to re-configure the appliance. • Install software preserving configuration and email messages 4 Enter the appliance password. 5 Click OK. McAfee Email and Web Security Appliances 5.6.0 Product Guide 229 - McAfee MAP-3300-SWG | Product Guide - Page 230
options you select in the standard license and console displayed on the monitor connected to the appliance. 230 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 231
to a file, or select a USB drive to create a bootable copy of the rescue image on the USB drive. McAfee Email and Web Security Appliances 5.6.0 Product Guide 231 - McAfee MAP-3300-SWG | Product Guide - Page 232
that the appliance can perform the backup. Specify the following information to set up a remote backup server: 232 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 233
to back up and restore the information about the appliance's configuration. System | Cluster Management | Backup and Restore Configuration McAfee Email and Web Security Appliances 5.6.0 Product Guide 233 - McAfee MAP-3300-SWG | Product Guide - Page 234
is 127.0.0. (or "home"). • User - This is typically scmadmin or other users. To see the list of users, select System | Users, Groups and Services | Role-Based User Accounts in the navigation bar. • Session - A pid is a number that identifies a process. 234 McAfee Email and Web Security Appliances - McAfee MAP-3300-SWG | Product Guide - Page 235
address(es) assigned to DRAC Management port settings: • Whether out-of-band management is enabled (IP address, driver) McAfee Email and Web Security Appliances 5.6.0 Product Guide 235 - McAfee MAP-3300-SWG | Product Guide - Page 236
digits in the format: A1:B2:C3:D4:E5:F6. Displays the IP address of the appliance. 236 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 237
, with both configured to scan traffic, the master will send most connections to the failover appliance for scanning. McAfee Email and Web Security Appliances 5.6.0 Product Guide 237 - McAfee MAP-3300-SWG | Product Guide - Page 238
as a virtual address. This option only appears in cluster configurations, or on a McAfee Content Security Blade Server. 238 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 239
. To download all the configuration files, click interconnect_config.zip, as this file contains all the other configuration files. McAfee Email and Web Security Appliances 5.6.0 Product Guide 239 - McAfee MAP-3300-SWG | Product Guide - Page 240
services, set your Services Web User Authentication Policy Groups Role-Based User Accounts Directory Services Use this page to build a list of directory services. Directory Services details of a directory service. The server at Services services. First define the authentication services - McAfee MAP-3300-SWG | Product Guide - Page 241
service, the appliance tries the next service. Table 234 Option definitions Option Add Service Add Group Definition When clicked, opens a wizard to help you configure a service service and Services | Policy Groups This by a directory service. For example, Users, Groups and Services | Role-Based - McAfee MAP-3300-SWG | Product Guide - Page 242
Services • User Accounts, Roles and Login Services • Session Management Settings • User Login Notification User Accounts, Roles and Login Services service. services Option Service Name Service Type Definition Displays the user-configured name entered when setting up the service. The Service - McAfee MAP-3300-SWG | Product Guide - Page 243
of the service. Select RADIUS or Kerberos, depending on the type of service you are adding. The host name or address of the RADIUS or Kerberos server, as applicable, to connect to. You can only connect to IPv4 RADIUS servers. McAfee Email and Web Security Appliances 5.6.0 Product Guide 243 - McAfee MAP-3300-SWG | Product Guide - Page 244
Overview of System features Users, Groups and Services Table 240 Option definitions (continued) Option Definition Backup server (optional) Address of a RADIUS server to query if names are, by convention, specified in upper-case. 244 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 245
Overview of System features Users, Groups and Services Role Mappings (RADIUS) Table 243 Option definitions Option Definition Use locally defined user details to determine an authenticated the RADIUS server in the Output field. McAfee Email and Web Security Appliances 5.6.0 Product Guide 245 - McAfee MAP-3300-SWG | Product Guide - Page 246
Overview of System features Users, Groups and Services Test (Kerberos) This dialog box allows you to you print the topic before starting the task. Alternatively, find this same topic in the Product Guide. • All authenticated users are allowed to access the Internet. • The appliance is configured in - McAfee MAP-3300-SWG | Product Guide - Page 247
System features Users, Groups and Services Task 1 Create an Active Domain Controller, download and extract the ktpass.exe (91.136 bytes) file from the support.cab file to a temporary folder. For further details, see the article: http:// www and Web Security Appliances 5.6.0 Product Guide 247 - McAfee MAP-3300-SWG | Product Guide - Page 248
details: Option Service name Service address Server type Base DN Content Name for the LDAP service such as ldap-service. Fully qualified domain name of the Active Directory server. Active Directory CN=Users,DC=mcafee,DC=local 248 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 249
d Click Finish. 6 Configure the appliance to use Kerberos Authentication (Add the service) a On the navigation bar, select Web | Web Configuration | HTTP | is running over TCP by following the instructions at http://support.microsoft.com/kb/244474. McAfee Email and Web Security Appliances - McAfee MAP-3300-SWG | Product Guide - Page 250
domain> Request for authentication Requesting authentication for kerberos-group kerberos-service, type Kerberos kerberos-group kerberos-service Virtual Hosting Use these topics to gain an understanding of the Hosting | Virtual Hosts 250 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 251
can manage traffic within specified pools of IP addresses, enabling the appliance to provide scanning services to traffic from many customers. This enables you to: • Separate each customer's traffic. not used in the greeting banner. McAfee Email and Web Security Appliances 5.6.0 Product Guide 251 - McAfee MAP-3300-SWG | Product Guide - Page 252
. 1 Go to System | Virtual Hosting | Virtual Hosts. 2 Ensure that Enable virtual hosting on this appliance is checked. 252 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 253
preset. Presets are the connection-based policies. Email relaying Configures the virtual host domain as a local relay domain. McAfee Email and Web Security Appliances 5.6.0 Product Guide 253 - McAfee MAP-3300-SWG | Product Guide - Page 254
you do not specify any output IP addresses, the appliance will use the physical host IP addresss. 254 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 255
Network Use this page to edit the virtual network settings. System | Virtual Hosting | Virtual Networks | Edit Virtual Network McAfee Email and Web Security Appliances 5.6.0 Product Guide 255 - McAfee MAP-3300-SWG | Product Guide - Page 256
as May 15 2010 12:15:00. If this date has passed, the certificate is not valid. 256 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 257
the secure transfer of email using Transport Layer Security (TLS). System | Certificate Management | Certificates | TLS certificates and keys McAfee Email and Web Security Appliances 5.6.0 Product Guide 257 - McAfee MAP-3300-SWG | Product Guide - Page 258
of the icons Icon Description Certificate is valid Certificate is invalid. For example, the certificate has expired. 258 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 259
pages to import, export and view the Certificate Revocation Lists on your appliance. Contents Installed CRLs CRL updates McAfee Email and Web Security Appliances 5.6.0 Product Guide 259 - McAfee MAP-3300-SWG | Product Guide - Page 260
Specify the frequency Definition Specifies how often the appliance will collect CRL updates. Choose a time when your network is least busy. If you do not want to use this feature, select Never. Use the default proxy settings If you intend to use a HTTP proxy that is not specified on the External - McAfee MAP-3300-SWG | Product Guide - Page 261
a window for specifying where to access CRLs. Logging, Alerting and SNMP Use these topics to help you configure the options available within the appliance to log information, and provide alerts. You can each substitution variable. McAfee Email and Web Security Appliances 5.6.0 Product Guide 261 - McAfee MAP-3300-SWG | Product Guide - Page 262
item %DICTIONARYGROUP%: The name(s) of the content scanning rule(s) that triggered (Compliance) %DLP_FINGERPRINTSOURCE%: Protected Document Name (DLP) 262 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 263
-virus engine %AVENGINENAME%: The name of the anti-virus engine %AVENGINEVERSION%: The version of the anti-virus engine McAfee Email and Web Security Appliances 5.6.0 Product Guide 263 - McAfee MAP-3300-SWG | Product Guide - Page 264
digest %POST_MASTER%: The email address of the postmaster %DIGEST_DATE%: The date on which the digest was generated 264 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 265
host name %ICAP_SOURCEHOST%: Source host name for the ICAP server %DESTINATIONIP%: Destination IP address %DESTINATIONHOST%: Destination host name McAfee Email and Web Security Appliances 5.6.0 Product Guide 265 - McAfee MAP-3300-SWG | Product Guide - Page 266
the event %SMTPNUMMESSAGES%: The number of messages received via SMTP %SMTPVIRUSDETECTED%: The number of viruses detected (SMTP) 266 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 267
%: Source host name for the ICAP server %DESTINATIONIP%: Destination IP address %DESTINATIONHOST%: Destination host name %LOCALTIME%: Local time McAfee Email and Web Security Appliances 5.6.0 Product Guide 267 - McAfee MAP-3300-SWG | Product Guide - Page 268
option, the configuration settings for the SNMP v3 protocol are stored on the appliance in plain text. 268 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 269
appliance logging system, or sent to an off-box solution. Select the type of logging format that you want to use. This option creates an output log file that is structured so that it can be easily read to a central syslog server. McAfee Email and Web Security Appliances 5.6.0 Product Guide 269 - McAfee MAP-3300-SWG | Product Guide - Page 270
to categorization 180033 Categorized URL has been permitted 180035 Categorized URL has been permitted for a monitored user 270 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 271
sent to the ArcSight SmartConnector, then mapped to an ArcSight data field. The following table lists the mappings from ArcSight data fields to the supported vendor-specific event definitions. Table rule that triggered the event McAfee Email and Web Security Appliances 5.6.0 Product Guide 271 - McAfee MAP-3300-SWG | Product Guide - Page 272
features Logging, Alerting and SNMP Table 271 Email and Web Security Appliance v5.6 Connector Field Mappings (continued) McAfee-Specific Event Definition ArcSight Event Data Field The definition of this field Protocol Smtp 272 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 273
.140.118 mail would be sent to if known subject The subject of the email A subject line here McAfee Email and Web Security Appliances 5.6.0 Product Guide 273 - McAfee MAP-3300-SWG | Product Guide - Page 274
145 146 Text Email Delivered Email Deferred Access to the requested URL is not permitted clean replace 274 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 275
page to specify which events are recorded in the appliance's logs System | Logging, Alerting and SNMP | Logging Configuration McAfee Email and Web Security Appliances 5.6.0 Product Guide 275 - McAfee MAP-3300-SWG | Product Guide - Page 276
a list of types of protocol events. High severity events include a suspected denial-of-service attack. Communication events Provides a list of types of communication events. High severity events the following scanning components: 276 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 277
Installer. This version of Email and Web Security Appliances no longer supports the v1 detection definition (DAT) files. The appliances now use the Orchestrator repository using the McAfee Agent. You can also manually download the files and install them onto your appliance. Product Guide 277 - McAfee MAP-3300-SWG | Product Guide - Page 278
imported to your appliance. If you do not want a particular update to be applied, then McAfee recommends installing packages, such as hot fixes and service packs. Update now Installs packages immediately. You . Alternatively, you can browse to Troubleshoot | Tests and run the System Guide - McAfee MAP-3300-SWG | Product Guide - Page 279
receives its updates from an ePO server, the value is Not Used. Default value is update.nai.com. McAfee Email and Web Security Appliances 5.6.0 Product Guide 279 - McAfee MAP-3300-SWG | Product Guide - Page 280
Management | Update Status Introduction to Scheduled update settings You can schedule updates for the following scanning components: 280 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 281
to download the complete web categorization database update. McAfee recommends that you perform a full update on a new appliance. McAfee Email and Web Security Appliances 5.6.0 Product Guide 281 - McAfee MAP-3300-SWG | Product Guide - Page 282
want to apply, and what you want the appliance to do when it's downloaded the update. Table 284 Option definitions Option Update action Definition Choose from: • Update database • Download • Download and install Allow automatic reboot and Allow automatic services packages manually on Guide - McAfee MAP-3300-SWG | Product Guide - Page 283
When clicked, exports the downloaded file to another location so that another appliance can use it via Manual Package Install When clicked, sends a request to the FTP server for any changes. When clicked, into the appliance. McAfee Email and Web Security Appliances 5.6.0 Product Guide 283 - McAfee MAP-3300-SWG | Product Guide - Page 284
1 From your Email and Web Security Appliance, select Resources and then click ePO Extensions and ePO 4.5 Help to download the extension files. 2 On the ePO server, install the extensions using Menu | Software | System | Setup Wizard 284 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 285
that you select. Welcome Use this page to select the type of installation of installation that you want to follow. • Standard Setup installation has fewer steps and is intended for Transparent Bridge mode. transparent to the devices. McAfee Email and Web Security Appliances 5.6.0 Product Guide 285 - McAfee MAP-3300-SWG | Product Guide - Page 286
has intercepted and scanned the email before forwarding it. The appliance's operation is transparent to the devices. 286 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 287
Bridge mode, and configure it to protect your network. The Standard Setup wizard consists of the following pages: McAfee Email and Web Security Appliances 5.6.0 Product Guide 287 - McAfee MAP-3300-SWG | Product Guide - Page 288
information for you, and shows the information highlighted in amber. To change the information, click and retype. 288 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 289
to convert website addresses to IP addresses. This can be an Active Directory or a Domain Name Service server. You can test later that the appliance can communicate with this server. Specifies the mode - connected to the appliance. McAfee Email and Web Security Appliances 5.6.0 Product Guide 289 - McAfee MAP-3300-SWG | Product Guide - Page 290
Time (UTC) immediately takes its value from Client Time. You can use this checkbox as an alternative to manual setting of Appliance Time (UTC). The appliance calculates the UTC time based on the time zone that it Settings on page 295 290 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 291
is handled by the appliance. All other traffic is refused. If, after installation, you do not want to scan any of the types of traffic, you can disable each protocol from its page. Protocol Configuration | Connection Settings (POP3) McAfee Email and Web Security Appliances 5.6.0 Product Guide 291 - McAfee MAP-3300-SWG | Product Guide - Page 292
type of connection - copper wire or optical fiber. This option is available only with higher-speed appliances. 292 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 293
subnet, assign each a different Cluster identifier to ensure the clusters do not conflict. The allowable range is 0-255. McAfee Email and Web Security Appliances 5.6.0 Product Guide 293 - McAfee MAP-3300-SWG | Product Guide - Page 294
Use this page within the Custom Setup Wizard to configure the appliance's use of DNS and routes. Domain Name System (DNS) servers translate or "map" the names of network devices into IP addresses (and the reverse operation). The appliance sends requests to DNS servers in the order that they are - McAfee MAP-3300-SWG | Product Guide - Page 295
Time Protocol (NTP). NTP synchronizes timekeeping among devices in a network. Some Internet Service Providers (ISPs) provide a timekeeping service. For more information about NTP, see RFC 1305 at www.apps.ietf.org/rfc performance. McAfee Email and Web Security Appliances 5.6.0 Product Guide 295 - McAfee MAP-3300-SWG | Product Guide - Page 296
the interface, type the user name, scmadmin and the password that you gave to this setup wizard. 296 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 297
Import Configuration Use this dialog to import the configuration file containing the details that you want to use to configure your appliance. Table 299 Option definitions Option Browse Definition Locate .zip McAfee Email and Web Security Appliances 5.6.0 Product Guide 297 - McAfee MAP-3300-SWG | Product Guide - Page 298
FTP traffic is handled by the appliance. All other traffic is refused. If, after installation, you do not want to scan any of the types of traffic, you can disable each protocol from its page. Under Relaying options domain name. 298 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 299
least number of connections, at that moment in time, is assigned the next connection. For a cluster of appliances: McAfee Email and Web Security Appliances 5.6.0 Product Guide 299 - McAfee MAP-3300-SWG | Product Guide - Page 300
both configured to scan traffic, the master will send most connections to the failover appliance for scanning. 300 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 301
configure the appliance's use of DNS and routes. Domain Name System (DNS) servers translate or "map" the names of network devices into IP addresses (and the reverse operation). The appliance sends requests has no default gateway. McAfee Email and Web Security Appliances 5.6.0 Product Guide 301 - McAfee MAP-3300-SWG | Product Guide - Page 302
Time Protocol (NTP). NTP synchronizes timekeeping among devices in a network. Some Internet Service Providers (ISPs) provide a timekeeping service. For more information about NTP, see RFC 1305 at www.apps.ietf.org/rfc 15 characters. 302 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 303
290 Contents Settings for ePO Management Basic Settings -- ePO Managed Setup Network Settings Cluster Management DNS and Routing McAfee Email and Web Security Appliances 5.6.0 Product Guide 303 - McAfee MAP-3300-SWG | Product Guide - Page 304
your Email and Web Security Appliance, on Settings for ePO Management, select ePO 4.5 Help and click Save to download the help extension file. 3 On the ePO server, install these extensions using Menu | | Export Connection Settings. 304 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 305
the type of connection - copper wire or optical fiber. This option is available only with higher-speed appliances. McAfee Email and Web Security Appliances 5.6.0 Product Guide 305 - McAfee MAP-3300-SWG | Product Guide - Page 306
scanning on this appliance If not selected, this appliance distributes all scanning workload to the scanning appliances. 306 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 307
DNS and routes. Domain Name System (DNS) servers translate or "map" the names of network devices into IP addresses (and the reverse synchronizes timekeeping among devices in a network. Some Internet Service Providers (ISPs) provide a timekeeping service. For more information about NTP, see RFC 1305 - McAfee MAP-3300-SWG | Product Guide - Page 308
. The appliance is now managed by ePolicy Orchestrator. Log onto the ePO server to manage your appliance. 308 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 309
value has been set. The value has not been changed from the default. Check the value before continuing. McAfee Email and Web Security Appliances 5.6.0 Product Guide 309 - McAfee MAP-3300-SWG | Product Guide - Page 310
- McAfee MAP-3300-SWG | Product Guide - Page 311
experiencing problems, read the Troubleshooting section, which answers some frequently asked questions. The appliance includes many diagnostic tools for identifying problems. The Resources link at the top of the window provides links to the following information: • Contacting support. • Submitting - McAfee MAP-3300-SWG | Product Guide - Page 312
| Troubleshooting Tools | Ping and Trace Route If a response comes back, that device can be reached. If the request times-out, that device cannot be reached. This test rules out physical problems with information about each process. 312 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 313
this page to see information about routes used to access certain networks and hosts. Troubleshoot | Troubleshooting Tools | Route Information Use this page to see information about: • Routes used to this route, and is usually 0. McAfee Email and Web Security Appliances 5.6.0 Product Guide 313 - McAfee MAP-3300-SWG | Product Guide - Page 314
this page to see how disk space is being used. Troubleshoot | Troubleshooting Tools | Disk Space Table 324 Option definitions Option Definition Support, use this page to create a minimum escalation report to help them diagnose a problem with your appliance. Troubleshoot | Troubleshooting - McAfee MAP-3300-SWG | Product Guide - Page 315
to capture the TCP traffic coming in and out of the appliance for later analysis. Troubleshoot | Troubleshooting Reports | Capture Network Traffic This tool will not work correctly if the appliance is report. Default value is 50 MB. McAfee Email and Web Security Appliances 5.6.0 Product Guide 315 - McAfee MAP-3300-SWG | Product Guide - Page 316
of Troubleshoot features Troubleshooting Reports Use this page to specify quarantined items to save offline. Troubleshoot | Troubleshooting Reports | Save Quarantine The items are saved to a . . Troubleshoot | Troubleshooting Reports | Log Files 316 McAfee Email and Web - McAfee MAP-3300-SWG | Product Guide - Page 317
Overview of Troubleshoot features Troubleshooting Reports You might want to regularly save your log files, because the appliance automatically removes log entries after some time , where you can configure your system logging options. McAfee Email and Web Security Appliances 5.6.0 Product Guide 317 - McAfee MAP-3300-SWG | Product Guide - Page 318
features Tests Error Reporting Tool Use this page to create a report to help McAfee Technical Support diagnose any problems with your appliance. Troubleshoot | Troubleshooting Reports | Save Log Files McAfee Technical Support might ask for this report in addition to the Minimum Escalation Report - McAfee MAP-3300-SWG | Product Guide - Page 319
Overview of Troubleshoot features Tests Table 331 Option definitions Option Start Tests Definition If clicked, starts the tests. They can take several scanned.) • State whether the web categorization update server can be accessed. McAfee Email and Web Security Appliances 5.6.0 Product Guide 319 - McAfee MAP-3300-SWG | Product Guide - Page 320
of Troubleshoot features Tests Table 331 Option definitions (continued) Option Testing the authentication services Definition States whether the appliance can connect to the authentication services. exceed a predefined threshold. 320 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 321
version 5.6 appliances and Content Security Blade Servers. In addition, you can also download the help extensions for each of these ePolicy Orchestrator extensions. These are also available from the Resources within the Setup Wizard. McAfee Email and Web Security Appliances 5.6.0 Product Guide 321 - McAfee MAP-3300-SWG | Product Guide - Page 322
- McAfee MAP-3300-SWG | Product Guide - Page 323
| Setup Wizard) includes a set of pages aimed specifically at configuring your appliance to be managed by ePolicy Orchestrator. McAfee Email and Web Security Appliances 5.6.0 Product Guide 323 - McAfee MAP-3300-SWG | Product Guide - Page 324
- McAfee MAP-3300-SWG | Product Guide - Page 325
to be managed by McAfee ePolicy Orchestrator, most configuration changes that you want to make to your appliances should be made via your ePolicy Orchestrator server the McAfee ePolicy Orchestrator 4.5 Product Guide for further information. McAfee Email and Web Security Appliances 5.6.0 Product - McAfee MAP-3300-SWG | Product Guide - Page 326
- McAfee MAP-3300-SWG | Product Guide - Page 327
Index A about this guide 7 Active Directory Kerberos user authentication 246 add policy web syslog attributes 270 Artemis see Global Threat Intelligence 109 authentication icap 171 authentication services Kerberos 241 RADIUS 241 autonegotiation 207 B backup configuration 233 backup server 232 - McAfee MAP-3300-SWG | Product Guide - Page 328
178 HTTP 179 ICAP 178 POP3 102 SMTP 102 conventions and icons used in this guide 7 custom malware options anti-virus setting 118, 187 D Dashboard 21 data loss Managing appliances from 325 setup 285 ePolicy Orchestrator managed appliance manual setup 283 event options 223 export from a list 15 - McAfee MAP-3300-SWG | Product Guide - Page 329
layout of 10 Index K Kerberos configuring 243 Kerberos authentication services 241 Kerberos user authentication Microsoft Active Directory 2003 246 L 21 email 59 Email Scanning Policies 103 reports 29 system 207 troubleshoot 311 web 163 message search 62 Message Search retention limits 222 virtual - McAfee MAP-3300-SWG | Product Guide - Page 330
ePO 16 ePolicy Orchestrator 16 intercept 16 listening 16 transparent 16 problem solving 311 protocol presets with anti-relay settings 89 protocol retention limits 222 R RADIUS configuring 243 RADIUS authentication services 241 Registered Documents with DLP 155 related products 8 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 331
reports 52 system commands reboot appliance 226 revert to default settings 226 shutdown appliance 226 system menu 207 T Technical Support, finding product information 8 tests troubleshooting 318 threat feedback 21 threats blocking specific 108 Time and Date setting 214 Time zone 214 tokens alert 262 - McAfee MAP-3300-SWG | Product Guide - Page 332
Index troubleshoot (continued) troubleshooting reports log files 316 troubleshooting 311 troubleshooting reports 314 troubleshooting tests 318 troubleshooting tools 311 U Update Status 276 updates adding proxy Security Appliances 9 332 McAfee Email and Web Security Appliances 5.6.0 Product Guide - McAfee MAP-3300-SWG | Product Guide - Page 333
- McAfee MAP-3300-SWG | Product Guide - Page 334
- McAfee MAP-3300-SWG | Product Guide - Page 335
- McAfee MAP-3300-SWG | Product Guide - Page 336
700-2647A00-00
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
 |
 |
Product Guide
McAfee Email and Web Security
Appliances 5.6.0