McAfee MSA-3400-SWGI Installation Guide - Page 16

Pre-installation Considerations about Network Modes Network and device configuration If the device is set to explicit proxy mode, you must explicitly configure your internal mail server to relay email traffic to the device. The device scans the email traffic before forwarding it, on behalf of the sender, to the external mail server. The external mail server then forwards the email message to the recipient. In a similar way, the network must be configured so that incoming email messages from the Internet are delivered to the device, not the internal mail server. Figure 5: Relaying email traffic The device scans the traffic before forwarding it, on behalf of the sender, to the internal mail server for delivery, as shown in Figure 5: Relaying email traffic. For example, an external mail server can communicate directly with the device, although traffic might pass through several network servers before reaching the device. The perceived path is from the external mail server to the device. Protocols To scan a supported protocol, you must configure your other network servers or client computers to route that protocol through the device, so that no traffic bypasses the device. Firewall rules Explicit proxy mode invalidates any firewall rules set up for client access to the Internet. The firewall sees only the IP address information for the device, not the IP addresses of the clients, so the firewall cannot apply its Internet access rules to the clients. Where to place the device Configure the network devices so that traffic needing to be scanned is sent to the device. This is more important than the location of the device. 16 McAfee Email and Web Security Appliance 5.5 Installation Guide