McAfee MSA-3400-SWGI Installation Guide - Page 17

Deployment Strategies for Using the device in a DMZ

Get McAfee MSA-3400-SWGI - Web Security Appliance 3400 PDF manuals and user guides View all McAfee MSA-3400-SWGI manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

Pre-installation Deployment Strategies for Using the device in a DMZ The router must allow all users to connect to the device. Figure 6: Explicit proxy configuration The device must be positioned inside your organization, behind a firewall, as shown in Figure 6: Explicit proxy configuration. Typically, the firewall is configured to block traffic that does not come directly from the device. If you are unsure about your network's topology and how to integrate the device, consult your network expert. Use this configuration if: • The device is operating in explicit proxy mode. • You are using email (SMTP). For this configuration, you must: • Configure the external Domain Name System (DNS) servers or Network Address Translation (NAT) on the firewall so that the external mail server delivers mail to the device, not to the internal mail server. • Configure the internal mail servers to send email messages to the device. That is, the internal mail servers must use the device as a smart host. Ensure that your client devices can deliver email messages to the mail servers within your organization. • Ensure that your firewall rules are updated. The firewall must accept traffic from the device, but must not accept traffic that comes directly from the client devices. Set up rules to prevent unwanted traffic entering your organization. Deployment Strategies for Using the device in a DMZ A demilitarized zone (DMZ) is a network separated by a firewall from all other networks, including the Internet and other internal networks. The typical goal behind the implementation of a DMZ is to lock down access to servers that provide services to the Internet, such as email. Hackers often gain access to networks by identifying the TCP/UDP ports on which applications are listening for requests, then exploiting known vulnerabilities in applications. Firewalls dramatically reduce the risk of such exploits by controlling access to specific ports on specific servers. McAfee Email and Web Security Appliance 5.5 Installation Guide 17

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
The router must allow all users to connect to the device.
Figure 6: Explicit proxy configuration
The device must be positioned inside your organization, behind a firewall, as shown in
Figure
6: Explicit proxy configuration
.
Typically, the firewall is configured to block traffic that does not come directly from the device.
If you are unsure about your network’s topology and how to integrate the device, consult your
network expert.
Use this configuration if:
The device is operating in explicit proxy mode.
You are using email (SMTP).
For this configuration, you must:
Configure the external Domain Name System (DNS) servers or Network Address Translation
(NAT) on the firewall so that the external mail server delivers mail to the device, not to the
internal mail server.
Configure the internal mail servers to send email messages to the device. That is, the internal
mail servers must use the device as a smart host. Ensure that your client devices can deliver
email messages to the mail servers within your organization.
Ensure that your firewall rules are updated. The firewall must accept traffic from the device,
but must not accept traffic that comes directly from the client devices. Set up rules to prevent
unwanted traffic entering your organization.
Deployment Strategies for Using the device in a
DMZ
A demilitarized zone (DMZ) is a network separated by a firewall from all other networks, including
the Internet and other internal networks. The typical goal behind the implementation of a DMZ
is to lock down access to servers that provide services to the Internet, such as email.
Hackers often gain access to networks by identifying the TCP/UDP ports on which applications
are listening for requests, then exploiting known vulnerabilities in applications. Firewalls
dramatically reduce the risk of such exploits by controlling access to specific ports on specific
servers.
Pre-installation
Deployment Strategies for Using the device in a DMZ
17
McAfee Email and Web Security Appliance 5.5 Installation Guide