IBM Proventia Getting Started Manual Download

Page: 1 / 40

IBM Internet Security Systems

IBM Proventia

Network Mail Security System

Getting Started Guide

Version 1.6

Summary of Contents for Proventia

Page 1: ...IBM Internet Security Systems IBM Proventia Network Mail Security System Getting Started Guide Version 1 6 ...

Page 2: ...s information is at the user s own risk IBM Internet Security Systems disclaims all warranties either expressed or implied including the warranties of merchantability and fitness for a particular purpose In no event shall IBM ISS be liable for any damages whatsoever including direct indirect incidental consequential or special damages arising from the use or dissemination hereof even if IBM Intern...

Page 3: ...ge Contents 10 About the Appliance 11 Understanding SMTP Mail Routing 13 Chapter 2 Getting Connected Overview 19 Getting Started 20 Connecting the Appliance 21 Configuring the Appliance 23 Completing the Initial Configuration 26 Accessing Proventia Manager 29 Working with Proventia Manager 30 Installing License Keys 33 Applying Mail Security Updates 35 Verifying Network Connectivity and SMTP Setti...

Page 4: ...Contents 4 IBM Internet Security Systems ...

Page 5: ...ludes general information and procedures required for connecting the appliance to your network and configuring the basic settings for the appliance Audience This guide is intended for Administrators with a fundamental knowledge of mail security best practices and SMTP configuration Note If you are running the appliance on VMware see the Getting Started Guide for VMware Workstation on the IBM ISS W...

Page 6: ...products download the IBM Licensing Agreement from http www 935 ibm com services us iss html contracts_landing html Document Contents IBM Proventia Network Mail Security System Getting Started Guide for VMware Workstation This guide contains information on how to set up the appliance on VMware IBM Proventia Network Mail Security System Administrator Guide This guide contains information on configu...

Page 7: ...hite papers and the Technical Support Knowledgebase Hours of support The following table provides hours for Technical Support at the Americas and other locations Contact information For contact information go to the IBM Internet Security Systems IBM ISS Resource Center Web site at http www 935 ibm com services us index wss offering iss a1029178 Location Hours Americas 24 hours a day All other loca...

Page 8: ...Preface 8 IBM Internet Security Systems ...

Page 9: ...1 Introduction to the Appliance Overview Introduction This chapter contains introductory information about deploying your appliance In this chapter This chapter contains the following topics Topic Page Appliance Package Contents 10 About the Appliance 11 Understanding SMTP Mail Routing 13 ...

Page 10: ...hat you have all of the package contents necessary to install the appliance Verifying the contents Verify the appliance package includes the following 9 Item IBM Proventia Network Mail Security System appliance Ethernet crossover cable Power cord Recovery CD pack Getting Started Guide Warranty statement Table 1 Materials for connecting the appliance ...

Page 11: ...re 1 Front panel of the appliance The front panel of the appliance includes the following Label Description A LED Indicators from left to right Power LED Green HDD Activity LED Green LAN1 LED Green LAN2 LED Green Fault Event LED Amber B The LCD module navigation arrow keys are used for entering IP addresses C The LCD controller module is used for initial network configuration D The LCD module conf...

Page 12: ...d to re route mail traffic through the appliance before it can inspect all incoming mail and then forward the clean mail on to internal mail servers Make sure the ETH1 interface is configured as the default gateway IP address for the appliance Figure 3 ETH1 interface setup Label Description E Ethernet Port 2 ETH2 F Ethernet Port 3 ETH3 G Ethernet Port 1 ETH1 This is the default gateway for the app...

Page 13: ...eck what servers are responsible for your domain by performing an nslookup on the MX DNS records for that domain Example of performing a DNS lookup The following example shows how to check the MX DNS records for the iss net domain Open a command prompt and then enter the following nslookup The output would look something like the following Default Server dns server Address x x x x Now enter the fo...

Page 14: ...1 iss net is unreachable the sending Internet mail servers will use colo mx1 iss net or sfld mx1 iss net to deliver email messages for the iss net domain Using the same MX preference automatically load balances the mail traffic beyond the servers with the same priority If you have multiple mail servers available for redundancy and or load balancing the use of multiple DNS MX entries with the same ...

Page 15: ...SMTP on TCP port 25 You can assign mail servers with the configured MX IP addresses or an external firewall router switch can own these IP addresses and forward for example destination NAT incoming SMTP connections on these addresses to the appropriate internal servers This allows mail traffic to be efficiently balanced so that if one system fails the other system takes over completely redundancy ...

Page 16: ...MX entries on your DNS servers to new addresses the DNS population over the Internet can take up to three days 72 hours Make sure you can re route SMTP traffic on MX IP addresses before you change any DNS records Example of outgoing mail traffic Important Even if you only want to scan incoming mail traffic you should still configure outgoing SMTP which is used for email messages generated from the...

Page 17: ... built in anti relay check that protects the appliance from being used by unauthorized users or spammers to send unsolicited junk mail to other Internet users The appliance delivers email messages to external mail domains as follows Performs direct MX DNS lookups and then sends the email messages via SMTP directly to responsible servers on the Internet Forwards all outgoing email messages to anoth...

Page 18: ... Optional DNS UDP 53 9 HTTPS for Management TCP 43 9 SMTP for sending and receiving email messages TCP 25 inbound and outbound 9 SSH for appliance Console access TCP 22 9 HTTPS only if end user access is enabled TCP 4443 9 SNMP GET only if SNMP is enabled UDP 160 9 SNMP Trap only if SNMP Trap is enabled UDP 161 9 LDAP only if LDAP integration is enabled TCP 389 9 the IBM SiteProtector Console if S...

Page 19: ...elp you gather information to complete these tasks In this chapter This chapter contains the following topics Topic Page Getting Started 20 Connecting the Appliance 21 Configuring the Appliance 23 Completing the Initial Configuration 26 Accessing Proventia Manager 29 Working with Proventia Manager 30 Installing License Keys 35 Applying Mail Security Updates 35 Verifying Network Connectivity and SM...

Page 20: ...ring the Appliance on page 23 3 Log in to the Setup Assistant and configure initial network settings Completing the Initial Configuration on page 26 4 Verify you have the following Internet Explorer version 6 0 or later Java Runtime Environment JRE version 1 5 The application prompts you with an installation link if you do not have it installed N A 5 Open Internet Explorer and log in to Proventia ...

Page 21: ...hysical Ethernet connection to a switch Static IP address within the network Default gateway Accessible DNS server UDP 53 HTTPS TCP 443 accessible to the Internet for updates and optional proxy usage SMTP TCP 25 inbound and outbound accessible for the following uses To the Internet for outgoing mail relay usage To receive mails from the Internet To all configured internal mail servers SSH TCP 22 a...

Page 22: ...ternet Security Systems An accessible email account on the internal server for the following uses Alerting messages Testing purposes Routing firewall rules set up to the internal mail servers 9 Item Table 6 Installation checklist Continued ...

Page 23: ...t 3 Connect the provided RED Ethernet cross over cable from the ETH0 port on the appliance to the computer 4 Turn on the appliance and wait until it fully boots 5 Open a Web browser and go to https 192 168 123 123 6 Click Yes when the security alert window appears 7 Type admin for the username and admin for the password and then click Next 8 Go to Completing the Initial Configuration on page 26 Op...

Page 24: ...perterminal 1 On your computer select Start Programs Accessories Communications 2 Select Hyperterminal 3 Create a new connection using the following settings 4 Press ENTER to establish a connection When the connection is established the Proventia Setup Configuration Menu appears Tip If you are unable to establish a connection make sure the appliance has power and that you have started the applianc...

Page 25: ...iance is connected to a switch or hub an Ethernet crossover cable if the appliance is connected directly to a PC 4 Go to Completing the Initial Configuration on page 26 For ETH1 if you want to assign Do this a DHCP server 1 Press F1 to select DHCP 2 Press ENTER to confirm your settings or press F1 to cancel the selection a static IP address 1 Press F2 to select a static IP address 2 Use the LCD mo...

Page 26: ...p Assistant The following table describes the required information Tab Task Tab Description License Key Install the appliance license keys Download the antispam and antivirus keys for the appliance You will not be able to update signatures for the mail security database without these keys Passwords Set the passwords for the appliance Set the following required passwords for appliance access Root T...

Page 27: ...incoming email messages Provide the mail server IP address for each internal mail exchange domain as in the following example Use maildomain1 IP to forward all email messages for maildomain1 to its respective IP address Provide addresses for relay hosts Sending Emails Enable this setting to configure the delivery of outgoing email messages Use one of the following delivery mechanisms DNS resolutio...

Page 28: ...he appliance to notify you by email for the following events Mail security issues System errors System warnings System information Time Set the date and time for the appliance Provide the date and time for the appliance Note To synchronize the appliance time with the time of a network server you must enable the Network Time Protocol NTP and provide the IP address of the server Tab Task Tab Descrip...

Page 29: ...ecurity policies Set up and manage accounts for end users who want to use personal block and allow lists Generate predefined reports about email usage on the network Tune appliance settings using advanced parameters Logging on to Proventia Manager To log on to the Proventia Manager interface 1 Open a Web browser and then go to the DNS name or IP address of the appliance like in the following examp...

Page 30: ...iance including statistics of running processes and the status of mail flow within the appliance Database Writer Queue This queue contains the records of analyzed email messages that have not been written to the database Analysis Queue Rating The number of records in the analysis queue Resource Shortage The status of RAM diskspace on the appliance Message Tracking Queue The number of email message...

Page 31: ...ued for Re Delivery This graph shows the number of email messages that were sent to the target SMTP server but failed to be processed due to a temporary error such as the server was not reachable The email message is moved to the resend queue to be resent by the appliance A large resend queue indicates that there is an email message delivery problem Note The number of email messages in the resend ...

Page 32: ...has been online The time is given in the x days x hours x minutes format 10 days 3 hours 36 minutes Last Restart The time the appliance was last restarted The time is given in the yyyy mm dd hh mm ss format 2008 12 31 12 45 10 System Time The time on the machine running the appliance software Total Network Interfaces The number of interfaces on your appliance Bound IP Addresses The IP addresses cu...

Page 33: ...ns for registering generating and downloading license keys Downloading license keys The Registered End User will need to follow these steps in order to download the license key s from the License Registration Center 1 Go to the IBM ISS License Registration Center at https www1 iss net lrc 2 Enter the order confirmation number OCN and the password provided in the email message 3 Optional Complete t...

Page 34: ...Getting Connected 34 IBM Internet Security Systems 6 Follow the same procedures Step 3 through Step 5 to install the key for the Antivirus License You are now ready to apply mail security updates to the appliance ...

Page 35: ...ity updates provide daily updates of URLs and spam signatures for the appliance Important You should update your local mail security database at least once daily to keep it up to date 1 In Proventia Manager click Updates and then click Status Licensing 2 Click View versions online at the bottom of the page to access a Web page that lists each update and its contents Downloading and manually instal...

Page 36: ...e in order to verify network connectivity and the SMTP settings 3 Send a test email message to your mailbox on the internal mail server and one to an external email account for example a webmail account When both email messages arrive in their respective inboxes you will be able to send inbound and outbound email messages using the appliance 4 Click Mail Security and then click Policy to configure...

Page 37: ...sing MYMAIL as the subject of the test email messages Every mail with the string MYMAIL in the Subject will be tagged Found MYMAIL in MYMAIL If the test does not work as expected verify the following That the email message was actually sent through the appliance RECEIVED header That the appliance is able to send email messages to internal mail servers and to mail servers on the Internet ...

Page 38: ...the guidance of IBM ISS Technical Support Recovery process Use the following procedure to reinstall the firmware on your appliance 1 Connect a computer monitor to the appliance 2 Boot the Recovery CD 3 At the prompt type reinstall and then press ENTER The installer reloads the operating system Note When the reinstallation is complete the appliance automatically reboots Let the appliance complete t...

Page 39: ...figuring the appliance 23 d date settings 28 direct MX DNS lookups 17 DNS lookup 13 DNS MX entries changing 16 DNS query 13 DNS resolution 27 domain name server 13 e ETH0 12 ETH1 12 configuring from LCD 25 ETH2 12 ETH3 12 Ethernet Port 0 12 Ethernet Port 1 12 Ethernet Port 2 12 Ethernet Port 3 12 events 28 f Forward delivery 27 front panel of the appliance 11 h Home page diagnostic tabs 30 host na...

Page 40: ...g 14 m mail security policy configuring 36 MX preferences 14 MYMAIL 37 o order confirmation number 33 outbound SMTP settings 27 p passwords initial setup 26 Proventia Manager accessing 29 Home page 30 PuTTY 24 r Recovery CD 38 recovery process 38 Registered End User 33 reinstalling the appliance 38 relaying email messages example 14 15 relaying outgoing email messages 17 relaying SMTP traffic 15 r...

Search results

Summary of Contents for Proventia

Reviews:

Related manuals for Proventia

Brands by name

Popular brands

IBM Proventia, Getting Started Manual

Search results

Summary of Contents for Proventia

Reviews:

Related manuals for Proventia

Brands by name

Popular brands