Scribd Logo
Upload

Welcome to Scribd!

  • 20171220-060029550 - NDLP Prevent SMTP Integration With Mail IronPort

    Uploaded by

    ilija
    31 views18 pages
    MCafee Ironport integration

    Original Title

    20171220-060029550_NDLP Prevent SMTP Integration With Mail IronPort

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    MCafee Ironport integration

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views18 pages

    20171220-060029550 - NDLP Prevent SMTP Integration With Mail IronPort

    Uploaded by

    ilija
    MCafee Ironport integration

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    NDLP Training Document

    Prevent SMTP and IronPort Setup

    By Jon Nuñez

    Wednesday, September 23, 2009


    First you will need to setup 3
    interfaces. One for the physical
    address of the IronPort, one for traffic
    destined to the Prevent for scanning
    and the last one for traffic back to the
    IronPort after Prevent has added its
    headers.

    To add these you will need to


    navigate to NETWORKIP
    INTERFACES.

    To add an additional IP Interface click


    the ‘Add IP Interface’ in the upper left
    corner of the menu.

    Formatted: After: 0.25"


    2
    Next you will add the ‘Listeners’ for
    each portion of the communication
    path.

    To add these you will need to


    navigate to NETWORKLISTENERS.

    Formatted: After: 0.25"


    3
    Notice that 2 of the 3 ‘Listeners’
    above do not have a ‘Recipient Access
    Table’ or RAT. This is because they
    are set to private as seen here in the
    setup process under ‘Type of
    Listener’.

    Also ensure the ‘TCP Port’ is set to 25.

    Formatted: After: 0.25"


    4
    Next navigate to the ‘HAT Overview’,
    this is found under

    MAIL POLICIESHAT OVERVIEW

    Formatted: After: 0.25"


    5
    In the ‘HAT Overview’ you will be
    setting up the access or ‘Sender
    Group(s)’ for each Listener. This will
    allow or deny access to the specified
    ‘Listener’. For ease of setup in this
    example I have set the ‘Senders
    Group’ to ‘ALL’ for the ‘Mail Flow
    Policy’ named ‘RELAYED’ on all 3
    listeners. This will allow all
    connections to relay to the specified
    ‘Listener’.

    Also notice that each ‘Listener’ will


    need a ‘Sender Group’ associated
    with it. This will change per the
    environment.

    Formatted: After: 0.25"


    6
    Next, navigate to MAIL
    POLICIESOUTGOING MAIL
    POLICIES.

    You will need to setup a policy to


    This is where you will setup the actual allow relay from the IronPort Listener
    action you expect the IronPort to take to the IP of the Prevent IP.
    after Prevent has added its header
    You will also need a separate policy
    information.
    for all the actions you are scanning for
    with Prevent.

    Click on the ‘Add Filter’ Option in the


    upper left of the menu to add a new
    filter.

    Formatted: After: 0.25"


    7
    The following is one example of the
    relay setup and a header action. All
    header actions are the same only
    differ on the ‘Action’.

    Step One: Add Condition

    Formatted: After: 0.25"


    8
    Step Two: Add Action

    Formatted: After: 0.25"


    9
    This is the header based policy setup.

    Step One: Add Condition

    Formatted: After: 0.25"


    10
    Step Two: Add Action

    Formatted: After: 0.25"


    11
    Once you have setup all of your
    ‘Outgoing Content Filters’, you will
    need to enable the content filter you
    would like to use. To do this you will
    navigate to MAIL POLICIES
    OUTGOING MAIL POLICIES and select
    the hyperlink of policies under the
    ‘Content Filter’ column.

    Formatted: After: 0.25"


    12
    Note, you will need to not only set
    the Global setting at the top of the
    menu, but also individually select
    which policies will be enabled.

    Once you have ‘Committed Changes’

    in the upper right of the IronPort,


    you have finished the SMTP Prevent
    setup on the IronPort device.

    Formatted: After: 0.25"


    13
    The setup Process for Prevent SMTP
    can be broken down into the 3
    following steps.

    1. Provide ‘Email Server Settings’ and


    ‘Email Prevention’ mail server IP’s.

    You will find these setting under


    SYSTEMDEVICESCONFIGURE (for the
    Prevent appliance you are working on).
    2. Create an ‘Action Rule’ for the
    content you intend to scan for (in this
    example “Block”).

    These setting are found by navigating


    to POLICIESACTION RULES. You will
    need to add an ‘Action Rule’ in the
    upper left corner of the menu.

    Formatted: After: 0.25"


    15
    3. Finally, you will then setup your
    policy per the "use case" you have to
    take action on SMPT traffic.

    Remember the ‘Define’ tab is the


    setting needed for the "use case" you
    or the customer may have.

    The ‘Actions’ tab is where you will


    add the ‘Action Rule’ you have
    created.

    Save these settings after each step.

    Formatted: After: 0.25"


    16
    This document is for internal use only. Do not distribute to non McAfee Inc. Employees

    Any questions or clarification can be sent to jon_nunez@mcafee.com

    This document covers the IronPort C150 version 6.1 and NDLP version 8.5. Images may vary
    from version to version and platform to platform.

    Formatted: After: 0.25"


    17
    McAfee and/or other noted McAfee related products contained herein are registered trademarks or trademarks of McAfee, Inc., a nd/or

    its affiliates in the U.S. and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. Any other

    non-McAfee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole pro perty

    of their respective owners. © 2009 McAfee, Inc. All rights reserved.

    You might also like