HP Email Firewall Appliance Installation Manual

Email Firewall Installation Guide

Installation Guide for the 3Com® Email Firewall Guide d’installation pour le 3Com® Email Firewall 3Com® Email Firewall – Installationsanleitung Guida all’installazione di 3Com® Email Firewall Guía de instalación de Firewall 3Com® Email

http://www.3com.com/

Part No. DIA-MFA100-AAA01 Published January 2005

WORK

SHEET

3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064

Copyright © 2000-2005, BorderWare Technologies Inc. Used under license by 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from BorderWare Technologies Inc.

3Com Corporation and its licensors reserve the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation or its licensors to provide notification of such revision or change.

3Com Corporation and its licensors provide this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com Corporation and its licensors may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this Installation Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.

3Com and the 3Com logo are registered trademarks of 3Com Corporation. BorderWare, the Powered by BorderWare Logo, and BorderWare Security Network are trademarks or

registered trademarks of BorderWare Technologies Inc. in the United States and other jurisdictions. Microsoft and Windows are registered trademarks of Microsoft Corporation. All other company and product names may be trademarks of the respective companies with which they are

associated. ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we

are committed to: Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations. Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized

environmental standards. Maximizing the recyclable and reusable content of all products. Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards. Improving our environmental record on a continual basis.

End of Life Statement 3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement 3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation The documentation for this product is printed on paper that comes from sustainable, managed forests; it is

fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and the inks are vegetable-based with a low heavy-metal content.

ENCRYPTION This product contains encryption and may require U.S. and/or local government authorization prior to export

or import to another country.

2.101(a) and as such is provided with only such rights as are

1995) or FAR 52.227-14 (June 1987), whichever is

CONTENTS

ABOUT THIS GUIDE

Conventions 6 Related Documentation 7 Documentation Comments 7

1 PRE-INSTALLATION TASKS

Registering your 3Com Email Firewall 9 Deploying the 3Com Email Firewall 10 Using the Configuration Worksheet 11

Network Modifications 11 Network and Mail Configuration Settings 11

Modifying the Firewall/Router Configuration 12

2 INSTALLING THE 3COM EMAIL FIREWALL

Connect the 3Com Email Firewall to a Network 13 Connect to the 3Com Email Firewall via a Web Browser 14 Using the Setup Wizard 15

License Agreement 16 Anti-Virus License Agreement 16 Change Password 17 Set Time Zone 17 Network Configuration 18 Mail Configuration 19 Completion 20

Using the Licensing Wizard 21

3 POST-INSTALLATION TASKS

Checking the 3Com Email Firewall’s Status 25

Licensing 26

WORK

SHEET

BorderWare Mail Security Services 26 Network Services 26

Modify Internal Mail Server 27

Exchange 5.5 27

Exchange 2000 27 Testing Outbound Mail Delivery 28 Testing Inbound Mail Delivery 29

A CONFIGURING YOUR COMPUTER’S IP ADDRESS

Windows XP 31 Windows 2000 33

ABOUT THIS GUIDE

This guide describes how to initially install and configure your 3Com® Email Firewall.

The instructions in this guide will help you quickly get your 3Com Email Firewall setup on the network to accept and scan email messages.

This guide is intended for the system or network administrator who is responsible for configuring, using, and managing the 3Com Email Firewall. It assumes a working knowledge of TCP/IP network and email communications protocols.

For more detailed information on 3Com Email Firewall configuration, please see the accompanying User Guide.

If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes.

Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com

Wide Web site:

World

http://www.3com.com/products

6 ABOUT THIS GUIDE

Conventions Table 1 and Table 2 list conventions that are used throughout this guide.

Table 1 Notice Icons

Icon Notice Type Description

Information note Information that describes important features or

instructions

Caution Information that alerts you to potential loss of data or

potential damage to an application, system, or device

Warning Information that alerts you to potential personal injury

Table 2 Text Conventions

Convention Description Screen displays This typeface represents information as it appears on the

screen.

Syntax The word “syntax” means that you must evaluate the syntax

provided and then supply the appropriate values for the placeholders that appear in angle brackets. Example:

To change your password, use the following syntax:

system password <password>

In this example, you must supply a password for <password>.

Commands The word “command” means that you must enter the

command exactly as shown and then press Return or Enter. Commands appear in bold.

The words “enter” and

“type”

Keyboard key names If you must press two or more keys simultaneously, the key

Words in

italics

When you see the word “enter” in this guide, you must type something, and then press Return or Enter. Do not press Return or Enter when an instruction simply says “type.”

names are linked with a plus sign (+). Example:

Press Ctrl+Alt+Del

Italics are used to:

■ Emphasize a point.

■ Denote a new term at the place where it is defined in the

text.

■ Identify menu names, menu commands, and software

button names. Examples: From the

Help

menu, select

Contents

Click OK.

Related Documentation

Documentation Comments

In addition to this guide, each 3Com Email Firewall documentation set includes the following:

■

3Com Email Firewall User Guide

This guide contains:

■ Detailed information on 3Com Email Firewall configuration

■ Information on how to troubleshoot problems related to email

processing and communications

■

Release Notes

These notes provide information about the current software release, including new features, modifications, and known problems.

Your suggestions are very important to us. They will help make our documentation more useful to you. Please send comments about this document to 3Com via the following URL:

http://www.3com.com/corpinfo/en_US/contactus/index.html

Please include the following information when contacting us:

■ Document title

■ Document part number (on the title page)

■ Page number (if appropriate)

Example:

■ 3Com Email Firewall Installation Guide

■ Part number: DIA-MFA100-AAA01

■ Page 25

Please note that we can only respond to comments and questions about 3Com product documentation. Questions related to technical support or sales should be directed in the first instance to your network supplier.

8 ABOUT THIS GUIDE

PRE-INSTALLATION TASKS

This chapter contains information on the pre-installation tasks that need to be completed before installing the 3Com Email Firewall, and includes the following topics:

■ Registering your 3Com Email Firewall

■ Deploying the 3Com Email Firewall

■ Using the Configuration Worksheet

■ Modifying the Firewall/Router Configuration

Registering your 3Com Email Firewall

Before installation, you must register your 3Com Email Firewall License Key with 3Com. The License Key will be used during the installation process to license and activate the 3Com Email Firewall.

Using a web browser, go to the following URL:

http://esupport.3com.com

If you do not have an eSupport username and password, you must first register by clicking the Register Now link.

10 CHAPTER 1: PRE-INSTALLATION TASKS

After obtaining a username and password, login to 3Com eSupport and follow the instructions to register your 3Com Email Firewall with the License Key that came with your system.

Copy your License Key down on the included Configuration Worksheet. You will enter this key during the licensing process.

Deploying the 3Com Email Firewall

The 3Com Email Firewall is designed to be situated between your mail servers and the Internet so that there are no direct SMTP (Simple Mail Transport Protocol) connections between external and internal servers.

The 3Com Email Firewall is installed behind the existing firewall on the Internal network.

Inbound mail will be forwarded from the Firewall or Router to the 3Com Email Firewall where it will be scanned, processed, and then sent to your internal mail server for delivery.

Outbound mail will be sent from your internal mail server to the 3Com Email Firewall to be scanned, processed, and then delivered to the destination SMTP server on the Internet.

Using the Configuration Worksheet

Your documentation package includes a Configuration Worksheet that you will need to complete before continuing with the installation. The worksheet is used to document your current network environment and provide a list of your proposed changes when integrating the 3Com Email Firewall into your network.

Network Modifications Before proceeding with the installation, the following information about

your environment needs to be gathered:

■ Document current network settings

■ Determine which ports or proxies need to be configured on the

Firewall or Router

■ Identify changes required to the internal mail servers to route

outbound mail to the 3Com Email Firewall.

Network and Mail

Configuration Settings

When installing the 3Com Email Firewall for the first time, you will need to have the following information on hand. Use the included Configuration Worksheet to record these items.

■ Hostname — The Hostname assigned to the 3Com Email Firewall,

mail

such as

■ Domain — The Domain Name associated with the assigned

mail.example.com

Hostname. This is typically the domain that email is being processed for, such as

example.com

■ IP Address — Enter the IP address you will be using for this 3Com

Email Firewall. The default is 192.168.1.253 and you can use this address if it does not conflict with any other internal systems.

■ Net Mask — Enter the appropriate net mask for your network. If your

IP address is 192.168.1.253, then the net mask will be

255.255.255.0.

■ Gateway — Enter the default gateway for this 3Com Email Firewall.

This is typically the hostname or IP address of your router.

■ Name Server — The IP address or hostname of your network’s DNS

server.

■ Internal Mail Server Address — The FQDN (Fully Qualified Domain

Name) or IP address of the internal Mail Server, such as

exchange.example.com

12 CHAPTER 1: PRE-INSTALLATION TASKS

■ Administrator Email Address — Enter an email address for the

administrator of this 3Com Email Firewall. Notifications will go to this

email address.

■ Proxy — Enter an optional proxy server if you use one on your

network. If you use a proxy server, this is required for Anti-Virus,

Anti-Spam, and Licensing updates to work properly. Enter the address

in the format https://hostname:port, such as:

https://proxy.example.com:8080

■ Proxy Username and Password — Enter a username and password for

the proxy server.

Modifying the Firewall/Router Configuration

For the 3Com Email Firewall to function properly, various networking ports or proxies must be configured on your firewall or router.

The following table describes the list of ports required:

Table 3 Firewall/Router Port Configuration

From

Port Description 21 FTP for

system

backups 25 SMTP ✓ ✓ ✓ ✓ TCP 53 DNS ✓ ✓ UDP/TCP 80 Anti-Virus

Updates 123 NTP

(Network

Time

Protocol) 443 Security

Connection 443 Secure

Admin 514 Syslog ✓ UDP 6277 DCC ✓ UDP

From Internet

✓ ✓ TCP

To Internet

✓ TCP

✓ ✓ UDP

✓ TCP

Internal Network

To Internal Network Protocol

✓ TCP

INSTALLING THE 3COM EMAIL FIREWALL

When you have completed your pre-installation tasks and have all the information you need for the initial configuration of the 3Com Email Firewall, you are now ready for the installation.

The installation includes the following steps:

■ Connect the 3Com Email Firewall to a Network

■ Connect to the 3Com Email Firewall via a Web Browser

■ Using the Setup Wizard

■ Using the Licensing Wizard

Connect the 3Com Email Firewall to a Network

Install and connect the 3Com Email Firewall as follows:

1 Unpack the 3Com Email Firewall, cables, and documentation. 2 Connect the power cable from a power source to your 3Com Email

Firewall.

3 To begin the installation and configuration of the 3Com Email Firewall,

you must first connect directly to it using another computer. This can be accomplished in two ways:

■ Connecting both your 3Com Email Firewall and computer to a

network hub or switch via a normal Ethernet network cable.

14 CHAPTER 2: INSTALLING THE 3COM EMAIL FIREWALL

■ Connecting your 3Com Email Firewall and computer directly using

a crossover cable.

Connect to the 3Com Email Firewall via a Web Browser

Connect to the 3Com Email Firewall from your configuration computer as follows:

1 Ensure the 3Com Email Firewall and your computer are properly

connected on the network either directly or via a hub or switch.

2 Turn on the power of the 3Com Email Firewall. Wait at least 1 to 2

minutes for the system to fully start before trying to connect.

3 The default IP address used by the 3Com Email Firewall is 192.168.1.253.

Reconfigure your computer’s local network settings to use an address on the same network. Use the IP address 192.168.1.252 with a subnet mask of 255.255.255.0.

See Appendix A on page 31 for instructions on changing your computer’s IP address.

If there are existing systems on the network using these addresses, use a crossover Ethernet cable to connect the computer and 3Com Email Firewall together as an isolated connection.

4 Launch a web browser on your computer and enter 192.168.1.253 as

the URL in the location bar.

5 Login using the username admin with the default password of admin.

The Welcome screen of the Setup Wizard will then be displayed.

Using the Setup Wizard

The Setup Wizard will guide you through the installation of the 3Com Email Firewall.

Click the Next button to continue with the initial configuration of the 3Com Email Firewall.

During the installation, you can always go back to a previous screen by clicking the Back button.

16 CHAPTER 2: INSTALLING THE 3COM EMAIL FIREWALL

License Agreement When the 3Com Email Firewall is installed for the first time, you must

complete the initialization phase by reading and accepting the license agreement.

Read the license agreement, select I Accept, and then click Next to continue.

Anti-Virus License

Agreement

You must read and accept the Anti-Virus software license agreement before continuing.

Read the license agreement, select Accept, and then click Next to continue.

Using the Setup Wizard

Change Password Change the default password of the 3Com Email Firewall by entering the

default password admin, and then enter and confirm a new password.

Choose a secure password of at least 8 characters in length, and include a mixture of upper and lowercase alphabetic characters, numbers, and special characters such as the “@” symbol.

The password is case sensitive and you can use both upper and lower case characters.

Click Next to continue.

Set Time Zone Set your region, country, and time zone. Click Next to continue.

18 CHAPTER 2: INSTALLING THE 3COM EMAIL FIREWALL

Network Configuration Enter the following required networking information from your

Configuration Worksheet.

■ Hostname — Enter the hostname (not the full domain name) of the

mail

3Com Email Firewall, such as

mail.example.com

■ Domain — Enter the domain name, such as

■ IP Address — Enter the IP address for this 3Com Email Firewall. The

example.com

default is 192.168.1.253 and you can use this address if it does not conflict with any other internal systems.

■ Net Mask — Enter the appropriate net mask for your network. If your

IP address is 192.168.1.253, then the net mask will be

255.255.255.0.

■ Gateway — Enter the default gateway for this 3Com Email Firewall.

This is typically the hostname or IP address of your router.

■ Name Server — Enter the hostname or IP address of your DNS server.

Click Next to continue.

Using the Setup Wizard

Mail Configuration Enter the following required mail configuration settings from your

Configuration Worksheet.

■ Internal Mail Server Address — Enter the IP Address or hostname of

the internal mail server where mail will be delivered after being processed by the 3Com Email Firewall. If you have more than one internal Mail Server, you can add additional addresses after the installation is complete.

■ Administrator Email Address — Enter an email address for the

administrator of this 3Com Email Firewall. Notifications will go to this email address.

■ Anti-Spam Action — Set your default action for the 3Com Email

Firewall’s Anti-Spam features. The choices are as follows:

■ Disabled — The Anti-Spam features are disabled.

■ Modify Subject Headings — Anti-Spam features are enabled.

Messages determined to be spam will have their subject field modified with text such as [SPAM].

■ User-Quarantine Mail — User Spam Quarantine Anti-Spam

features are enabled. Messages determined to be spam will be redirected to the User Spam Quarantine. Action will be set to

Redirect To

with the 3Com Email Firewall hostname as the Action

Data.

20 CHAPTER 2: INSTALLING THE 3COM EMAIL FIREWALL

■ Use Secure Proxy — Select the check box to enable use of a web proxy

server if you use one on your network. If you use a proxy server, this setting is required for Anti-Virus, Anti-Spam, and Licensing updates to work properly.

■ Address — Enter the proxy server address in the format

https://hostname:port.

■ User Name — Enter a valid user name for the proxy server.

■ Password — Enter and confirm a corresponding password for the user

name entered above.

Click Next to continue.

Completion You have completed the initial configuration of the 3Com Email Firewall.

Ensure that you read the final instructions on the Setup Wizard’s

Completion

screen.

Click Finish to shutdown the system.

When the 3Com Email Firewall is shutdown, connect the network interface to a network that will be able to access the Internet.

The License Wizard will need to access the Internet to activate your system with 3Com.

Using the Licensing Wizard

After completing the initial configuration with the Setup Wizard and restarting your 3Com Email Firewall, the License Wizard will guide you through the procedure to license your system.

The 3Com Email Firewall must be registered at before starting this procedure. See

Firewall” on page 9.

1 Ensure the 3Com Email Firewall is connected to a network that can

access the Internet. The 3Com Email Firewall will be using the new IP address that you set during the network configuration.

2 Power on the 3Com Email Firewall. Wait at least 1 to 2 minutes for the

system to start before trying to connect.

3 Set the IP address of your configuration computer to an address used on

the same network. See on changing your computer’s IP Address.

4 Launch a web browser on your computer and enter the new IP address of

the 3Com Email Firewall as the URL in the location bar.

5 You will be prompted to login using the new password that you set

during the initial configuration.

Appendix A on page 31 for detailed information

“Registering your 3Com Email

esupport.3com.com

The Licensing Wizard will now begin.

22 CHAPTER 2: INSTALLING THE 3COM EMAIL FIREWALL

6 Enter your License Key and click Next to continue.

7 Confirm your registration information by ensuring your System ID and

License Key information are correct, and click Next to continue.

Using the Licensing Wizard

8 The 3Com Email Firewall is now licensed and the installation is complete.

Click Finish to continue.

9 The main 3Com Email Firewall

The mail services are initially in a stopped state after installation. Click the Start button to start the mail processing.

Activity

screen will now be displayed.

After clicking Start, you may receive a message that the Anti-Virus updates have not been completed. After installation, the first update will not occur for a default 60 minutes. You can go to Mail Delivery -> Anti-Virus to initiate an immediate update.

24 CHAPTER 2: INSTALLING THE 3COM EMAIL FIREWALL

POST-INSTALLATION TASKS

This chapter contains information on the post-installation tasks that need to be completed after installing the 3Com Email Firewall, and includes the following topics:

■ Checking the 3Com Email Firewall’s Status

■ Modify Internal Mail Server

■ Testing Outbound Mail Delivery

■ Testing Inbound Mail Delivery

Checking the 3Com Email Firewall’s Status

When the installation is complete, select Status from the main menu to determine if all services and servers are functioning.

26 CHAPTER 3: POST-INSTALLATION TASKS

Ensure that the following services are running:

Licensing ■ License — Displays your license information including the expiration

date. If this information is incorrect, or if you have installed a license and it does not display as active, please contact 3Com support.

■ Licensed Users — Indicates the number of licensed users supported by

the 3Com Email Firewall. If this information is incorrect and you have already installed a license, please contact 3Com support.

BorderWare Mail

Security Services

■ Security Server — Indicates the status of the Security Server and the

last time an update was retrieved.

■ Anti-Spam Server — Indicates the status of the Anti-Spam server.

■ Anti-Virus Server — Indicates the status of your Anti-Virus services and

the time of the last check for a pattern file update.

Network Services ■ Internal Mail Server — Indicates the status of your internal mail server.

If it is inaccessible, check the internal mail server to ensure that it is running. Perform network tests to ensure you have connectivity between the 3Com Email Firewall and the internal mail server.

■ Gateway — Indicates your connection to the local gateway, which is

typically your router. If the gateway is inaccessible, ensure that it is up and running and perform network tests to ensure connectivity between the 3Com Email Firewall and the gateway.

■ DNS Server — Indicates that DNS services are working properly. If the

server is inaccessible, check your DNS server to ensure it is running and perform network tests between the 3Com Email Firewall and the DNS server to ensure they are communicating.

■ Time Server — Indicates that your network time server is up and

running. If the server is inaccessible, check your NTP server to ensure it is running and perform network tests between the 3Com Email Firewall and the NTP server to ensure they are communicating.

If there are issues with a certain service, you can click the service check icon beside the help button to perform a test of that particular service.

Modify Internal Mail Server

Exchange 5.5 For Exchange 5.5 systems, use the following procedure:

Exchange 2000 For Exchange 2000 systems, use the following procedure:

Changes are required to your existing internal mail server(s) to route outbound mail through the 3Com Email Firewall. You must configure your internal mail servers to use the 3Com Email Firewall hostname or IP address for SMTP delivery.

This procedure depends on the type of internal mail server you are using. The following instructions are for a Microsoft

1 Open Exchange Administrator. 2 Go to Organization -> Site -> Configuration -> Connections -> Internet

Mail Service Properties.

3 In the Connections tab, go to the Message Delivery section and in the

dialog box 3Com Email Firewall.

1 Open Exchange System Manager. 2 Go to Servers -> Exchange server name -> Protocols -> SMTP -> Default

SMTP virtual server -> Properties -> Delivery -> Advanced.

3 In the Smart host dialog box, enter the FQDN, such as

or IP address of the 3Com Email Firewall in brackets, such as:

Forward all messages to host

Exchange server.

, enter the IP address of the

mail.example.com

[192.168.1.253]

28 CHAPTER 3: POST-INSTALLATION TASKS

Testing Outbound Mail Delivery

To test your outbound mail path, use the following procedure to send an email outside of your network:

1 From an internal client computer, send an email to an external user

outside of your network.

2 Check the

message shows up in the

Activity

page of the 3Com Email Firewall to ensure the mail

Mail Received Recently

section. Click the

Refresh button to provide an updated view.

3 Check the email mailbox of the destination external user to ensure the

mail was delivered.

In this scenario, the mail message should use the following route:

■ Internal mail client to your internal mail server

■ Internal mail server to the 3Com Email Firewall

■ 3Com Email Firewall to the Firewall/Router

■ Firewall/Router to the external destination mail client

If your message was not delivered, start with your internal mail client and work your way along the route until the point at where the mail was not delivered to the next point.

When you have isolated the problem, modify your configuration and retry the test.

Testing Inbound Mail Delivery

When you have successfully tested an outbound mail message, you must send an inbound message to ensure that your router or firewall is properly configured to forward SMTP port 25 connections to the 3Com Email Firewall.

1 Modify your Firewall or Router configuration to ensure that incoming

SMTP port 25 connections are forwarded to the hostname or IP address

of the 3Com Email Firewall. 2 From an external mail address, send an email to an internal mail client. 3 Check the

message shows up in the

Activity

page of the 3Com Email Firewall to ensure the mail

Mail Received Recently

section. Click the

Refresh button to provide an updated view.

In this scenario, the mail message should use the following route:

■ External mail client to your Firewall/Router

■ Firewall/Router to the 3Com Email Firewall

■ 3Com Email Firewall to the internal mail server

■ Internal mail server to the internal mail client

If your message was not delivered, start with your external mail client and

work your way along the route until the point at where the mail was not

delivered to the next point.

When you have isolated the problem, modify your configuration and

retry the test.

30 CHAPTER 3: POST-INSTALLATION TASKS

+ 146 hidden pages