You are on page 1of 62

SETUP GUIDE

IronMail Messaging Gateway Security


Version 6.7

S ETUP G UIDE IronMail Messaging Gateway Security


Version 6.7

iii

Copyright
2008 Secure Computing Corporation. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Secure Computing Corporation.

Trademarks
Secure Computing, SafeWord, Sidewinder, Sidewinder G2, Sidewinder G2 Firewall, SmartFilter, Type Enforcement, CipherTrust, IronMail, IronIM, SofToken, Enterprise Strong, Mobile Pass, G2 Firewall, PremierAccess, SecureSupport, SecureOS, Bess, Cyberguard, SnapGear, Total Stream Protection, Webwasher, Strikeback and Web Inspector are trademarks of Secure Computing Corporation, registered in the U.S. Patent and Trademark Office and in other countries. G2 Enterprise Manager, SmartReporter, SecurityReporter, Application Defenses, Central Management Control, RemoteAccess, SecureWire, TrustedSource, On-Box, Securing connections between people, applications and networks and Access Begins with Identity are trademarks of Secure Computing Corporation.

Software License Agreement


CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE LOADING THE SOFTWARE. THIS AGREEMENT GOVERNS THE USE OF THE SOFTWARE (AS DEFINED BELOW). BY CLICKING I ACCEPT BELOW, OR BY INSTALLING, COPYING, OR OTHERWISE USING THE SOFTWARE, YOU ARE SIGNING THIS AGREEMENT, THEREBY BECOMING BOUND BY ITS TERMS. BY INDICATING YOUR AGREEMENT, YOU ALSO REPRESENT AND WARRANT THAT YOU ARE A DULY AUTHORIZED REPRESENTATIVE OF THE ENTITY THAT HAS PURCHASED THE SOFTWARE AND THAT YOU HAVE THE RIGHT AND AUTHORITY TO ENTER INTO THIS AGREEMENT ON THE ENTITYS BEHALF. IF YOU DO NOT AGREE WITH THIS AGREEMENT, THEN CLICK I DO NOT ACCEPT BELOW OR DO NOT USE THE SOFTWARE AND RETURN ALL COPIES OF THE SOFTWARE AND DOCUMENTATION TO SECURE COMPUTING CORPORATION (SECURE COMPUTING) OR THE RESELLER FROM WHOM YOU OBTAINED THE SOFTWARE. 1. DEFINITIONS. Documentation means the published user manuals and documentation that are made available for the Software. Secure Computing Software means the machine-readable object-code versions of certain Secure Computing messaging gateway software applications (for example, without limitation, IronMail, IronIM, IronNet and Secure Computing Edge) as indicated on your invoice and any updates or revisions of the Secure Computing Software that you may receive. Software Module shall mean software applications that Secure Computing licenses to its customers in addition to the Secure Computing Software (for example, without limitation, anti-virus software) as indicated on your invoice and any updates or revisions of the Software Module that you may receive. Software shall mean collectively the Secure Computing Software and, if purchased by you, the Software Module(s). 2. GRANT OF LICENSE. Secure Computing grants to you, and you accept, (a) a non-exclusive, and non-transferable license to use the Secure Computing Software solely on and in conjunction with the Secure Computing appliance on which the Secure Computing Software is installed, and, if purchased by you, (b) a non-exclusive, non-transferable license to use the Software Module(s) for a specific period of time and for the specific number of licensed users as each is indicated on your invoice solely on and in conjunction with the Secure Computing appliance on which the Software Module is installed. Under no circumstances will you receive any source code of the Software. Secure Computing also grants to you, and you accept, a nonexclusive, and non-transferable license to use the Documentation solely in conjunction with the Software. 3. LIMITATION OF USE. You may not: 1) copy, except to make one copy of the Software solely for back-up or archival purposes; 2) transfer, distribute, rent, lease or sublicense all or any portion of the Software or Documentation to any third party; 3) translate, modify, adapt, decompile, disassemble, or reverse engineer any Software in whole or in part; 4) modify or prepare derivative works of the Software or the Documentation; or 5) use the Software to process the data of a third party. You agree to keep confidential and use your best efforts to prevent and protect the contents of the Software and Documentation from unauthorized disclosure or use. Secure Computing reserves all rights that are not expressly granted to you. 4. DISCLAIMER OF WARRANTIES. Secure Computing does not warrant that the functions contained in the Software will meet your requirements or that operation of the program will be uninterrupted or error-free. The entire risk as to the results and performance of the Software is assumed by you. THE SOFTWARE IS FURNISHED, AS IS WITHOUT ANY WARRANTY OF ANY KIND, AND SECURE COMPUTING AND ITS LICENSORS HEREBY DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY IN RESPECT OF THE SOFTWARE INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES AS TO NON-INFRINGEMENT. SOME STATES AND COUNTRIES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY HAVE OTHER RIGHTS WHICH VARY BY STATE OR COUNTRY. 5. LIMITATION OF REMEDIES. SECURE COMPUTINGS AND ITS LICENSORS ENTIRE LIABILITY UNDER, FOR BREACH OF, OR ARISING OUT OF THIS AGREEMENT, IS LIMITED TO A REFUND OF THE PURCHASE PRICE OF THE PRODUCT OR SERVICE THAT GAVE RISE TO THE CLAIM. IN NO EVENT SHALL SECURE COMPUTING OR ITS LICENSORS BE

LIABLE FOR YOUR COST OF PROCURING SUBSTITUTE GOODS. IN NO EVENT WILL SECURE COMPUTING OR ITS LICENSORS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT SECURE COMPUTING HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. 6. TERM AND TERMINATION. This license is effective until terminated. You may terminate it at any time by destroying the Software, including all computer programs and Documentation, and erasing any copies residing on computer equipment. This Agreement also will automatically terminate if you do not comply with any terms or conditions of this Agreement. Upon such termination you agree to destroy the Software and Documentation and erase all copies of the Software residing on computer equipment. Notwithstanding the foregoing, each license to use a Software Module will automatically terminate on expiration of its applicable term (as set forth on your invoice) unless it is renewed prior to such termination. 7. PROTECTION OF CONFIDENTIAL INFORMATION. The Software and Documentation are delivered to you on a confidential basis and you are responsible for employing reasonable measures to prevent the unauthorized disclosure or use thereof, which measures shall not be less than those measures employed by you in protecting your own proprietary information. You may disclose the Software or Documentation to your employees as necessary for the use permitted under this Agreement. You shall not remove any trademark, trade name, copyright notice or other proprietary notice from the Software or Documentation. 8. OWNERSHIP. The Software and Documentation are licensed (not sold) to you. All intellectual property rights including trademarks, service marks, patents, copyrights, trade secrets, and other proprietary rights in or related to the Software and Documentation are and will remain the property of Secure Computing or its licensors, whether or not specifically recognized or protected under local law. You will not remove any product identification, copyright notices, or other legends set forth on the Software or Documentation. 9. EXPORT RESTRICTIONS. You agree to comply with all applicable United States export control laws, and regulations, as from time to time amended, including without limitation, the laws and regulations administered by the United States Department of Commerce and the United States Department of State. You have been advised that the Software is subject to the U.S. Export Administration Regulations. You shall not export, import or transfer Software contrary to U.S. or other applicable laws, whether directly or indirectly, and will not cause, approve or otherwise facilitate others such as agents or any third parties in doing so. You represent and agree that neither the United States Department of Commerce nor any other federal agency has suspended, revoked or denied your export privileges. You agree not to use or transfer the Software for end use relating to any nuclear, chemical or biological weapons, or missile technology unless authorized by the U.S. Government by regulation or specific license. 10. U.S. GOVERNMENT RIGHTS. Any Software or Documentation acquired by or on behalf of a unit or agency of the United States Government is commercial computer software or commercial computer software documentation and, absent a written agreement to the contrary, the Governments rights with respect to such Software or Documentation are limited by the terms of this Agreement, pursuant to FAR 12.212(a) and its successor regulations and/or DFARS 227.7202-1(a) and its successor regulations, as applicable. 11. ENTIRE AGREEMENT. This Agreement is our offer to license the Software and Documentation to you exclusively on the terms set forth in this Agreement, and is subject to the condition that you accept these terms in their entirety. If you have submitted (or hereafter submit) different, additional, or other alternative terms to Secure Computing or any reseller or authorized dealer, whether through a purchase order or otherwise, we object to and reject those terms. Without limiting the generality of the foregoing, to the extent that you have submitted a purchase order for the Software, any shipment to you of the Software is not an acceptance of your purchase order, but rather is a counteroffer subject to your acceptance of this Agreement without any objections or modifications by you. To the extent that we are deemed to have formed a contract with you related to the Software prior to your acceptance of this Agreement, this Agreement shall govern and shall be deemed to be a modification of any prior terms in their entirety. 12. GENERAL. Any waiver of or modification to the terms of this Agreement will not be effective unless executed in writing and signed by Secure Computing. If any provision of this Agreement is held to be unenforceable, in whole or in part, such holding shall not affect the validity of the other provisions of this Agreement. You may not assign this License Agreement or any associated transactions without the written consent of Secure Computing. This License Agreement shall be governed by and construed in accordance with the laws of California, without regard to its conflicts of laws provisions.

ii

Technical Support information


Secure Computing works closely with our reseller partners to offer the best worldwide Technical Support services. Your Secure Computing reseller is the first line of support when you have questions about our products and services; however, if you require additional assistance, contact us directly.

To contact Secure Computing Technical Support directly, telephone +1.800.700.8328 or +1.651.628.1500. To inquire about obtaining a support contract, refer to our Contact Secure Web page for the latest information at www.securecomputing.com. To use our web support site, point your browser to: support.securecomputing.com. This site allows you to submit support issues, and to monitor, edit, and set the severity of issues 24 hours a day. To use the Secure KnowledgeBase, go to www.securecomputing.com/goto/kb. Enter your company ID.

Customer Advocate information


To suggest enhancements in a product or service, or to request assistance in resolving a problem, please contact a Customer Advocate at +1.877.851.9080. If you prefer, send an e-mail to customer_advocate@securecomputing.com. If you have comments or suggestions you would like to make regarding this document or any other Secure Computing document, please send an e-mail to techpubs@securecomputing.com.

Publishing History
Date January 2008 Part number IROP-MN-STUP-67-B Software release IronMail 6.7.x

iii

iv

CONTENTS

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .vii
Welcome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Who should read this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Where to find more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

CHAPTER 1

Appliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Shipment contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Setting up the hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 General safety notes on IronMail appliances . . . . . . . . . . . . . . . . . . . . 2 Uninterruptible power supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Attaching keyboard, mouse, and monitor . . . . . . . . . . . . . . . . . . . . . . . 5

CHAPTER 2

Planning your setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7


Planning IronMail setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Pre-installation checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Network configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 DNS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Internal mail server configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Network firewall configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

CHAPTER 3

Setting Up IronMail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17


Connect to the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Initial configuration wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

CHAPTER 4

SmartStart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
What is SmartStart? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 The SmartStart Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Navigation tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Running SmartStart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Screen 1: Network Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Screen 2: Software license agreement . . . . . . . . . . . . . . . . . . . . . . . 28 Screen 3: Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Screen 4: Software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Screen 5: Other updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Screen 6: Domain mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Screen 7: Internal Server List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Screen 8: Allow Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Screen 9: Change password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
v

Table of Contents

Screen 10: Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Screen 11: IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Screen 12: Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Screen 13: User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Screen 14 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Screen 15: Finish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Finishing SmartStart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

36 37 37 38 39 39 40

APPENDIX A

Setting up IronMail via the CLI . . . . . . . . . . . . . . . . . . . . . . . . 41


CLI setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Running the CLI wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

vi

PREFACE

Welcome

This guide will lead you through the planning and initial setup process for your IronMail appliance. It also covers basic post-installation tasks for integrating the new appliance into your network. This guide is intended for anyone assigned to initially set up an IronMail appliance. It assumes you are familiar with networks and network terminology. You should also be familiar with the internet and its associated terms and applications. Please take a few minutes to become acquainted with the documentation. You can find additional information in the following documents:
Table 1: Summary of IronMail documentation Document IronMail Setup Guide IronMail Administration Guide Online Help Description Leads you through the initial appliance configuration. Complete administration information on all appliance functions and features. You should read this guide if you are responsible for configuring and managing one or more IronMails. Online help is built into the IronMail software. It provides help for each window in the GUI.
Note: If you are using a browser with a pop-up blocker turned on, you must allow blocked content to take advantage of the table of contents included in online help.

Who should read this guide

Where to find more information

Read Me First

Provides basic information about your appliance as you unpack it. It also provides necessary information about the licenses retrieval process, support plans available, and professional services.

More...

vii

Preface

Table 1: Summary of IronMail documentation Document Product Information Update Port Identification Guide Knowledge Base Description Provides general information about the IronMail models and the associated data from the equipment manufacturers. Identifies internal and external network ports on your IronMail appliance. Supplemental information for all other IronMail documentation. Articles include helpful tips and commands.
Important: All manuals, application notes and release notes are also posted here.

The knowledge base is located at www.securecomputing.com/goto/kb.

viii

CHAPTER

Appliance Information

In this chapter...
Shipment contents............................................................................2 Setting up the hardware ...................................................................2 General safety notes on IronMail appliances ..............................2 Uninterruptible power supply .......................................................4 Attaching keyboard, mouse, and monitor ....................................5

Chapter 1: Appliance Information Shipment contents

Shipment contents

Before you configure your IronMail messaging gateway security appliance, ensure that you have received all IronMail components.

IronMail media

IronMail Setup Guide Read Me First Port Identification Guide Product Information Update

Hardware components
Your hardware platform (models vary), pre-loaded with IronMail software Power cord(s) Rack mount kit

You will use the following items during the setup process: IronMail Setup Guide Hardware and power cord(s) Rack mount kit (optional)

Important: Specific port information you will need during setup is found in the Port Identification Guide.

Setting up the hardware

See the information provided, such as a rack installation guide, for instructions about rack mounting and installing your hardware. You will also want to review the Port Identification Guide included with your appliance for information about the network connections you must make.

General safety notes on IronMail appliances


2

There are no user-serviceable components inside the appliance. Opening IronMails chassis will void the service agreement. Adequate spacing above, below, and behind the IronMail appliance should be provided to allow proper airflow, and to prevent excessive heat build-up. Use only the mounting kits provided with IronMail appliances when installing IronMail, as improper mounting may result in hardware failure and hazardous conditions. Do not block any air vents; usually 15 cm (6 inches) of air space provides proper airflow. Plan the device installation starting from the bottom of the rack cabinet and

Chapter 1: Appliance Information Setting up the hardware

install the heaviest device in the bottom of the rack.

Do not extend more than one device out of the rack cabinet at the same timeextending two or more devices simultaneously may cause the rack to become unstable. Remove the rack doors and side panels to provide easier access during installation Connect the server to a properly grounded outlet. Do not overload the power outlet when installing multiple devices in the rack cabinet. Follow accepted electrical and general safety precautions when installing any IronMail.

Rack precautions

Ensure that the leveling jacks on the bottom of the rack are fully extended to the floor with the full weight of the rack resting on them. In a single rack installation, stabilizers should be attached to the rack. In multiple rack installations, the racks should be coupled together. Always make sure the rack is stable before extending a component from the rack.

Server precautions

Determine the placement of each component in the rack before installing the rails. Install the heaviest server components on the bottom of the rack first, and then work up. Use a regulating uninterruptible power supply (UPS) to protect the server from power surges and voltage spikes, and to keep the system operating in case of a power failure. Allow the power supply units to cool before touching them. Always keep the rack's front door and all panels and components on the servers closed when not servicing in order to maintain proper cooling.

Lifting and weight precautions

Use safe practices when lifting. For lifting objects with the following weights use the designated number of people: For objects weighing more than or equal to18 kg (39.7 lb) use two people to lift the object. For objects weighing more than or equal to 32 kg (70.5 lb) use three people to lift the object.

Chapter 1: Appliance Information Setting up the hardware

For objects weighing more than or equal to 55 kg (121.2 lb) use four people to lift the object.

Do on place any object weighing more than 50 kg (110 lb) on top of rackmounted devices.

Uninterruptible power supply


IronMail should only be used in conjunction with an Uninterruptible Power Supply (UPS). While many UPS devices are suitable for providing power, not all are able to gracefully shut down IronMail in an emergency loss of power. Many are incapable of interfacing with IronMails software. And worse, some are so incompatible they will shut down IronMail on their own, regardless of the presence or absence of adequate power! Therefore, Secure Computing encourages you to only connect the data cables for UPS models shown on the table on the following page which have been thoroughly tested for reliability and compatibility. If you use a UPS other than one shown in the following table, do not attach a data cable from the UPS to IronMails serial port (when the serial port is configured as a UPS interface).
Table 2: Recommended UPS models Manufacturer APC Model Family Matrix-UPS Smart-UPS Model Number MX3000 700 RM 2U 1000 RM 2U 420 620 700 PowerStack 450

Please contact Secure Computing product support at 800-700-8328 or send an email to support@securecomputing.com to confirm if your UPS has been tested since the publication of this Setup Guide.

Chapter 1: Appliance Information Setting up the hardware

Attaching keyboard, mouse, and monitor


IronMail accepts the connection of keyboard, mouse, and monitor allowing you to connect to the appliance directly (in addition to, or in lieu of connecting through your local area network). Attach a monitor to the VGA port on the back of the appliance. Attach your keyboard to the PS-2 port on the back of the appliance, or to a USB port. Attach the mouse via one of the USB ports.
Important: The mouse and keyboard must be connected to the appliance before power is turned on.

You only have access to the command line interface when connected directly to the applianceyou do not have access to the graphical, browser-based Web Administration interface. The command line interface allows you to perform some of the functionality available in the Web Administration GUI, but more importantly, it allows you to restore the appliance to its factory default settings.

Chapter 1: Appliance Information Setting up the hardware

CHAPTER

Planning your setup

In this chapter...
Planning IronMail setup....................................................................8 Pre-installation checklist...................................................................8 Network configuration.......................................................................9 DNS configuration .......................................................................9 Internal mail server configuration ..............................................10 Network firewall configuration....................................................11

Chapter 2: Planning your setup Planning IronMail setup

Planning IronMail setup

The initial setup for IronMail includes two major components. You must set up the basic initialization, which will allow you to do further configuration later, and you must also perform essential setup for connectivity to the internet and to the mail network. Setup results in only the most basic configuration of IronMail. Once all initial setup is complete, you can perform the detailed configuration that prepares IronMail to protect your specific network.

Pre-installation checklist

IronMail uses a simple wizard to set the initial values required for it to become minimally functional. Before you run the wizard, obtain the information requested in the form below. Your network administrator should be able to assist you in determining the network information. Use the checklist below to identify and collect the information you will need for the actual setup.

Do you understand the license retrieval process as it applies to your IronMail? The process is outlined in the Read Me First document that came with your Ironmail. What is the host name for this appliance? ______________________________________________________ What is the domain name for the domain to which this appliance belongs? ______________________________________________________ What is the IP address for this appliance? _______________________________________________________ What is the Subnet Mask for this appliance? ______________________________________________________ What is the Default Router the appliance will use? ______________________________________________________ What is the Ethernet setting you want this appliance to use? ______________________________________________________ Specify the IP Address of at least one of your DNS Servers (this appliance must be able to connect to it). ______________________________________________________ Provide the fully qualified domain names of up to three Network Time Protocol servers (IronMail identifies three servers by default). ______________________________________________________ 8

Chapter 2: Planning your setup Network configuration

What is the time zone where this appliance will be installed? Specify the appliances time zone by selecting from the pick list the city nearest the appliance (the selected city must be in the same time zone as IronMail). ______________________________________________________ Caution: Verify all the information in the checklist with your Network Administrator prior to running the appliances Initial Configuration Wizard or initiating CLI configuration.

Network configuration

In addition to setting up the IronMail appliance itself, you must also ensure IronMail is properly configured to communicate securely on your network.

DNS configuration
Domain Name Service (DNS) is an exceedingly complex subject, and there is no standard way in which it is implemented. In simple terms, DNS allows multiple servers to appear as if the have the same host name. In addition to the DNS servers MX, A, PTR and other records, some networks use Network Address Tables (NAT) to map servers internally. However you implement DNS, you must at least do the following:

You must create MX, A and PTR records for the IronMail appliance, and You must give IronMail a lower preference number than your mail servers MX record.

This will allow all mail addressed to your domain to be routed to the IronMail appliance, and allow all other servers to perform DNS lookups and reverse lookups on IronMail. Name the DNS Server during the initial configuration of IronMail. The preference or priority is set after the initial setup, as a System function for configuring IronMail. The most common use of DNS is to perform forward lookup (resolving a fully qualified domain name, such as servername.yourdomain.com, with a valid IP address such as 63.168.166.231). DNS is also capable of reverse lookup (resolving an IP address to a fully qualified domain name). The reverse lookup may also be used to detect (and reject) certain kinds of address spoofing used by hackers. Most Internet email servers use both of these features. For a reverse lookup to work, you must publish a reverse zone (e.g., 166.168.63.in-addr.arpa) that contains PTR records mapping IP addresses onto node names. You must create a reverse zone, with your IP address in reverse octet order, followed by the text string in-addr.arpa. For example, the forward zone is yourdomain.com and the reverse zone is 166.168.63.inaddr.arpa.

Chapter 2: Planning your setup Network configuration

You can check whether reverse lookup is working using the nslookup command. Using nslookup on an IP address with that switch (in-addr.arpa) will do a reverse lookup (IP-to-Host Name), and display the resolved name, as shown below:
su-2.04# nslookup 10.0.3.101 Server: pridocon.ctqa.net Address: 10.0.3.55 Name: im.ex.ctqa.net Address: 10.0.3.101

An example of a forward lookup (Host-Name-to-IP) follows:


su-2.04# nslookup im.ex.ctqa.net Server: pridocon.ctqa.net Address: 10.0.3.55 Name: im.ex.ctqa.net Address: 10.0.3.101

Internal mail server configuration


Configuration of your internal mail servers is very simple. Make IronMail the only IP address allowed to connect to your mail server, and re-direct your servers outbound mail flow to IronMail using a static route.

10

Chapter 2: Planning your setup Network configuration

Network firewall configuration


Your network administrator must assign an IP address, subnet mask, and host name for the IronMail appliance. (A host name yourname and domain name yourdomain.com results in the fully qualified domain name (FQDN) yourname.yourdomain.com.) The first time you connect to IronMail, you will be required to enter this and other information into its installation wizard. Establishing network connectivity may require the assistance of your network administrator. Based on your companys network design, IronMail may be connected to the corporate network either in a De-Militarized Zone (DMZ) or on the internal LAN. Once the physical connection has been established, some configuration of the network firewall and Domain Name Service (DNS) will be required.

Configuring the firewall


There are three main styles of firewalls: packet filter-types (routers with ACLs), application proxy-types (e.g., Raptor and TIS Gauntlet), and stateful inspection-types (e.g., CheckPoint and Cisco PIX). It is important to understand most application proxy firewalls do not support SMTP over SSL (i.e. the SMTPS protocol). If your firewall is an application proxy-type that does not support SSL, IronMail will not be able to encrypt your mail. Both packet filter and stateful inspection firewalls, however, fully support SMTP over SSL if they are configured correctly. It is recommended that you place IronMail in a DMZ if your network supports it. If you do so, you must create rules to allow the protocols for outside world to IronMail, IronMail to outside world, IronMail to the internal mail server, and internal mail server to IronMail. There should be no open protocols from outside to inside (bypassing IronMail) when using a DMZ configuration. The following diagram and table describe the ports you must open in your firewall to allow IronMail to function correctly:

11

Chapter 2: Planning your setup Network configuration

Figure 1: Firewall routing rules, DMZ

A key advantage to the DMZ configuration is that IronMail's analysis of incoming messages is performed before the messages actually penetrate the firewall. IronMail sends its output back to the firewall before it is allowed inside the system. With a non-DMZ placement, incoming messages are inside the firewall before IronMail scans them.
Table 3: IronMail to the internet Port Port 25 Port 123 Port 53 TCP/UDP TCP TCP/UDP TCP/UDP Protocol SMTP NTP DNS Description Required for mail reception Required if using Network Time Protocol Optional for an IronMail (if your DNS is outside the network, you must open the port allowing IronMail to connect to it). Random high port with destination UDP 6277. Required for IronMail to request software/anti-virus updates

Port 6277 Port 20022

UDP TCP

SLS Secure Computing

12

Chapter 2: Planning your setup Network configuration

Table 4: Internet to IronMail Port Port 25 Port 80 Port 110 Port 143 Port 443 Port 465 Port 993 TCP/UDP TCP TCP TCP TCP TCP TCP TCP Protocol SMTP HTTP POP3 IMAP4 HTTPS SMTPS IMAP4S Description Required for mail reception Optional for Web Delivery (secure HTTPS on port 443 is preferred) Optional (secure POP3S on port 995 is preferred) Optional (secure IMAPS on port 993 is preferred) Optional for Web Delivery (for secure HTTPS proxying) Optional for secure incoming messages Optional (this is the preferred port to securely retrieve mail via IMAP4) Optional (you should open port 995 for secure POP3S instead) Required for IronMails Statistical Lookup Service spam-blocking tool.

Port 995 Random High Ports that originate from Port 6277 Port 20022

TCP UDP

POP3S SLS

TCP

Secure Computing

Optional (allows Secure Computing to connect to your IronMail for Technical Support)

13

Chapter 2: Planning your setup Network configuration

Table 5: IronMail to the internal network Port Port 25 Port 53 TCP/UDP TCP TCP/UDP Protocol SMTP DNS Description Required for mail delivery Optional for an IronMail (if your DNS is outside the network, you must open the port allowing IronMail to connect to it). Optional for Web Delivery (you should open secure port 443 for HTTPS instead) Optional (you should open port 995 for secure POP3S instead) Optional (you should open secure port 993 for IMAP4S instead) Optional for Web Delivery (for secure HTTPS proxying) Optional for LDAP Optional for LDAP Optional (this is the preferred port to securely retrieve mail via IMAP4S) Optional (this is the preferred port to securely retrieve mail via POP3S)

Port 80

TCP

HTTP

Port 110 Port 143 Port 443 Port 389 Port 3268 Port 993

TCP TCP TCP TCP TCP TCP

POP3 IMAP4 HTTPS HTTP HTTPS IMAP4S

Port 995

TCP

POP3S

Table 6: Internal mail server to IronMail Port Port 22 TCP/UDP TCP Protocol Command Line Interface Description Optional (only if you want to access the command line interface from inside the network) Required for mail delivery Allows Quarantine Release Required (this is the port used to connect to IronMails WebAdmin interface)

Port 25 Port 443 Port 10443

TCP TCP TCP

SMTP HTTP HTTPS

14

Chapter 2: Planning your setup Network configuration

If you do not have a DMZ, it is safe to install the IronMail appliance on your internal network because its hardened face and built-in firewall features protect it. If you install IronMail inside the network, simply open the necessary port holes in the firewall. Ensure that your firewalls port settings match the previous table.
Figure 2: Firewall routing rules, no DMZ

Most mail servers use only ports 25, 110, and 143 for sending and retrieving email. However, email transmitted through these ports is unsecuredattackers can read or intercept email sent this way. We recommend that you open the secure ports instead: 995 for POP3S and 993 for IMAP4S to force external users to retrieve their mail via SSL. (IronMail provides the ability to send mail securely on port 25.) IronMail has a standard configuration for Maximum Transmission Unit (the maximum size for a single packet that may be transferred by the email system) of 1,500 bytes. If your system requires a maximum other than the standard MTU configuration, a custom configuration can be accomplished by Secure Computing's Customer Service group.

15

Chapter 2: Planning your setup Network configuration

16

CHAPTER

Setting Up IronMail

In this chapter...
Connect to the appliance................................................................18 Initial configuration wizard ..............................................................19

17

Chapter 3: Setting Up IronMail Connect to the appliance

Connect to the appliance

IronMail ships with a pre-installed, unsigned Security Certificate. IronMail only allows administrative sessions with it over a secure SSL (https) connection, for which a Security Certificate is required. The default Security Certificate is adequate for creating these secure connections from your browser to the IronMail appliance, but is not adequate for providing SSL security for your email infrastructure. Until you install a valid Security Certificate from a Certificate Authority, your browser will display a Security Alert each time you logon to the appliance. Clicking Yes at the prompt allows you to proceed. You must connect to the appliance to enter some preliminary values in an Initial Configuration Wizard in order to make the appliance initially functional. Use a client workstation (any Windows PC) as IronMails front end. There are three ways you can connect to the appliance:

Use a network cross-over cable to physically connect a PC workstation to IronMail. (The cable plugs into the network port on each device.) Install IronMail in your existing network, but set a PC workstations netmask to match IronMails default IP address and netmask. Attach a keyboard and monitor to the appliance, which allows you to use the IronMail as a console. You will have access only to the command line interface with this option. Information about attaching a keyboard and monitor is available in Chapter 1 of this guide.

Caution: The keyboard and monitor must be attached before the appliance is powered up.

For either type of connection, the client workstation must temporarily change its IP address and netmask to match IronMails default values (IP Address: 192.168.0.254, Netmask: 255.255.255.0). That is, change your workstation IP address to 192.168.0.xxx, and the netmask to 255.255.255.0 (where xxx is any number between 0-253). If you have not already done so, power up the IronMail appliance. Note: You can also run the wizard from the command line, if you wish. See
Appendix A for instructions about this option.

18

Chapter 3: Setting Up IronMail Initial configuration wizard

Initial configuration wizard

To run the configuration wizard, do the following:

1 Launch Internet Explorer on the client workstation and navigate to IronMails built-in default IP address: https://192.168.0.254
You must add the letter s after http. The opening window for the Installation Wizard displays. This window will remind you about the information you will need to complete the wizard.

Figure 3: Opening wizard window

Click Next to begin the installation process.

2 The next window to appear is the domain name window. Enter the Fully Qualified Domain Name and the Domain Name for this IronMail appliance.
Figure 4: Domain window

Click Next to continue.

3 Specify the IP address, the netmask, the default router and the Ethernet setting for your IronMail.
Figure 5: IP address window

Click Next to continue.

19

Chapter 3: Setting Up IronMail Initial configuration wizard

4 Select the time zone location (city) that best represents your location. You may also enter the IP addresses or Fully Qualified Domain Names for up to three Network Time Protocol (NTP) servers.
As an additional option, you may also set the time manually, instead of using synchronization.
Figure 6: Time zone window

Click Next to continue.

5 Enter the IP addresses of one or more Domain Name System Servers that will be clients of this appliance.
Figure 7: Domain Name server window

Click Next to continue.

6 Select the language you want to install on this appliance by selecting it from the drop down list. Select the character set for encoding messages from the lower drop down list.
Figure 8: Selecting a language and character set

Click Next to continue.

20

Chapter 3: Setting Up IronMail Initial configuration wizard

7 The next window presents a listing of all the information you have provided during the set-up process. Review each item carefully to ensure accuracy. if you find you need to change anything, use the Back button at the bottom of your window to retrace your steps.
Caution: If you inadvertently enter the IP address incorrectly and fail to print this page showing the appliance's dot-decimal number, you will be unable to log onto IronMail when you later browse to what you thought was the correct address. Log onto IronMail via attached keyboard and command line interface to reset the appliance to its default factory settings. Figure 9: Final review

When you are certain the information is correct, click Finish. Your appliance will reboot at this point. The window will display a message to remind you of that fact.
Caution: Wait at least five minutes before you take any other action. Be patient! Figure 10: Reboot warning

21

Chapter 3: Setting Up IronMail Initial configuration wizard

When the restart process has had time to finish, you may log onto the appliance. Using your network browser, go to the IP address for the appliance and log in. The address is changed to https://ironmail.yourdomain.com:10443 Your default login credentials are:


Figure 11: IronMail login window

user name - admin password - password

IronMail's opening SmartStart window will display, allowing you to continue with best practices configuration.

22

CHAPTER

SmartStart

In this chapter...
What is SmartStart? .......................................................................24 The SmartStart Screen ..............................................................25 Navigation tips ...........................................................................26 Running SmartStart ........................................................................27 Screen 1: Network Connectivity ................................................27 Screen 2: Software license agreement......................................28 Screen 3: Licenses ....................................................................29 Screen 4: Software updates ......................................................30 Screen 5: Other updates ...........................................................31 Screen 6: Domain mapping .......................................................32 Screen 7: Internal Server List ....................................................33 Screen 8: Allow Relay ...............................................................34 Screen 9: Change password .....................................................36 Screen 10: Routing....................................................................36 Screen 11: IP addresses ...........................................................37 Screen 12: Reports....................................................................37 Screen 13: User accounts .........................................................38 Screen 14 Ports .........................................................................39 Screen 15: Finish.......................................................................39 Finishing SmartStart .......................................................................40

23

Chapter 4: SmartStart What is SmartStart?

What is SmartStart?

The concept of a best practice configuration is derived from Secure Computings desire to streamline the process of preparing the IronMail appliance for effective operation. SmartStart offers the means to do precisely that. The purpose for SmartStart is to provide the ability to install best practices IronMail configurations at the time of initial appliance installation and setup. It allows you to install the current software upgrades, current Anti-Virus upgrades, the Pre-Configuration package, the current Threat Response Update (TRU), and several other common configuration entries. You will complete the initial IronMail setup and installation as usual, applying the standard Installation Wizard, as explained in the previous chapter. Then, at your initial login, the initial SmartStart window displays. Using your network browser, go to the IP address for the appliance and log in. The address is changed to https://ironmail.yourdomain.com:10443 Your default login credentials are:

user name - admin password - password

Unless the SmartStart installation is interrupted, subsequent logons will bypass SmartStart and take the user directly to the Dashboard, as discussed in the IronMail Administration Guide.

24

Chapter 4: SmartStart What is SmartStart?

The SmartStart Screen


As illustrated in the window shots that follow, SmartStart windows are divided into three sections.

Left side menu


When you first access SmartStart, a limited selection menu appears to the left of your window. You can this menu to select the portions of SmartStart you wish to apply. However, using the navigation buttons on each window is preferred. Screen 1, the Network Connectivity check, is the opening window, since connectivity is required for some of the other steps.

Upper Right: SmartStart information


The upper portion of the window, as seen below, extending across the window except for the left menu area, contains informative text about the window you are currently viewing. It may provide instructions and other important information about the step you are about to complete.
Figure 11: SmartStart example, upper right

25

Chapter 4: SmartStart What is SmartStart?

Lower Right: Configuration windows


The lower portion of all SmartStart windows, like the sample below, will contain the actual IronMail configuration windows required to complete the specific step you are applying.
Figure 12: SmartStart example, lower right

Navigation tips
Complete SmartStart installation requires completing the actions on 15 windows. It is important to remember a few basic rules for navigating SmartStart.

You can navigate through the SmartStart windows using the navigation buttons on each window. When you finish one window, you can go to the next by clicking the appropriate button. If you need to leave the SmartStart Wizard before you have completed work with all windows, you must leave by clicking Log Out at the top of the window. The next time you log in, IronMail will return you to the SmartStart window from which you logged out. Since some SmartStart steps need to be done in a specific order, please read the instructions on each window before you apply it.

26

Chapter 4: SmartStart Running SmartStart

Running SmartStart

To access SmartStart as part of the initial installation and setup of the IronMail, simply log into IronMail the first time (using the Admin user account). Screen 1 of the SmartStart process opens.

Screen 1: Network Connectivity


The initial window is designed to welcome the user, give basic SmartStart instruction, and test for Network Connectivity.
Figure 13: Connectivity check

This step tests the connectivity between your IronMail appliance and the Secure Computing update infrastructure. Connectivity is required in order to use the SmartStart feature for configuring your IronMail. You will use the update infrastructure in some of the following steps to update the version of software installed on your appliance, to download the latest best practices Pre-Configuration or Threat Response Update packages, and to install the most current Anti-Virus engine updates and virus signatures. When you have tested your network connectivity, go to the next window by clicking Next or by clicking that windows link in the left menu.

27

Chapter 4: SmartStart Running SmartStart

Screen 2: Software license agreement


Review Secure Computings Software License Agreement, then either accept it or reject it.
Figure 14: Review and accept the license agreement

After you have accepted the license agreement, you may proceed to the next window by clicking Next or clicking that windows link in the left menu. At this point, the left menu will expand to show all the available features licensed on your IronMail.

28

Chapter 4: SmartStart Running SmartStart

Screen 3: Licenses
Review the current feature licenses for your appliance. If you have any issues with your licenses, you can retrieve them by following the instructions on the window.
Figure 15: Review feature licenses

When you have reviewed the installed licenses, click Next.


Important: If your appliance is in an environment that does not allow access to the Secure Computing servers, you can request licenses through Support. You can call Support at 1.800.700.8328.

29

Chapter 4: SmartStart Running SmartStart

Screen 4: Software updates


This window allows you to access and install the latest software update package for your version of the IronMail appliance software, if any are available.
Figure 16: Software updates

After you have selected an update on the window at the bottom of the SmartStart page, select the command on that window to receive the update. The following progress notification will appear (this also applies to other updates, below.
Figure 17: Progress message

When you have finished, continue to the next window by clicking Next.

30

Chapter 4: SmartStart Running SmartStart

Screen 5: Other updates


This window allows you to access and install the latest Anti-Virus engines and virus signatures for your version of the IronMail appliance software.
Figure 18: Other updates

After you deploy the IronMail appliance, you will automatically receive new updates as they become available. Connectivity is required for this step. Note: Anti-Virus protection is a licensed feature for your IronMail appliance. If you
have not licensed this protection, please contact Secure Computing Support. Important: You should update Anti-Virus protection or TRU packages only after upgrading to the most recent version of the IronMail appliance software package that is appropriate to your version.

After you have set up the updates on the window at the bottom of the SmartStart page, you may proceed to the next window by clicking Next.

31

Chapter 4: SmartStart Running SmartStart

Screen 6: Domain mapping


Configure SMTP routes for any additional internal (inbound) domains or external (outbound) domains you will need in order to route mail properly in your environment.
Figure 19: Mapping domains

You may add a mapping domain if you so desire by selecting Add New. The following window opens. Note: You are required to map at least one entry or domain.
Figure 20: Adding a new domain

32

Chapter 4: SmartStart Running SmartStart

Provide the information needed to define the new domain, then click Submit. The window will refresh. Continue to the next window by clicking Next.

Screen 7: Internal Server List


This window allows you to add additional servers to your internal server list.
Figure 21: Configuring internal servers
If

If you wish to add an internal server, click Add New. The configuration window will open.
Figure 22: Adding a new server

Provide the information required to configure the new server, then click Submit. Your window will refresh.

33

Chapter 4: SmartStart Running SmartStart

Figure 23: Internal servers updated

Continue to the next window by clicking Next.

Screen 8: Allow Relay


This window allows you to add servers to your Allow Relay List.
Figure 24: Allow relay list
Y

34

Chapter 4: SmartStart Running SmartStart

You can add a new subnet by clicking Add New. The configuration window will display.
Figure 25: Adding a new subnet

Enter information about the subnet, then click Submit. Your window will refresh.
Figure 26: Allow relay list updated

Allow Relay is the list of servers that are allowed to send e-mail to your IronMail appliance for any destination domain. To continue, click Next.

35

Chapter 4: SmartStart Running SmartStart

Screen 9: Change password


Change the password assigned to the Administrator account.
Figure 27: Changing password

To continue, click Next.

Screen 10: Routing


This window allows you to configure additional static network routes for this appliance. You may prefer to bypass this configuration for now, since you have already defined a default router.
Figure 28: Configuring routers

To continue, click Next.

36

Chapter 4: SmartStart Running SmartStart

Screen 11: IP addresses


On this window, you can add new IP addresses for your system. You may prefer to defer this configuration until later, since you have already defined a primary IP address.
Figure 29: Managing IP addresses

To continue, click Next.

Screen 12: Reports


This window allows you to configure the reporting features for your IronMail appliance. You may configure both reports and alerts, and specify the hostname where they are to be stored and the email addresses of those who will receive them. You may prefer to defer this configuration for now.
Figure 30: Reports

To continue, click Next.

37

Chapter 4: SmartStart Running SmartStart

Screen 13: User accounts


This window allows you to add new user accounts that may access the IronMail appliance, and to configure the roles (permissions) assigned to those accounts. The Admin account (user name admin, password password) already exists and cannot be deleted.
Figure 31: Creating accounts

If you wish to add another account, provide the required information, then click Add New. The window will refresh.
Figure 32: Account confirmation

To continue, click Next.

38

Chapter 4: SmartStart Running SmartStart

Screen 14 Ports
Configure the use of Serial port on your appliance, and specify the port that allows Support to access the appliance. CLI is the default usage setting.
Figure 33: Configuring the serial port

To continue, click Next.

Screen 15: Finish


You have now completed SmartStart configuration. Review the settings you have made on this window. If the configuration is correct, click Finish.
Figure 34: Finishing SmartStart

Note: If you exit SmartStart before completing all the steps, be sure to note the
steps you have completed and those that still remain. It may be to your advantage to complete SmartStart before you exit, to ensure nothing is forgotten.

39

Chapter 4: SmartStart Finishing SmartStart

Finishing SmartStart

If you have applied all the steps of SmartStart, your IronMail appliance is now configured for deployment, using best practices configuration. When you exit SmartStart by clicking the Finish button, you will close SmartStart and the appliance will reboot. You will then navigate to the IronMail login window.

Figure 35: IronMail login window

40

APPENDIX

Setting up IronMail via the CLI


In this chapter...
CLI setup ........................................................................................42 Running the CLI wizard ..................................................................42

41

Appendix A: Setting up IronMail via the CLI CLI setup

CLI setup

In addition to the standard network GUI Installation Wizard, a Command Line Interface (CLI) is also provided for experienced administrators who may wish to use the command line to install IronMail directly. After the initial CD portion of the install is complete, you can log into the console via the command line on the console or via telnet.

Running the CLI wizard


Figure 36: Initial CLI wizard screen

1 At the prompt on the console, enter the default username and password (Admin/password). 2 At the prompt, type wizard setup (without quotes) and press Enter. The following screen should appear.

Follow the on screen instructions for each screen. Note that there may be multiple actions required in different steps. These are shown in the following screens.
Figure 37: Step 1 of 7

42

Appendix A: Setting up IronMail via the CLI Running the CLI wizard

Figure 38: Step 2 of 7

Figure 39: Step 2 of 7 contd.

Figure 40: Step 2 of 7 contd.

43

Appendix A: Setting up IronMail via the CLI Running the CLI wizard

Figure 41: Step 3 of 7

Figure 42: Step 4 of 7

Figure 43: Step 5 of 7

44

Appendix A: Setting up IronMail via the CLI Running the CLI wizard

Figure 44: Step 5 of 7, contd.

Only one DNS server IP address is required. Press Enter to continue.


Figure 45: Step 6 of 7

Figure 46: Step 6 of 7 contd.

45

Appendix A: Setting up IronMail via the CLI Running the CLI wizard

Figure 47: Step 7 of 7

Note: These are SAMPLE entries. If you are satisfied with your specific entries, type n. The system will reboot.

46

Appendix A: Setting up IronMail via the CLI Running the CLI wizard

Figure 48: Step 7 of 7 contd.

47

your trusted source for enterprise security

TM

Web Gateway Comprehensive protection against malware, viruses, data leakage and Internet misuse, while ensuring policy enforcement, regulatory compliance, and a productive application environment. Messaging Gateway Inbound defense against spam, viruses, denial-of-service and intrusions; outbound protection against data leaks and policy violations. Network Gateway Worlds strongest firewall appliance contains the most comprehensive set of security solutions consolidated in one appliance and automatically discards huge volumes of unwanted traffic from known bad entities. Identity & Access Management Providing safe access to applications, data and resources through policy-driven security and strong authentication.

Secure Computing Corporation


Corporate Headquarters 4810 Harwood Road San Jose, Ca 95124 USA Tel +1.800.379.4944 Tel +1.408.979.6100 Fax +1.408.979.6501 European Headquarters 1, The Arena Downshire Way Bracknell Berkshire, RG12 1PU UK Tel +44.0.870.460.4766 Fax +44.0.870.460.4767 Asia/Pac Headquarters 1604-5 MLC Tower 248 Queens Road East Wan Chai, Hong Kong Tel +852.2520.2422 Fax +852.2587.1333 Japan Headquarters Level 15 JT Bldg. 2-2-1 Toranomen Minato-Ku Tokyo 105-0001 Japan Tel +81.3.5114.8224 Fax +81.3.5114.8226

IROP-MN-STUP-67-B

www.securecomputing.com
Trademarks

For more information visit us at:

2008 Secure Computing Corporation. All Rights Reserved. Secure Computing, SafeWord, Sidewinder, Sidewinder G2, Sidewinder G2 Firewall, SmartFilter, Type Enforcement, CipherTrust, IronMail, IronIM, SofToken, Enterprise Strong, Mobile Pass, G2 Firewall, PremierAccess, SecureSupport, SecureOS, Bess, Cyberguard, SnapGear, Total Stream Protection, Webwasher, Strikeback and Web Inspector are trademarks of Secure Computing Corporation, registered in the U.S. Patent and Trademark Office and in other countries. G2 Enterprise Manager, SmartReporter, SecurityReporter, Application Defenses, Central Management Control, RemoteAccess, SecureWire, TrustedSource, On-Box, Securing connections between people, applications and networks and Access Begins with Identity are trademarks of Secure Computing Corporation.

2008 Secure Computing Corporation. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Secure Computing Corporation.

You might also like