Upload
ds0909gmail
View
221
Download
0
Embed Size (px)
Citation preview
8/10/2019 Smg Getting Started Guide
1/50
Symantec Messaging
Gateway 10.5 Getting StartedGuide
powered by Brightmail
8/10/2019 Smg Getting Started Guide
2/50
Thesoftwaredescribed in this book is furnishedundera license agreementand maybe used
only in accordance with the terms of the agreement.
Documentation version: 10.5
PN: 21319173
Legal Notice
Copyright 2013 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required
to provide attribution to the third party (Third Party Programs). Some of the Third Party
Programs are available under opensource or free software licenses.The License Agreement
accompanying the Software does not alter any rights or obligations you may have underthose open source or freesoftware licenses. Please seethe Third Party Legal Notice Appendix
to this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THEDOCUMENTATIONIS PROVIDED"AS IS"ANDALLEXPRESSOR IMPLIEDCONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BELEGALLYINVALID. SYMANTECCORPORATION SHALL NOTBELIABLE FORINCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The LicensedSoftware and Documentation are deemed to be commercial computersoftware
as defined in FAR 12.212 andsubject to restricted rightsas defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance,display or disclosure of theLicensed Software and Documentation by theU.S.
Government shall be solely in accordance with the terms of this Agreement.
8/10/2019 Smg Getting Started Guide
3/50
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Printed in the United States of America.
10 9 8 7 6 5 4 3 2 1
http://www.symantec.com/http://www.symantec.com/8/10/2019 Smg Getting Started Guide
4/50
Technical Support
Symantec Technical Support maintains support centers globally. TechnicalSupports primary role is to respond to specific queries about product features
and functionality. The Technical Support group also creates content for our online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. Forexample, theTechnical Support group works withProduct Engineering
and Symantec Security Response to provide alerting services and virus definition
updates.
Symantecs support offerings include the following:
A range of support options that give you the flexibility to select the right
amount of service for any size organization Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
Upgrade assurance that delivers software upgrades
Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
Premium service offerings that include Account Management Services
For information about Symantecs support offerings, you can visit our website at
the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should beat the computer on whichthe problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
Product release level
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/8/10/2019 Smg Getting Started Guide
5/50
Hardware information
Available memory, disk space, and NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description:
Error messages and log files
Troubleshooting that was performed before contacting Symantec
Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registration or a license key, accessour technical
support Web page at the following URL:
www.symantec.com/business/support/
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
Questions regarding product licensing or serialization
Product registration updates, such as address or name changes
General product information (features, language availability, local dealers)
Latest information about product updates and upgrades
Information about upgrade assurance and support contracts
Information about the Symantec Buying Programs
Advice about Symantec's technical support options
Nontechnical presales questions
Issues that are related to CD-ROMs, DVDs, or manuals
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/8/10/2019 Smg Getting Started Guide
6/50
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
[email protected] and Japan
[email protected], Middle-East, and Africa
[email protected] America and Latin America
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]8/10/2019 Smg Getting Started Guide
7/50
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Chapter 1 Introducing Symantec Messaging Gateway . . . . . . . . . . . . . . . . . . . . 9
About Symantec Messaging Gateway.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
What's new in Symantec Messaging Gateway.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Where to get more information.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
About basic deployment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Chapter 2 Installing your appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
About installation configurations.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Installation checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
System requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 17
Setting up the appliance hardware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Starting the appliance software set up.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Specifying Ethernet interfaces.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Specifying a static IP address for routing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Specifying gateway and DNS IP addresses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Specifying the role for the appliance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Registering your license.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Troubleshooting license file registration.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Updating to the latest software during initial setup .. . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Configuring the Control Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Adding a Scanner through the Control Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Configuring the Scanner for inbound and outbound mail
filtering.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 30
Chapter 3 Deploying Symantec Messaging Gateway as a
Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35About Symantec Messaging Gateway Virtual Edition.. . . . . . . . . . . . . . . . . . . . . . . . . 35
Virtual software terminology.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Symantec Messaging Gateway support for VMware Tools. . . . . . . . . . . . . . 38
Symantec Messaging Gateway Support for Hyper-V Tools. . . . . . . . . . . . . 38
Installing Symantec Messaging Gateway on VMware.. . . . . . . . . . . . . . . . . . . . . . . . . 39
System requirements for virtual deployment on VMware.. . . . . . . . . . . . . 39
Contents
8/10/2019 Smg Getting Started Guide
8/50
Deploying an OVF template on an ESX 4.1 or ESXi 4.1/5.x
Server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 40
Installing from an ISO image or OS restore CD onto a virtual
machine on your ESX or ESXi Server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Using an OS restore CD on your ESX or ESXi Server to boot your
virtual computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Using an ISO image on your datastore to boot your ESX/ESXi
Server virtual computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Using an OS ISO image on your local computer to boot your
ESX/ESXi Server virtual computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Installing Symantec Messaging Gateway on Hyper-V.. . . . . . . . . . . . . . . . . . . . . . . . . 46
System requirements for virtual deployment on Microsoft
Hyper-V.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . 46
Installing from an ISO image or OS restore CD onto a virtual
machine on your Microsoft Hyper-V server.. . . . . . . . . . . . . . . . . . . . . . . . . .47Using an OS restore CD on your Microsoft Hyper-V Server to
boot your virtual computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Using an OS ISO image on your Hyper-V server to boot your
Microsoft Hyper-V Server virtual computer .. . . . . . . . . . . . . . . . . . . . . . . . 49
Contents8
8/10/2019 Smg Getting Started Guide
9/50
Introducing SymantecMessaging Gateway
This chapter includes the following topics:
About Symantec Messaging Gateway
What's new in Symantec Messaging Gateway
Where to get more information
About basic deployment
About Symantec Messaging GatewaySymantec Messaging Gateway offers enterprises a comprehensive gateway-based
message-security solution. Symantec Messaging Gateway delivers inbound and
outbound messaging security, real-time antispam and antivirus protection,
advanced content filtering, and data loss prevention in a single platform.
Symantec Messaging Gateway does the following to protect your environment:
Detects spam, denial-of-service attacks, and other inbound email threats
Leverages a global sender reputation and local sender reputation analysis to
reduce email infrastructure costs by restricting unwanted connections
Filtersemail to remove unwanted content,demonstrateregulatory compliance,and protect against intellectual property and data loss over email
Obtains visibilityinto messagingtrends and events with minimal administrative
burden
See Where to get more informationon page 11.
1Chapter
8/10/2019 Smg Getting Started Guide
10/50
What's new in Symantec Messaging GatewayTable 1-1lists Symantec Messaging Gateway's new and enhanced features.
Table 1-1 Symantec Messaging Gateway new features and enhanced features
DescriptionNew feature or
enhancement
Disarmis a newSymantec technology that detects andremoves
potentially malicious content from many common email
attachments, including Microsoft Office documents and Adobe
PDFs. Potentially malicious content types include macros,
scripts, Flash movies, and other exploitable content. Disarm
deconstructs the attachment, strips the exploitable content,
and reconstructs the document, preserving its visual fidelity.Youcan choosethe types of documents andtypesof potentially
malicious content to Disarm. You can also choose whether to
archive the original unaltered documents in case administrators
or end users need access to them
Disarm: detection and
removal of potentially
malicious content from
email attachments
Expanded URL reputation-based filtering blocks more spam,
malware and phishing messages. This release includes 70%
more threat URLs than the previous version of Symantec
Messaging Gateway. URLs are identified as threatening as a
result of back-end analysis of the destination website's content.
This increasein threat URLs represents a significant expansion
of Symantec Messaging Gateway's existing reputation-basedfiltering technologies.
Expanded URL
Reputation Filtering
In previous releases, messages and attachments that could not
be scanned were subject to a single unscannable disposition.
Allunscannablemessages had to be treated the same way, even
if they were unscannablefor very different reasons. Thisrelease
features more granular policies and verdicts, letting you take
different actions depending on the reasons why a message is
unscannable. New reports that focus on unscannable messages
make it easier to isolate and interpret statistical information
about unscannable mail and attachments.
The release also includes a policy that can be used to configure
actions for attachments that are unscannable by Disarm
technology.
New unscannable
functionality: more
granular malware and
content scanning
verdicts, and a new
Disarm policy
Introducing Symantec Messaging GatewayWhat's new in Symantec Messaging Gateway
10
8/10/2019 Smg Getting Started Guide
11/50
Table 1-1 Symantec Messaging Gateway new features and enhanced features
(continued)
DescriptionNew feature orenhancement
You can use LDAP sourcesto add Control Center administrators
and assign them to administrator-specific policy groups. You
can then configure administration policies and assign the
policies to groups. Existing administrators keep their
pre-upgrade privileges, which are mapped to five new default
administration policies. You can also create new policies based
on the defaults and apply them to individuals or groups.
End-user quarantine can now be enabled for specific groups. In
previous releases it was either enabled globally (for all users in
your directory data source) or completely disabled.
Administrators can also now switch views between their own
end-user quarantines and those of their users.Logins arebased
on a single set of LDAP credentials.
New ways to add and
manage Control Center
administrators using
LDAP sources
The option to enforce TLS encryption on inbound messages
from specific domains allows moresecure communication with
trusted partners and senders.
Enforce TLS encryption
for inbound mail
TLS-encrypted delivery to Symantec Data Loss Prevention
improves security for customers who have integrated it with
Symantec Messaging Gateway.
TLS-encrypted delivery
to Symantec Data Loss
Prevention
Outbound sender throttlingadds new control against outbound
spam attacks from compromised internal users.
Outbound sender
throttling
Support for Microsoft Hyper-V virtual environment provides a
new virtual deployment option in addition to the existing
VMware support. SeeSymantecMessagingGateway 10.5
Installation Guidefor information on deploying Symantec
Messaging Gateway in a Hyper-V virtual environment.
Support for Microsoft
Hyper-V
Where to get more informationThe following resources provide more information about your product:
Introducing Symantec Messaging GatewayWhere to get more information
8/10/2019 Smg Getting Started Guide
12/50
The Symantec Messaging Gateway documentation set
consists of the following manuals:
SymantecMessagingGatewayAdministrationGuide SymantecMessagingGateway Installation Guide
SymantecMessagingGatewayGetting Started Guide
SymantecMessagingGatewayCommandLineReference
Guide
SymantecMessagingGateway Release Notes
SymantecMessagingGateway SoftwareUpdate Notes
www.symantec.com/business/support/
documentation.jsp?language=englishview=
manualspid=53991
Documentation
Symantec Messaging Gateway includes a comprehensive
Help system that contains conceptual and procedural
information.
Product Help system
Visit the Symantec Web site for more information about
your product as follows:
www.symantec.com/enterprise/support
Provides accessto the technical support knowledge base,
newsgroups, contact information, downloads, and
mailing list subscriptions
https://licensing.symantec.com/acctmgmt/index.jsp
Provides information about registration, frequently
asked questions, how to respond to error messages, andhow to contact Symantec License Administration
www.symantec.com/business/index.jsp
Provides product news and updates
www.symantec.com/business/security_response/index.jsp
Provides you access to the virus encyclopedia, which
contains information about all known threats;
information about hoaxes; and access to white papers
about threats
Symantec Web site
About basic deploymentYou can use each appliance to perform a variety of functions. During the initial
setup, the installation wizard prompts you to choose the function that each
appliance will perform. Before you install the product, decide which functions to
assign your appliance. Contact a sales representative for additional help with
performance sizing.
Introducing Symantec Messaging GatewayAbout basic deployment
12
http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/enterprise/supporthttps://licensing.symantec.com/acctmgmt/index.jsphttp://www.symantec.com/business/index.jsphttp://www.symantec.com/business/security_response/index.jsphttp://www.symantec.com/business/security_response/index.jsphttp://www.symantec.com/business/index.jsphttps://licensing.symantec.com/acctmgmt/index.jsphttp://www.symantec.com/enterprise/supporthttp://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=539918/10/2019 Smg Getting Started Guide
13/50
The available functions are as follows:
A ControlCenter letsyou configureand manageall of the following
from a Web-based interface:
Email filtering
SMTP routing
System settings
Spam Quarantine
Suspect Virus Quarantine
Content filtering incident folders
All other functions
The Control Center provides information on the status of all of
the Symantec Messaging Gateway hosts in your environment,
including logs and reports.
You must configure one Control Center for your site. One Control
Center controls one or more Scanners.
Control Center
Scanners can perform all of the following tasks:
Perform filtering based on IP connections, such as Connection
Classification, Fastpass, and various sender groups
Filter email for viruses, spam, and noncompliant messages
You can configure multiple Scanners.
Scanner
Performsboth functions. Thisconfiguration is suitable for smaller
installations.
Control Center and
Scanner
Note:This documentation assumes that you will configure a single appliance as
both a Control Center and a Scanner, and that your Scanner will perform inbound
and outbound mail filtering. If your filtering requirements exceed this basic
scenario, refer to the SymantecMessagingGateway InstallationGuide.
Introducing Symantec Messaging GatewayAbout basic deployment
8/10/2019 Smg Getting Started Guide
14/50
Introducing Symantec Messaging GatewayAbout basic deployment
14
8/10/2019 Smg Getting Started Guide
15/50
Installing your appliance
This chapter includes the following topics:
About installation configurations
Installation checklist
System requirements
Setting up the appliance hardware
Starting the appliance software set up
Specifying Ethernet interfaces
Specifying a static IP address for routing
Specifying gateway and DNS IP addresses
Specifying the role for the appliance
Registering your license
Updating to the latest software during initial setup
Configuring the Control Center
Adding a Scanner through the Control Center
Configuring the Scanner for inbound and outbound mail filtering
About installation configurationsYou can install and run Symantec Messaging Gateway in several ways:
2Chapter
8/10/2019 Smg Getting Started Guide
16/50
Install and run a physical, Symantec-supplied appliance.Symantec Messaging
Gateway appliance
Install and run a virtual appliance, using your choice ofhardware.
See About Symantec Messaging Gateway Virtual Edition
on page 35.
Symantec MessagingGateway Virtual Edition
Install and run a combination of physical and virtual
components.
Mixed-mode
Installation checklistTable 2-1 describes the information to have on hand and the hardware to have in
place before you install Symantec Messaging Gateway.
Table 2-1 Installation checklist
DescriptionItem
Keyboardand VGAmonitoror through another computerthrough
a serial port. After initial setup, you can log into an appliance's
command line interface using SSH.
Console access to
appliance for initial
setup
The same license file can be used to license multiple appliances.Valid license file
The URL you use to access the appliance's Control Center Webinterface.
Hostname
A routable static IP address assigned to eth0 for inbound
email, and one of the following for outbound email:
Routable staticIP address assigned to eth1 (recommended)
Routable static virtual IP address
Separate port thatshares theone routable staticIP address
assigned to eth0
IP addresses assigned to eth0 or eth1 require a netmask IP
address anda gateway IP address. Refer to theScannerscenarios
to determine IP address requirements.
A static IP addresses
andone or twonetmask
and gateway IP
addresses
DNS is required to route email. You can use the Internet root
DNS servers or specify internal DNS servers.
Domain Name Servers
(DNS)
Internet or internal.NTP servers (optional)
Installing your applianceInstallation checklist
16
8/10/2019 Smg Getting Started Guide
17/50
Table 2-1 Installation checklist(continued)
DescriptionItem
Instead of using a direct connection, you can optionally specify
a proxy for registration, filters, and retrieval of virus definitions
using LiveUpdate.
Hostname, port, user
name, and passwordfor
proxy (optional)
If there are MTAs configured between your Scanners and the
Internet, on the Inbound Mail Filtering - Connections wizard
page, configure the Scanners to only accept email from the
upstream MTAs. If there is a firewall between any of your
appliances and the Internet, the firewall must be configured to
permit network traffic through certain ports.
IP addresses from
which to permit traffic
System requirementsTable 2-2lists the minimal system requirements.
Table 2-2 System requirements
RequirementItem
The Control Center supports the following browsers:
Microsoft Internet Explorer 9/8
Mozilla Firefox 13 or later
Chrome 19 or later
Web browsers
Symantec Messaging Gateway supports the following LDAP directory
types:
Windows 2008 Active Directory (both LDAP and Global Catalog)
Windows 2003 Active Directory (both LDAP and Global Catalog)
Sun Directory Server 7.0
Sun Directory Server 6.3
Sun Directory Server 6.0
Lotus Domino LDAP Server 8.5
Lotus Domino LDAP Server 8.0
Lotus Domino LDAP Server 7.0
OpenLDAP 2.4
OpenLDAP 2.3
Symantec Messaging Gateway is LDAP v.3 compliant and can be
configured to work with other directory server types.
LDAP
Installing your applianceSystem requirements
8/10/2019 Smg Getting Started Guide
18/50
Setting up the appliance hardwareBefore you can install and configure the appliance, you must first set up the
hardware.
To set up the appliance hardware
1 Unpack the appliance and either rack mount it or place it on a level surface.
2 Plug in AC power.
3 Plug in an Ethernet Cable to iDRAC port and enable DRAC. For moreinformation on iDRAC, see Dell Support.
4 Connect the appliance with one of the following methods:
Connect a keyboard and VGA monitor to the appliance.
Connect another computer to the appliance with the serial port.
Use a null modem cable with a DB9 connector and settings of 9600 bps,
8/N/1.
Connect to appliance through iDRAC console from a remote computer.
5 Connect an Ethernet cable to the Ethernet jack that is labeled 1 on the backpanel of the appliance, which corresponds to eth0.
To use the second Ethernet port for outbound traffic, connect a second cable
to the Ethernet jack that is labeled 2 on the back of the appliance and
corresponds to eth1.
See Starting the appliance software set upon page 18.
Starting the appliance software set upTo start the appliance software set up
1 Turn on the power.
2 Log on with the logon nameadminand the password symantec.
3 When you are prompted, type your new password twice.
4 When you are prompted, type a fully qualified domain name for this host.To avoid problems with message routing, this host name should not be your
mail domain, such as symantecexample.com.
For example, the name should be similar in form to:
host6.symantecexample.com
Installing your applianceSetting up the appliance hardware
18
8/10/2019 Smg Getting Started Guide
19/50
5 When you are prompted, type the correct time zone.
Type ? to see a list of time zones.
Press the space bar to scroll through the list or type Q to exit the list.
6 To continue installation, next you specify Ethernet interfaces.
See Specifying Ethernet interfaceson page 19.
To start up Symantec Messaging Gateway Virtual Edition on VMware Hypervisor
1 Access the VMware ESX server through the VMware vSphere client. You candownload thissoftware from VMware Web siteor directly from your appliance
if your VMware ESX server is configured for https access. Go to https://. Select linkDownloadvSphereClientand install the VMware
vSphere Client software. Log into your VMware ESX server through VMware
vSphere Client.
2 In VMware vSphere Client, right-click on SymantecMessagingGatewayvirtualmachine and select Poweron from the right-click menu.
3 In VMware vSphere Client, select the Symantec Messaging Gateway virtualmachine and then click on the console tab.
To start up Symantec Messaging Gateway Virtual Edition on Microsoft Hyper-V
Hypervisor
1 AccesstheMicrosoftHyper-V Serverthrough theMicrosoftHyper-V MicrosoftManagement Console. You can download this software from the Microsoft
Web site.2 In Microsoft Hyper-V Microsoft ManagementConsole, right-clickon Symantec
Messaging Gateway virtual machine and select Start from the right-click
menu.
3 In Microsoft Hyper-V Microsoft Management Console, select the SymantecMessaging Gateway virtual machine and then right-click and selectConnect.
After you set up the appliance hardware, begin the software set up process.
See Setting up the appliance hardwareon page 18.
Specifying Ethernet interfacesAfter you perform the initial steps of starting the appliance setup, the next step
is to configure the Ethernet interfaces.
See Starting the appliance software set upon page 18.
Installing your applianceSpecifying Ethernet interfaces
8/10/2019 Smg Getting Started Guide
20/50
To specify Ethernet interfaces
1 When you are prompted, type the IP address for the Ethernet interface thatis labeled 1 on the back of the appliance.
For example:
192.168.0.1
2 When you are prompted, type the subnet mask for Ethernet interface 1.
For example:
255.255.255.0
3 When you are prompted if you want to use the second Ethernet interface,
interface 2, type one of the following responses:
You want to use interface 2.YES
You do not want to use interface 2.
Skip to the next procedure.
See Specifying a static IP address for routing
on page 20.
NO
4 When you are prompted, type the IP address for Ethernet interface 2.
For example:
192.168.12.3
5 When you are prompted, type the subnet mask for Ethernet interface 2.
For example:
255.255.255.0
6 To continue installation, next you specify a static IP address for routing.
See
Specifying a static IP address for routing
on page 20.
Specifying a static IP address for routingAfter you set up the Ethernet interfaces, the next step in setting up your appliance
is to set up a static IP address for routing. You can set up multiple static IP
addresses or none at all.
Installing your applianceSpecifying a static IP address for routing
20
8/10/2019 Smg Getting Started Guide
21/50
See Specifying Ethernet interfaceson page 19.
To specify a static IP address static for routing
1 When you are prompted whether you want to add a static IP address forrouting, type one of the following responses:
You want to add a static IP address for routing.YES
You do not want to add a static IP address for routing.
Skip to the next procedure.
See Specifying gateway and DNS IP addresses
on page 21.
NO
2 When you are prompted, specify the IP address or CIDR block of thedestination host or network.
3 If you configure multiple Ethernet interfaces, you are prompted to specifythe Ethernet Interface number (either 1 or 2, the default is 1).
This setting is to force the route to be associated with the specified device.
4 When you are prompted whether you want to add another static IP address,type one of the following responses:
You want to add another static IP address.
Repeat steps2through3to add another static IP
address.
YES
You do not want to add another static IP address.
Skip to the next procedure.
See Specifying gateway and DNS IP addresses
on page 21.
NO
5 To continue installation, next you specify gateway and DNS IP addresses.
See Specifying gateway and DNS IP addresseson page 21.
Specifying gateway and DNS IP addressesAfter you configure the static IP address, specify the default gateway IP address
and the IP address of your DNS server. You can add up to three DNS server IP
addresses.
See Specifying a static IP address for routingon page 20.
Installing your applianceSpecifying gateway and DNS IP addresses
8/10/2019 Smg Getting Started Guide
22/50
To specify gateway and DNS settings
1 When you are prompted, type the IP address of the default gateway (defaultrouter).
2 When you are prompted, type the IP address of the DNS server.
3 When you are prompted if you want to enter another DNS server, type oneof the following responses:
You want to add an additional DNS server.
Type the IP address.
You can add up to three addresses.
YES
You do not want to an additional DNS server.
Skip to the next procedure.
See Specifying the role for the appliance on page22.
NO
4 To continue installation, next you specify the role for the appliance.
See Specifying the role for the applianceon page 22.
Specifying the role for the applianceAfter you have specified IP addresses for your default gateway and DNS servers,
specify the role for the appliance.
See Specifying gateway and DNS IP addresseson page 21.
The roles that you can choose are as follows:
Scanner only
Control Center only
Scanner and Control Center
To set the role for the appliance
1 When you are prompted, choose one of the following roles for this appliance:
Scanner only
Control Center only
Installing your applianceSpecifying the role for the appliance
22
8/10/2019 Smg Getting Started Guide
23/50
Scanner and Control Center
2 For Scanneronly, when prompted, type the IP address of the Control Center
that you intend to use to manage this Scanner.3 When you are prompted, type one of the following responses:
The summary information is correct.
Product setup is complete and the appliance restarts.
After the appliance restarts, you can register your
appliance.
See Registering your licenseon page 23.
YES
The summary information is not correct.
You return to the beginning of the process to makeyour changes.
See Starting the appliance software set up
on page 18.
NO
Registering your licenseTo register your license, you need the license file that Symantec provides you.
Place this file on the computer from which you access the Control Center. Each
time youadd a Scanner, you must confirmyour licenses or register again.However,
you can use the same license file for each Scanner.
Note:For your Scanners, ensure that your network is configured to permit
outbound connections to Symantec on port 443. Symantec Messaging Gateway
communicates with Symantec Security Response over a secure connection for
product registration and ongoing operations.
If you are performing the initial setup of your appliance, these steps appear in
the setup wizard after the appliance restarts.
See Specifying the role for the appliance
on page 22.
Installing your applianceRegistering your license
8/10/2019 Smg Getting Started Guide
24/50
To register your license
1 From a computer that can access your appliance, locate the appliance in abrowser.
The default logon address is as follows:
https://
whereis the host name that you designate for your appliance
during setup or the IP address.
To use HTTP, you must enable HTTP through the command line interface
and specify port 41080.
2 When the security alert message appears, accept the self-signed certificateto continue.
3 On the Control Center logon page, log on as user admin and use the password
that you specified set during initial setup.
4 On the End-UserLicenseAgreement page, click I acceptthe terms of thelicense agreement and click Next.
5 On the License InformationRegistration page, click Browse to locate yourlicense file.
6 Select your license file and clickOpen to return to the LicenseRegistrationpage.
7 If your Scanner uses a proxy serverfor communications withSymantec, click
ProxyServer.
8 To specify a proxy server, checkUseHTTPProxy and type the server hostname and port. If required, type the user name and password.
9 Click RegisterLicense.
If registration was successful, the LicenseRegistration Information page
returns.
See Troubleshooting license file registrationon page 25.
Registration may fail because of an inaccessible proxy, closed port 443, or an
expired, missing, or corrupt license file.
Installing your applianceRegistering your license
24
8/10/2019 Smg Getting Started Guide
25/50
10 If you have another license file for a different feature, repeat the process forregistering each license.
11 When all of the license files are successfully registered, click Next.
If your software is up-to-date, the setup wizard appears. Continue with the
installation process.
See Configuring the Control Centeron page 26.
If a software update is available, the SoftwareUpdate page appears.
See Updating to the latest software during initial setupon page 25.
Troubleshooting license file registration
If you have difficulty installing a licenseduring installation, the installation wizard
lets you troubleshoot the issue with the Traceroute utility or the Ping utility.
Troubleshooting license file registration
1 On the License Information Registration page, click Utilities.
2 In the Utility field, click the drop-down menu and select whether to useTraceroute or Ping, and then in the Hostnameor IPaddress field, type the
host name or IP address.
Make sure you can connect tohttps://register.brightmail.com.
3 Click Run.
The results appear in the Results text box.
4 Click Register License.
5 Complete registration.
See Registering your licenseon page 23.
Updating to the latest software during initial setupSymantec recommends that you apply the current software update after you
register the product, if one is available.
See Registering your licenseon page 23.
Installing your applianceUpdating to the latest software during initial setup
http://register.brightmail.com/http://register.brightmail.com/8/10/2019 Smg Getting Started Guide
26/50
Updating to the latest software during initial setup
1 On the SoftwareUpdate page, select any of the following options:
Lets you update your software later.Skip
Updates your software now.
After the update, thesetupwizard appears to help you
configure your appliance.
See Configuring the Control Centeron page 26.
Update
Returns you to the LicenseRegistrationpage.
See Registering your licenseon page 23.
Cancel
Back
2 When the software update finishes, do one of the following tasks:
Refresh your browser.
Close and re-open your browser to ensure that the cached versions of
graphics redisplay correctly.
3 To continue installation, next you configure the Host.
See Configuring the Control Centeron page 26.
See the SymantecMessagingGateway Administration Guidefor details on
Configuring Scanners.
Configuring the Control CenterAfter you register your license or after you complete the software update, the
AdministratorSettings page appears in the setup wizard.
See Registering your licenseon page 23.
See Updating to the latest software during initial setupon page 25.
Configure the Control Center before you configure any Scanners. If you specified
that this appliance is a Control Center and a Scanner, the wizard continues with
the Scanner setup after the Control Center setup finishes.
Installing your applianceConfiguring the Control Center
26
8/10/2019 Smg Getting Started Guide
27/50
To configure the Control Center
1 On theAdministrator Settingspage, type an email address for theadministrator.
2 Check ReceiveAlertNotifications to have Symantec Messaging Gatewaysend alert notifications to this address.
You can set up alert notifications for outbreaks, spam and virus filters,
message queues, disk space, SMTP authentication, directories, licenses,
software updates, and events. Events include scheduled task, service,
hardware, swap space, and UPS issues.
You can add additional administrators or modify this administrator's settings
in the Control Center later.
3 Click Next.
4 OntheTimeSettings page, to verify that the date that appears in theCurrentApplianceTime area is correct, select one of the following options:
The time is correct and you do not want to make
changes. This option is the default setting.
Donot changethe time
Youwant to manually changethe time. Type theproper
values in the Date and SetTime fields.
Settimemanually
You want touse NTP servers tomanagetime. Typethe
IP address for up to three NTP servers.
UseNTPservers
5 Click Next.
6 On the SystemLocale page, specify the locale that the appliance should usefor formatting numbers, dates, and times. This setting is the language and
regional formatting Symantec Messaging Gateway uses for messages.
7 Select a Quarantinefallbackencoding format.
Fallback encoding is the formatting that the product uses for quarantined
messages if the formatting that you specified in theSystemLocale field fails.
Installing your applianceConfiguring the Control Center
8/10/2019 Smg Getting Started Guide
28/50
8 ClickNext.
If your appliance has been set up as a Control Center and a Scanner, the
ScannerRole page appears, and you must define your Scanner role as
described in the following topics:
See Configuring the Scanner for inbound and outbound mail filtering
on page 30.
If you set up your appliance as a Control Center only, the SetupSummary
page lists your selected configuration options.
9 On the SetupSummary page, select any of the following options:
You are satisfied with the settings and do not want to
make changes. This option is the default setting.
Finish
You want to modify your settings.Back
Youwant to endthe setup without savingyourchanges.
You cannot use the appliance until you complete the
setup.
Cancel
10 If your Scanner is not on the Control Center, set up a Scanner on a separateappliance. You can do this task through the Control Center.
See Adding a Scanner through the Control Centeron page 28.
Adding a Scanner through the Control CenterYou must have Full Administration rights or Manage Settings modify rights to
add a Scanner.
Note:None of the settings that you specify throughout the wizard are final until
you click Finish at the end of the wizard.
To add a Scanner through the Control Center
1 On the Control Center, click Administration>Hosts > Configuration.2 If this Scanner is the first Scanner that you add, the AddScanner wizard
appears. Otherwise, on theHostConfiguration page under Reconfigurea
Scanner orControlCenterhost, click Add.
3 On theAddScannerWizardpage, click Next.
4 On the ScannerHostSettings page, do all of the following:
Installing your applianceAdding a Scanner through the Control Center
28
8/10/2019 Smg Getting Started Guide
29/50
In theHostdescriptionbox, type a description for the new Scanner.
In theHostnameorIPaddressbox, type the host name or IP address for
the new Scanner.
5 Click Next.
6 On the LicenseRegistration page, click Browse to locate your license file.
7 Select your license file and click Open to return to the LicenseRegistrationpage.
8 If your Scanner uses a proxy server for communicationswith Symantec, clickProxyServer.
9 To specify a proxy server, checkUseHTTPProxy and type the server hostname and port.
10 Click Register License.
If registration was successful, the LicenseRegistration page returns.
If the license registration fails, perform troubleshooting steps.
See Troubleshooting license file registrationon page 25.
11 If you have another license file for a different feature, repeat the process forregistering each license.
12 When all the license files are successfully registered, click Next.
If your software needs to be updated, the SoftwareUpdate page appears. If
not, proceed to step 14.
13 On the SoftwareUpdate page, select any of the following options:
Lets you update your software later.Skip
Updates your software now. After the update, the setup
wizard returns you to the TimeSettingspage.
Update
Returns you to the LicenseRegistrationpage.
See Registering your licenseon page 23.
Cancel
Installing your applianceAdding a Scanner through the Control Center
8/10/2019 Smg Getting Started Guide
30/50
14 OntheTimeSettingspage, verify whether thedatein theCurrentApplianceTime area is correct. Select one of the following options:
The time is correct and you do not want to makechanges. This option is the default setting.
Do not change the time
Youwant to manually changethe time. Type the proper
values in theDate and SetTime fields.
Set time manually
You want to use NTP serversto manage time. Click and
provide the IP address for up to three NTP servers.
Use NTP servers
15 To complete theAddScannerwizard, you must now configure the Scannerbased on its function.
See Configuring the Scanner for inbound and outbound mail filteringon page 30.
To configure the Scanner for inbound or outbound filtering only, see the
SymantecMessagingGateway InstallationGuide.
Configuring the Scanner for inbound and outboundmail filtering
You can configure the Scanner to perform both inbound mail filtering and
outbound mail filtering. Youcan use the same Ethernet interface for both inbound
mail filtering and outbound mail filtering. Or you can create a virtual IP address
to use for either inbound or outbound mail filtering.
To configure the Scanner for inbound and outbound mail filtering
1 On the ScannerRole page, click Inbound andOutboundmail filtering thenclick Next.
2 On the CreateOptionalVirtual IPAddress page, select one of the followingoptions:
You want to create a Virtual IP address.Yes
You do notwant to createa Virtual IP address. Proceed
to step 6.
No
3 Click Next.
Installing your applianceConfiguring the Scanner for inbound and outbound mail filtering
30
8/10/2019 Smg Getting Started Guide
31/50
4 On the CreateVirtual IPAddress page, do all of the following tasks:
Click to select the Ethernet interface.Ethernet
Type the IP address for the virtual server.IPaddress
Type the subnet mask IP address.Subnetmask
Type the network IP address.Network
Type the broadcast IP addressBroadcast
5 Click Next.
6 On the InboundMail Filteringpage, click InboundmailIPaddress to selectthe IP address to use for inbound mail filtering.
7 In the Inboundmail SMTPport field, type the port, and then click Next.
8 On the InboundMail Filtering - AcceptedHosts page, to specify the IPaddresses of the mail servers from which thisScanner should accept inbound
mail, select one of the following options:
Youwant your Scanner to acceptmail from all sources
or the Scanner is deployed at the gateway. For a
Scanner deployed at the Internet gateway, Symantec
recommends that you select this option to accept mail
from any MTA on the Internet.
All IP addresses
You want to restrict the domains from which your
Scanner accepts mail.Type IP addresses, CIDRranges,
or domains. If theScanner is deployed behindupstream
mail servers, specify the upstream mail servers.
Specific IP Addresses
9 Click Next.
Installing your applianceConfiguring the Scanner for inbound and outbound mail filtering
8/10/2019 Smg Getting Started Guide
32/50
10 On the LocalDomains page, check the addresses that you want to acceptinbound mail for in the LocalDomains list.
To modify the list, do any of the following tasks:
Type the address into the Domainoremail address
fieldforwhichto acceptinboundmail field, and click
Add.
For each domain address or email address that you
add, you can also specify whether messages should be
routed through a specific host and port. Add that
information to theOptionallyrouteto the following
destinationhostand Port fields.
To add an address
Check the address to remove and click Delete.To delete an address
Click Import, and then navigate to an existing file.To import a list of addresses
Check EnableMXLookup. If you enable MX lookup,
you must specify a host name, not an IP address.
For example, enable MX lookup if you configure
multiple downstreammail servers and useMX records
for email load balancing.
To route messages according
to the MX record for the
specified host name
11 Click Next.
12 On the OutboundMailFilteringpage, click the drop-down list to select theIP address to use for outbound mail filtering.
13 In the Outboundmail SMTPport field, type the port, and click Next.
14 On the OutboundMail Filtering - AcceptedHosts page, do one of thefollowing tasks:
Specify the internal host to which this Scanner should relay local domain
mail after filtering is complete. Thisserver is typically a downstream mail
server, such as your corporate mail server.
Check EnableMXLookup forthishost. If you enable MX lookup, specify
a host name instead of an IP address.
15 Click Next.
16 On the Mail Filtering-Mail Delivery page, type a host name or IP addressand port to specify how you want to relay local domain filtered mail.
17 Optionally, check EnableMXlookup for thishost.
Installing your applianceConfiguring the Scanner for inbound and outbound mail filtering
32
8/10/2019 Smg Getting Started Guide
33/50
18 On theMail Filtering - Non-localMail Delivery page, select one of thefollowing options to specify how you want to relay filtered mail:
You want to use MX Lookup to return thehosts for any domain.
Use default MX Lookup
You want to specify a new host. Type a
host name or IP address and port.
Symantec recommends that you check
EnableMXlookupforthis host if you
position the Scanner at the gateway. If
you choose this option, specify a host
name (not an IP address).
Define new host
You want to use an existing host. Select a
host from the drop-down list. If there is aseparate gateway MTA between the
Scanner and the Internet, provide that
MTA's host name or IP address and port.
Use an existing host
19 Click Next.
20 On the SetupSummary page, review your settings and select one of thefollowing options:
You are satisfied with the settings and want to save
them.
Finish
You want to modify your settings. Go back and revise
your settings.
Back
Youwant to cancelyourchanges without savingthem.Cancel
Installing your applianceConfiguring the Scanner for inbound and outbound mail filtering
8/10/2019 Smg Getting Started Guide
34/50
Installing your applianceConfiguring the Scanner for inbound and outbound mail filtering
34
8/10/2019 Smg Getting Started Guide
35/50
Deploying SymantecMessaging Gateway as a
Virtual MachineThis chapter includes the following topics:
About Symantec Messaging Gateway Virtual Edition
Installing Symantec Messaging Gateway on VMware
Installing Symantec Messaging Gateway on Hyper-V
About Symantec Messaging Gateway Virtual EditionUse Symantec Messaging Gateway Virtual Edition with VMware to create a
simulated computer environment (a virtual computer) on which to run Symantec
Messaging Gateway. The guest software is a complete operating system that
contains the Symantec Messaging Gateway Virtual Edition software. It runs in a
similar manner to the application as installed on a standalone hardware platform.
You can deploy the Symantec Messaging Gateway as a virtual appliance on your
existing VMware infrastructure in one of the following ways:
As an OVF on ESX 4.x and ESXi 5/4.x
See Deploying an OVF template on an ESX 4.1 or ESXi 4.1/5.x Server
on page 40.
Note:Symantec Messaging Gateway does not support a VHD for Microsoft
Hyper-V.
3Chapter
8/10/2019 Smg Getting Started Guide
36/50
As an ISO or OS restore CD
See Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Serveron page 42.
See Installing from an ISO image or OS restore CD onto a virtual machine onyour Microsoft Hyper-V serveron page 47.
The resources that are allocated to Symantec Messaging Gateway Virtual Edition
must meet the minimum requirements.
See System requirements for virtual deployment on VMwareon page 39.
See System requirements for virtual deployment on Microsoft Hyper-V
on page 46.
This documentation assumes the following:
Your environment has an existing VMware ESX, ESXi, or Hyper-V Server
deployment that is capable of deploying a 64-bit architecture.
You are familiar with administering virtual computers.
Your environment meets all prerequisite system requirements, including 64-bit
virtualization enabled in the BIOS of the host server.
For more information about VMware and to download trialware and prerequisite
applications, see the VMware Web site atwww.vmware.com.
For more information about Microsoft Hyper-V, see the Microsoft Web site at
www.microsoft.com.
See
Virtual software terminology
on page 36.
Virtual software terminology
Key terminology relating to virtual software is as follows:
A virtual computer is the software that insulates the
application stack from the physical hardware.
Virtual computer
Also known as Intel-VT.When enabled in the BIOS it allows
the CPU to support multiple operating systems including
64-bit architecture. On many Intel processors this setting
may be disabled in the BIOS and must be enabled prior toinstalling Symantec Messaging Gateway 10.5.
Note:AMD processors that support 64-bit architecture
usually have this setting enabled by default.
Intel Virtualization
Technology
Deploying Symantec Messaging Gateway as a Virtual MachineAbout Symantec Messaging Gateway Virtual Edition
36
http://www.vmware.com/http://www.microsoft.com/http://www.microsoft.com/http://www.vmware.com/8/10/2019 Smg Getting Started Guide
37/50
The host computer or operating system (OS) is the physical
hardware and primary OS upon which the guest
computer/OS run.
Host computer OS
The OS installed on the virtual computer. Symantec
Messaging Gateway Virtual Edition is the guest computer
and OS.
Guest computer OS
VMwareESX Serveris an enterprise-quality virtual machine
platform.
VMware ESX Server
VMware ESXi is an enterprise-quality virtual machine
platform similar to ESX but with a smaller code base.
VMware ESXi Server
A native hypervisor distributed by Microsoft that enables
platform virtualization on x86-64 systems.
Microsoft Hyper-V Server
A set of files in a VMware-specific format that contains an
image of a preconfigured virtual computer and Symantec
Messaging Gateway Virtual Edition. This image canbe used
to install a virtual computer on a host computer that runs
the VMware ESX Server or VMware ESXi Server.
Virtual computer Image
An image thatlets youinstallSymantec Messaging Gateway
onto a computer that runs VMware ESX Server or ESXi
Server.
ISO image or OS restore CD
A virtual machine that includes a set of software. For
example, an OVF template can include the Symantec
Messaging Gateway software.
OVF template
A virtual machine forMicrosoft Hyper-V that includes a set
of software.
Note:Symantec Messaging Gateway software is not
available as a VHD template.
VHD template
A desktop virtual machine platform that connects to a
VMware ESX Server or VMware ESXi server.
vSphere client
Extended console that is installed onto a Windows 7 PC or
Windows 2008 Server (32- or 64-bit) or System Center
Virtual Machine from which an administrator can manage
a Hyper-V server.
Microsoft Management
Consoles
See About Symantec Messaging Gateway Virtual Editionon page 35.
Deploying Symantec Messaging Gateway as a Virtual MachineAbout Symantec Messaging Gateway Virtual Edition
8/10/2019 Smg Getting Started Guide
38/50
Symantec Messaging Gateway support for VMware Tools
Symantec Messaging Gateway virtual appliances provide support for a limited
set of VMware Tools.Only the following tools are supported:
This tool loads automatically at virtual appliance boot time. No
action is required to activate this support.
Currently supports vmxnet 1 and 2.
Second-generation
vmxnet Virtual NIC
driver
This tool starts automatically during virtual appliance boot time.
No actionis required to activate this support.The vmtoolsddaemon
supports automatic turn off of the virtual appliance from the
vSphere4 Client dashboard. The vmtoolsddaemon alsosupports the
Guest Information Service.
vmtoolsd daemon
This tool enables transparent page sharing and reclaims unused
memoryfrom the guest OS. It also enables memory swapping of the
virtual machines.
vmmemctl
No other VMware Tools functionality is supported.
See About Symantec Messaging Gateway Virtual Editionon page 35.
Symantec Messaging Gateway Support for Hyper-V Tools
Symantec Messaging Gateway virtual appliances provide support for a limitedset of Hyper-V Tools.
Only the following tools are supported:
This tool provides support for the Hyper-V-specific (or "synthetic")
network adapter.
hv_netvsc
This tool provides support for all storage devices.hv_storvsc
This tool is the fast communication channel between the server
running Hyper-V and the virtual machine.
hv_vmbus
This tool provides integrated shutdown, key-value pair dataexchange, and heartbeat.
hv_utils
See About Symantec Messaging Gateway Virtual Editionon page 35.
Deploying Symantec Messaging Gateway as a Virtual MachineAbout Symantec Messaging Gateway Virtual Edition
38
8/10/2019 Smg Getting Started Guide
39/50
Installing Symantec Messaging Gateway on VMwareUse Symantec Messaging Gateway Virtual Edition with VMware to create a
simulated computer environment on which to run Symantec Messaging Gateway.
System requirements for virtual deployment on VMware
Table 3-1lists the system requirements to deploy Symantec Messaging Gateway
as a guest on VMware ESX Server and VMware ESXi Server. You must install and
configure one of these servers before you install Symantec Messaging Gateway
Virtual Edition.
Note:Symantec Messaging Gateway does not provide any version of BusLogic
Controller.
For requirements specific to VMware ESX Server and VMware ESXi Server, refer
to yourVMware documentation.
Table 3-1 Supported Configurations for Symantec Messaging Gateway Virtual
Edition on Vmware
NotesMinimumRecommendedDescription
Processor on host must support
VT andhave this setting enabled
in the BIOS prior to installationto support the 64-bit kernel,
which is newly supported (and
required) by Symantec
Messaging Gateway 10.5.
Version 4.1ESX/i Version 4.1VMware ESX/i
Server
Symantec Messaging Gateway
installed on flexible disk on a
virtual machine is not
supported.
----Fixed diskDisk type
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on VMware
http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/8/10/2019 Smg Getting Started Guide
40/50
Table 3-1 Supported Configurations for Symantec Messaging Gateway Virtual
Edition on Vmware(continued)
NotesMinimumRecommendedDescription
For Scanner-only virtual
machines.
120 GBFor more
information,
consult the
Symantec
Knowledge Base
article,Disk
Space
Recommendations
for Symantec
Messaging
Gateway Virtual
Edition.
Disk space
For Control Centeronly virtual
machines.
120 GB
For combined Scanner and
ControlCenter virtual machines.
120 GB
A minimum of 4 GBis necessary
to run Symantec Messaging
Gateway and the virtual
machine.
4 GB8 GB or moreMemory
Symantec recommends
allocating four or more CPUs,
based on workload demands and
hardware configuration.
Note:Your environment must
support 64-bit applications in
order to support Symantec
Messaging Gateway 10.5.
24 or moreCPUs
Onlyone network interface card
is required per virtual machine.
12NICs
See About Symantec Messaging Gateway Virtual Editionon page 35.
Deploying an OVF template on an ESX 4.1 or ESXi 4.1/5.x Server
An OVF template is a virtual machine that includes the software you plan to run
on the machine. You can deploy an OVF template that contains Symantec
Messaging Gateway Virtual Edition on a VMware ESX Server 4.1 or VMware ESXi
Server 4.1/5.x. To deploy the OVF template, use a vSphere or vCenter client on a
different computer than the computer hosting your ESX or ESXi Server.
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on VMware
40
8/10/2019 Smg Getting Started Guide
41/50
You may want to ensure that your guest computer is configured to restart when
the host computer restarts. Consult your VMware documentation for more
information.
Note: If you cannot successfully complete this procedure, you can instead use an
OS restore disk.
See Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Serveron page 42.
To deploy an OVF template on an ESX 4.1or ESXi 4.1/5.x Server
1 Insert the DVD that contains the OVF template or locate the OVF templateonline.
The OVF template file name is as follows:
Symantec_Messaging_Gateway_10.0.*.ovf
If you accessed the file online, proceed to step2. If you inserted the DVD,
proceed to step3.
2 If you access the file online, unzip the file.
The OVF template file name is as follows:
Symantec_Messaging_Gateway_10.0.ovf
3 In the Filemenu, click DeployOVFtemplate.
4 On the Source page, click Deployfrom file.
5 Select the file. If necessary, click Browse to find the file.
6 Click Next.
7 On theOVFTemplateDetails page, click Next.
8 On theName andLocation page, enter the name for your deployment andclick Next.
9 On theReady toComplete page, click Finish.
Deploying the OVF may take a few minutes.
When complete, the new computer appears in your inventory.
10 After deployment is complete, access the new virtual computer from yourclient. The standard Symantec Messaging Gateway boot sequence begins.
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on VMware
8/10/2019 Smg Getting Started Guide
42/50
Installing from an ISO image or OS restore CD onto a virtual machineon your ESX or ESXi Server
Youcan configurea virtual machine and deployan instance of Symantec MessagingGateway from an OS restore CD or an ISO image. You can perform this task on a
computer that runs ESX 4.x or ESXi 5/4.x, but you must install either server first.
Use only ASCII characters in the entry fields when you create a virtual computer
with the management interface. The virtual computer's display name and path
cannot contain non-ASCII characters. Do not use spaces when you create file
names and directories for virtual computers.
You may want to ensure that your guest computer is configured to restart when
the host computer restarts. Consult your VMware documentation for more
information.
Note:By default, ESXi uses DHCP and does not use a root password. If you use
ESXi, Symantec recommends that you modify the ESXi settings to create a root
password and assign a static IP address before installation.
See Specifying a static IP address for routingon page 20.
To install from an ISO image or OS restore CD onto a virtual machine on your ESX
4.x or ESXi 5/4.x Server
1 Click on the ESX or ESXi Server on which you want to place your virtualmachine.
2 On the Filemenu, click New, then click VirtualMachine.
3 Select the Typical option and click Next.
4 Type a descriptive name for the virtual computer and clickNext.
5 Select a data store option. This setting is where your virtual computer islocated on the physical disk. Make this selection based on your particular
storage configuration. Options can vary. Click Next.
6 Select the virtual machine version.
If you use ESX 4.x, select Virtual Machine version 7.
7 For the OS, clickLinuxas the guest operating systemandRedHatEnterpriseLinux5 (32-bit) as the version, and then click Next.
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on VMware
42
8/10/2019 Smg Getting Started Guide
43/50
8 Reserve the necessary quantity of disk space, and then click Next.
See System requirements for virtual deployment on VMwareon page 39.
More disk space may be required based on your deployment.
After you reserve disk space and complete deployment, any changes to disk
space require that you repeat the OS restore process.
9 Select the LSI SAS SCSI device.
10 On the Ready toComplete page, checkEdit thevirtualmachinesettingsbeforesubmitting and click Continue.
11 ClickMemory at the left. Reserve the system memory based on yourdeployment needs, and then click Next.
A minimum of 4 GB is necessary to run Symantec Messaging Gateway Virtual
Edition and thevirtual computer.Symantec recommendsthat youuse at least8 GB.
12 Click CPU at the left. Select the number of virtual CPUs, and then clickNext.
ESX 4.x and ESXi 4.x are limited to two virtual CPUs per virtual computer.
Symantec recommends allocating a minimum of two virtual processors.
13 If you want a second network interface, click the Add button at thetop, choosethe EthernetAdapter, click Next, click Next again, and click Finish.
14 Click Finish.
15 Continue the deployment to bootstrap your virtual appliance.
See Using an OS restore CD on your ESX or ESXi Server to boot your virtual
computeron page 43.
See Using an ISO image on your datastore to boot your ESX/ESXi Server
virtual computeron page 44.
See Using an OS ISO image on your local computer to boot your ESX/ESXi
Server virtual computeron page 45.
Using an OS restore CD on your ESX or ESXi Server to boot your virtual
computer After you configure a virtual computer on ESX Server or ESXi Server, you can usean OS restore CD or ISO image as your bootstrap media.
See Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Serveron page 42.
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on VMware
8/10/2019 Smg Getting Started Guide
44/50
To use an OS restore CD on your ESX or ESXi Server to boot your virtual computer
1 Insert the OS restore disk into your ESX or ESXi Server's CD drive.
2 Click Edit virtualmachine settings.
3 On theHardware tab, select CD/DVDDrive1.
4 Choose HostDevice and choose CD.
5 Check Connect atpoweron and click OK.
6 Click the power on virtual machine icon.
The virtual machine now reboots from the CD drive.
7 Click the DisconnectCD/DVD button and remove the disk from your driveto prevent the system from performing another OS restore.
Symantec recommends that you disconnect your boot media immediatelyafter the initial boot process to avoid a future accidental OS restore.
8 Once the installation process is complete, turn off the computer through theclient and edit your computer settings.
9 On theHardware tab, select CD/DVDDrive1.
10 Uncheck Connect atpower on and click OK.
11 Restart your computer to begin the Symantec Messaging Gateway bootsequence.
Using an ISO image on your datastore to boot your ESX/ESXi Servervirtual computer
After you configure a virtual computer on ESX Server or ESXi Server, you can use
an ISO image on your datastore as your bootstrap media.
See Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Serveron page 42.
To use an ISO image on your datastore to boot your virtual computer
1 On theHardware tab, selectNewCD/DVD and check DatastoreISOfile as
the Device Type.
2 ClickBrowse and select the ISO file on your datastore. If you have not alreadyadded the ISO image to your datastore, refer to your VMware documentation
for the procedure.
3 Check Connect atPower on, then click Finish. The new virtual computerappears in the inventory.
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on VMware
44
8/10/2019 Smg Getting Started Guide
45/50
4 Turnon your new computer andaccess your console. The boot process begins.
5 If the console prompts you to partition your SDA device, click your mouseon the console window, and then press the Enter key for Yes.
6 Once the installation process is complete, turn off the computer through theclient and edit your computer settings.
7 On theHardware tab, select CD/DVDDrive1.
8 Uncheck Connectatpoweron and click OK.
9 Restart your computer to begin the Symantec Messaging Gateway bootsequence.
Using an OS ISO image on your local computer to boot your ESX/ESXiServer virtual computer
After you configure a virtual computer on an ESX Server or ESXi Server, use an
OS ISO image on your local computer as your bootstrap media.
See Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Serveron page 42.
To use an OS ISO image on your local computer to boot your virtual computer
1 Copy the ISO image onto your local hard drive.
2 Click Edit virtualmachine settings.
3 On theHardware tab, select NewCD/DVD and make sure ClientDevice isselected as the Device Type.
4 On theOptions tab, select BootOptions and set the ForceBIOS Setup.
5 Click OK. The new virtual computer appears in the inventory.
6 Click on the new virtual computer in the inventory, then click the consoleicon.
7 Click the power on virtual machine icon.
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on VMware
8/10/2019 Smg Getting Started Guide
46/50
8 If you are using in ISO image. click ConnectCD/DVD>Use ISO image, andbrowse to your ISO image. If you are using an OS restore CD, choose theletter
of your computer's CD/DVD drive.
The boot process begins.
9 Once the installation process is complete, the Symantec Messaging Gatewayboot sequence begins.
If the Symantec Messaging Gateway boot sequence does not begin, turn off
the computer through the client, click DisconnectCD/DVDdevice to
disconnect your ISO image, then restart your computer.
Installing Symantec Messaging Gateway on Hyper-VUse Symantec Messaging Gateway Virtual Edition with Hyper-V to create a
simulated computer environment on which to run Symantec Messaging Gateway.
System requirements for virtual deployment on Microsoft Hyper-V
Table 3-2lists the system requirements to deploy Symantec Messaging Gateway
as a guest on Microsoft Hyper-V server. You must install and configure one of
these servers before you install Symantec Messaging Gateway Virtual Edition.
For requirements specific to Microsoft Hyper-V Server, refer to yourMicrosoft
Hyper-V documentation.
Table 3-2 Supported Configurations for Symantec Messaging Gateway Virtual
Edition on Hyper-V
NotesMinimumRecommendedDescription
Processor on host must support
VTandhave this setting enabled
in the BIOS prior to installation
to support the 64-bit kernel,
which is newly supported (and
required) by Symantec
Messaging Gateway 10.5.
Windows 2008
Standalone
Windows 2012
Datacenter
Edition
Microsoft
Hyper-V
Symantec Messaging Gateway
doesnot support installation on
a virtual machine with a
dynamic disk.
----Fixed diskDisk type
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on Hyper-V
46
http://www.microsoft.com/http://www.microsoft.com/http://www.microsoft.com/http://www.microsoft.com/8/10/2019 Smg Getting Started Guide
47/50
Table 3-2 Supported Configurations for Symantec Messaging Gateway Virtual
Edition on Hyper-V(continued)
NotesMinimumRecommendedDescription
For Scanner-only virtual
machines.
120 GBFor more
information,
consult the
Symantec
Knowledge Base
article,Disk
Space
Recommendations
for Symantec
Messaging
GatewayVirtual
Edition.
Disk space
For Control Centeronly virtual
machines.
120 GB
For combined Scanner and
ControlCenter virtual machines.
120 GB
A minimum of 4 GB is necessary
to run Symantec Messaging
Gateway and the virtual
machine.
4 GB8 GB or moreMemory
Symantec recommends
allocating four or more CPUs,
based on workload demandsand
hardware configuration.
Note:Your environment must
support 64-bit applications in
order to support Symantec
Messaging Gateway 10.5.
24 or moreCPUs
Onlyone networkinterface card
is required per virtual machine.
Symantec Messaging Gateway
supports the use of synthetic
NICs only.
12NICs
See About Symantec Messaging Gateway Virtual Editionon page 35.
Installing from an ISO image or OS restore CD onto a virtual machineon your Microsoft Hyper-V server
Youcan configurea virtualmachine and deployan instance of Symantec Messaging
Gateway from an OS restore CD or an ISO image. You can perform this task on a
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on Hyper-V
8/10/2019 Smg Getting Started Guide
48/50
computer that runs Standalone or Datacenter Hyper-V on Windows 2008 R2 or
Windows 2012, but you must install either server first.
Use only ASCII characters in the entry fields when you create a virtual computer
with the management interface. The virtual computer's display name and path
cannot contain non-ASCII characters. Do not use spaces when you create file
names and directories for virtual computers.
You may want to ensure that your guest computer is configured to restart when
the host computer restarts. Consult your Microsoft documentation for more
information.
Note: Dynamic disk in a virtual deployment is not supported on Microsoft Hyper-V.
Please review settings for the Hyper-V guest and set the disk to fixed.
To install from an ISO image or OS restore CD onto a virtual machine on your
Microsoft 2008 R2 of 2012 Hyper-V Server
1 Click on theMicrosoft Hyper-V Server on which youwant to placeyour virtualmachine.
2 On theActionmenu, click New, then click VirtualMachine.
3 Click Next to create a virtual machine with a custom configuration.
4 Type a descriptive name for the virtual machine, select a storage folder thatpertains to your environment and click Next.
5 Specify the amount of system memory based on your deployment needs, andthen clickNext. A minimum of 4 GB is necessary to run Symantec Messaging
Gateway Virtual Edition and the virtual computer. Symantec recommends
that you use at least 8 GB.
6 Select a virtual switch for your network adapter and then click Next. If yourequire additional networkadapters, these may be added after the New Virtual
Machine Wizard has completed by editing the virtual machine settings.
7 SelectAttacha virtual harddisk later and then click Next. This will allowyou to add a fixed hard disk to your virtual machine.
8 Click Finish.
9 Right-click on new virtual machine and select Settings.
10 Highlight IDEController0 and click Add to add a new hard drive to yourvirtual machine.
11 Click New to create a new hard drive and then click Next.
12 Select Fixed and click Next.
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on Hyper-V
48
8/10/2019 Smg Getting Started Guide
49/50
13 Specify Name and Location for the new hard drive and then click Next.
14 Reserve thenecessaryquantityof disk space, andthen clickNext. See Systemrequirementsfor virtual deployment on Microsoft Hyper-V on page 46. More
disk space may be required based on your deployment. After you reserve disk
space and complete deployment, any changes to disk space require that you
repeat the OS restore process.
15 Click Finish, and then click OK.
16 Continue the deployment to bootstrap your virtual appliance.
See Using an OS restore CD on your Microsoft Hyper-V Server to boot your
virtual computeron page 49.
See Using an OS ISO image on your Hyper-V server to boot your Microsoft
Hyper-V Server virtual computer on page 49.
Using an OS restore CD on your Microsoft Hyper-V Server to boot yourvirtual computer
After you configure a virtual computer on Microsoft Windows 2008 R2 Hyper-V
Server or Microsoft 2012 Hyper-V Server, you can use an OS restore CD or ISO
image as your bootstrap media.
See Installing from an ISO image or OS restore CD onto a virtual machine on
your Microsoft Hyper-V serveron page 47.
To use an OS restore CD on your Microsoft Hyper-V Server to boot your virtual
computer
1 Insert the OS restore disk into your Hyper-V Server's CD/DVD drive.
2 Right-click on new Microsoft Hyper-V virtual machine and selectConnect.
3 Select Mediamenu.
4 Select DVDDrive > InsertDisk....
5 Select Symantec Messaging Gateway install disk in your CD/DVD drive andclick Open.
6 Start your virtual machine to begin the Symantec Messaging Gateway boot
sequence.
Using an OS ISO image on your Hyper-V server to boot your MicrosoftHyper-V Server virtual computer
After you configure a virtual computer on a Microsoft Hyper-V Server, you can
use an OS ISO image on your Hyper-V server as your bootstrap media.
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on Hyper-V
8/10/2019 Smg Getting Started Guide
50/50
See Installing from an ISO image or OS restore CD onto a virtual machine on
your Microsoft Hyper-V serveron page 47.
To use an OS ISO image on your Hyper-V server to boot your virtual computer
1 Copy Symantec Messaging Gateway install ISO to your Hyper-V server.
2 Right-click on new Microsoft Hyper-V virtual machine and selectConnect.
3 SelectMediamenu.
4 SelectDVDDrive > InsertDisk....
5 Select the Symantec Messaging Gateway install ISO and then clickOpen.
6 Start your virtual machine to begin the Symantec Messaging Gateway bootsequence.
Deploying Symantec Messaging Gateway as a Virtual MachineInstalling Symantec Messaging Gateway on Hyper-V
50