eSafe Smart Suite Deployment Guide

2010 SafeNet, Inc. All rights reserved. SafeNet is a registered trademark and SafeNet is a trademark of SafeNet, Inc. All other product and company names may be the property of their respective owners. SafeNet Proprietary Document name: eSafe SmartSuite Deployment Guide Document revision: 5/17/10, Rev. 8.5.0 Software Version: 8.5.0.25 All intellectual property is protected by copyright. All trademarks and product names used or referred to are the copyright of their respective owners. No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, chemical, photocopy, recording or otherwise without the prior written permission of SafeNet. SafeNet makes no representations or warranties with respect to the contents of this document and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, SafeNet reserves the right to revise this publication and to make changes from time to time in the content hereof without the obligation upon SafeNet to notify any person or organization of any such revisions or changes. We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product. SafeNet invites constructive comments on the contents of this document. These comments, together with your personal and/or company details, should be sent to the address below. SafeNet, Inc. 4690 Millennium Drive Belcamp, Maryland 21017 USA Technical Support If you encounter a problem while installing, registering or operating this product, please make sure that you have read the documentation. If you cannot resolve the issue, please contact your supplier or SafeNet support. SafeNet support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the support plan arrangements made between SafeNet and your organization. Please consult this support plan for further information about your entitlements, including the hours when telephone support is available to you. Technical Support Contact Information: Phone: 800-545-6608 (US) Phone: 410-931-7520 (International) Email: [email protected] www.safenet-inc.com Important Note: Please note that the contents of this guide may change from time to time, to accommodate new features, corrections, etc. The most recent product documentation can be found in the following location: www.esafe.com/support/eSafeDocuments.asp

Table of Contents

Table of ContentsChapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Using this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Graphical conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Whats new in this version? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 About eSafe SmartSuite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Web Security Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Mail Security Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Management and Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Flexible Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Product Types and Deployment Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Working with eSafe on VMwareTM . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Chapter 2: Installing the eSafe Appliance . . . . . . . . . . . . . . . . . . . . . . . . . 17 Pre-deployment Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Installing the Appliance in Transparent Bridge Mode . . . . . . . . . . . . . . . . . . . . .19 Connecting the eSafe Appliance to a Workstation . . . . . . . . . . . . . . . . . . .19 Accessing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Using the Setup Wizard to Configure the Appliance . . . . . . . . . . . . . . . . . .19 Installing the Appliance in Proxy Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 Connecting the eSafe Appliance to a Workstation . . . . . . . . . . . . . . . . . . .24 Accessing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 Using the Setup Wizard to Configure the Appliance . . . . . . . . . . . . . . . . . .24 Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Installing the eSafe Appliance in Mail Mode . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Connecting the eSafe Appliance to a Workstation . . . . . . . . . . . . . . . . . . .33 Accessing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Using the Setup Wizard to Configure the Appliance . . . . . . . . . . . . . . . . . .33 Installing the eSafe Appliance in Router Mode . . . . . . . . . . . . . . . . . . . . . . . . .39 Connecting the eSafe Appliance to a Workstation . . . . . . . . . . . . . . . . . . .39 Accessing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Using the Setup Wizard to Configure the Appliance . . . . . . . . . . . . . . . . . .39 Installing the eSafe Appliance in SSL Mode . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Connecting the eSafe Appliance to a Workstation . . . . . . . . . . . . . . . . . . .44 Accessing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Using the Setup Wizard to Configure the Appliance . . . . . . . . . . . . . . . . . .44 Installing the eSafe Appliance in ICAP Mode . . . . . . . . . . . . . . . . . . . . . . . . . .49 Connecting the eSafe Appliance to a Workstation . . . . . . . . . . . . . . . . . . .49 Accessing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

eSafe SmartSuite Deployment Guide

i

Table of Contents Using the Setup Wizard to Configure the Appliance Configuration Procedures . . . . . . . . . . . . . . . . .49

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

eSafe Web in ICAP Mode with Load Balancing and Fail Over Capabilities . . . 55 Installing the eSafe Appliance in Router Cluster Mode . . . . . . . . . . . . . . . . . . . .56 Connecting the eSafe Appliance to a Workstation . . . . . . . . . . . . . . . . . . . 56 Accessing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56 Using the Setup Wizard to Configure the Appliance About the Appliance Manager . . . . . . . . . . . . . . . . .56 Chapter 3: Managing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56 Accessing the Appliance Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Status Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 eSafe Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 System Info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58 Network Info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Spool Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Settings Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Host Name and DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Setting the Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64 Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Log Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68 Support Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 eSafe Security Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71 Viewing Links to eSafe on the Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Testing Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73 Help Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Connecting the eSafe Appliance to the Network . . . . . . . . . . . . . . . . . . . . . . . .75 Adding Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Chapter 4: Working with Security Center . . . . . . . . . . . . . . . . . . . . . . . . . .77 Installing the eSafe Security Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Logging on to the eSafe Security Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 The eSafe Security Center Main Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Task Bar / Task Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81 Appliance Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81 Managing appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82 Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83 4Eye View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87 Track & Care . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Selecting a report type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

ii


Table of Contents Creating queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 Creating Smart Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91 Task Buttons in the Policy Settings Screens . . . . . . . . . . . . . . . . . . . . . . .91 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92 User Access and Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Troubleshoot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Appendix A: Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Getting Started in Policy Settings Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Config Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Protocol Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Anti-spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Spyware/Adware Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Content Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Objects Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 FTP and HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 SMTP and POP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Known Vandal File Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Files for Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 URL Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Profile Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 AppliFilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 DLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Alerts Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 AppliFilter/Virus Warning Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 URL Filter Warning Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Gray List Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Miscellaneous Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Smart Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Updates Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226 Backing Up and Restoring Data in eSafe . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Appendix B: Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Backing up via the SmartSuite Security Center . . . . . . . . . . . . . . . . . . . . . . . 230 Backing up data via the eSafe Appliance Manager . . . . . . . . . . . . . . . . . . . . . 231


iii

Table of Contents Restoring Backed Up Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Backing up and restoring via the Command Line . . . . . . . . . . . . . . . . . . . . . . 233 Backing up to an external location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

iv


Chapter 1 IntroductionWelcome to the eSafe SmartSuite Deployment Guide. This guide provides you with the necessary information to deploy eSafe in your network, along with information on how to use eSafe to monitor traffic, perform maintenance, and get technical assistance.

Contents: Preface Whats new in this version? About eSafe SmartSuite Product Types and Deployment Modes


1

Chapter 1 - Preface

PrefaceUsing this guideThis guide is divided into the following chapters:

Chapter 1 - Introduction provides an overview of eSafe SmartSuite,including information on new features in this release, and describes the various deployment modes.

Chapter 2 - Installing the eSafe Appliance provides details on installingthe appliance in the various deployment modes.

Chapter 3 - Managing the Appliance provides details on managing theappliance via the web-based eSafe Appliance Manager.

Chapter 4 - Working with eSafe Security Center provides details forworking with eSafes management console.

Appendix A - Policy Settings provides detailed information on the options inthe Policy Settings screen in the Security Center.

Graphical conventionsPlease take note of the following conventions used in this guide:

Text that you must enter appears as follows: example A button that needs to be clicked appears in bold, as do menu paths in themenus. For example: Select Administration | Warning Messages | Outgoing. Click the Add button.

The names of menus, dialog boxes, and fields appear in italics: In the Settingsmenu, type hello in the Name text box and then click Apply.

2


Chapter 1 - Whats new in this version?

Whats new in this version?eSafe SmartSuite includes the following new features and enhancements: DLP:

New DLP capabilities with enhanced features for enforcement, monitoring, andclassification of sensitive files sent via email.

Supports analysis of more than 150 file types, including: MS Office documents, Open Office, and PDF files HTML, email, source code files Archived files New options allow taking specific actions when detecting data that matches theDLP dictionaries, including:

Report: Logs all file properties in the event log. Block: Blocks outgoing files/email. Notify sender: Sends a notification to the email sender (for mail eventsonly).

Archive: Archives the file/email in a special repository for laterinvestigation.

Forward file/email by email: Forwards the file/email to a special DLPinspector email address.

Includes more than 20 predefined out-of-the-box dictionaries that supportUnicode.

Includes predefined out-of-the-box DLP alerts with predefined Smart Alerts.Central Management:

Improved Central Management experience allows getting an instant overviewof whats happening on the gateway by monitoring traffic, getting alerts, investigating events, and taking immediate action. The central management features include:

Single sign-on Centralized machine tree with easy navigation between machines Support of data aggregation and statistics for sites/groups/clusters. Central log server Real-time indicators about machine status Advanced role-based administrationNote: Since this version uses the central management and log server, when installing an eSafe machine, the central management feature must be enabled.


3


When installing eSafe in a multiple eSafe machine environment (more than one machine), the central management/log server must be installed as a regular eSafe machine or as a separate central management/log server. Do not use more than one central management machine. P2P issue: By default, the eSafe Security Center connects to the central machine which allows monitoring and managing all machines in the organization. In case of an emergency or if you need to manage a specific machine NOT via the eSafe Security Center management server, you can connect to the machine directly (with limited capabilities), using the following eSafe management command: "C:\Program Files\eSafe\eSafeMNG\8.5\esafemng.exe" /log /p2p Productivity Improvements

This version includes various Productivity Improvements, including: Controlling and blocking streaming traffic per URL category with profile andstreaming properties (RTSP, RTP, MMS, Flash, etc.).

New warn/gray URL filter categories per policy and overriding rules(Coaching).

Support for non-inspected SSL sites per URL category. (Only eSafe WebSSL)

Monitoring and Reporting

Enhanced Smart Alerts with granular DLP alerts. Allowing fast Smart Alert rule creation when viewing Track & Care events.Dashboard Enhancements

Enhanced Dashboard graphic charts with drill-down capabilities by doubleclicking on the chart or legend to see actual events for a specific query.

Support for 4Eye log viewing. When viewing information in the Dashboardand Track & Care screens, users will see anonymous details. In order to see real data, a secondary administration password is defined (4Eye), allowing viewing of actual information. For further details, see 4EyeViewonpage 87. User Management

Proxy authentication to support multiple AD Domains. Added a new feature that allows end users to view quarantined email via Webbased reports, and manage/release quarantined email. This Web-based quarantine report supports NTLM Authentication and multiple domains. Globalization Support

This version includes Unicode support to allow globalization of the SecurityCenter UI and data.4 eSafe SmartSuite Deployment Guide


Performance Enhancements

This version includes a new results scanning cache. Improved web performance using real-time HTTP gzip compression allowscontent real-time extraction and data analysis of content reaching eSafe in compressed format.

Improved URL Filter performance using internal cache and restructuring. Restructured the AppliFilter engine to improve efficiency and performance.Note: This version supports two USBs in all appliances except HG200 which only recognizes SanDisk 4GB. The GA release will only support one USB.


5

Chapter 1 - About eSafe SmartSuite

About eSafe SmartSuiteeSafe SmartSuite delivers on the promise of a realtime smart and simple web and mail gateway security solution that protects against threats, Web 2.0 cybercriminals and competition. Its simple and yet powerful. eSafe SmartSuite is an enterprise-class security solution that is simple to integrate and manage, and drives business value for organizations. From its initial stage of set up and through its new fluid task oriented security management center and to advanced capabilities such as dual security engine and data leak prevention (DLP), eSafe SmartSuite helps businesses focus on achieving their required results. Offering realtime, smart inspection of all Web and mail traffic, eSafe SmartSuite also delivers unmatched performance and scalability. Flexible and robust, eSafe SmartSuite offers unprecedented reporting and analytics allowing businesses to truly customize their security posture and keep their enterprise productive.

Web Security GatewayThe changing Web threat landscape makes it more challenging for organizations of all sizes to enforce acceptable use policy, ensure protection from malware, and enable secure access to necessary information. Unfortunately, static technologies like URL filtering, categorization or signature-based antivirus are no match for todays adaptive threats, especially when most malware resides on legitimate websites. eSafe Web Security Gateway is the only solution that provides complete protection. By conducting deep packet inspection of ALL inbound HTTP and FTP traffic, including legitimate sites with proprietary technologies, eSafe Web Security Gateway detects and defends against suspicious and malicious code in realtime without over-blocking. eSafe Web Security gateway prevents all types of Web-based malicious code from entering the network - spyware, Trojans, viruses, targeted attacks, worms, and blended threats. eSafe Web Security Gateway includes the following modules:

AppliFilterThe tools and technologies that make collaboration and communication easier for users now provide a new platform for malicious attacks. Because Web-enabled applications like P2P or IM can bypass existing security solutions, they provide not only a productivity and data loss concern, but a prime entry point for malicious threats. eSafe AppliFilter can help your organization control access to these tools and help protect your valuable network resources from compromise. AppliFilter detects, tracks and controls Internet traffic and application protocols as well as malicious software running in your organization, in over 500 categories, including P2P, IM, and Skype, protecting against Internet-enabled application threats by providing control over both inbound and outbound communications, regardless of the port.

URL FilteringURL filtering is a core part of your security policy, setting business rules and ensuring that your users are productive during business hours and protected from the legal liabilities associated with visiting inappropriate sites. eSafe enables you to enforce your acceptable use policy and keep your employees protected by categorizing and filtering websites and web pages using one of the largest, most accurate databases of categorized URLs. A database of over 90 million websites and 70 categories helps protect users from accessing suspicious and unproductive websites.

6



eSafe Data Leak Prevention (DLP)eSafe Data Monitor is an easy-to-use solution for passive monitoring of business communications, both external and internal, including Web and mail. It includes built-in policy templates for data protection and regulatory compliance and for out-of-the box information forensics. eSafe assists in identifying who is sending what data where and how, and provides actionable intelligence to reduce the risk of data loss and to manage compliance.

Unbeatable Circumvention PreventioneSafe proactively blocks anonymizers and security circumvention tools based on their site code and behavior even if encrypted by SSL protocols. eSafe is the only solution that completely defeats anonymizers, protecting the integrity of your network, safeguarding your investment in security and limiting your liability from employee abuse of resources. Part of a complete Web Solution, eSafe is able to block 100%* of anonymizers in combination with Web SSL, AppliFilter, and URL Filtering. *Aladdins Attack Intelligence Research Center (AIRC) blocked 100 percent of anonymizers in repeated lab tests. Competitive solutions did not stand up to proxy threats and allowed users to leave the protected network.

eSafe Web SSLToday, encrypted traffic accounts for up to 30% of Web traffic traffic that is invisible to virtually every security product, and represents a growing security gap for organizations. While encryption does imply greater security, it is no guarantee of protection. Cybercriminals have now realized that most security products are blind to encrypted sites, making these sites prime targets for malware. eSafe SSL provides a complete solution for analyzing encrypted Web content and includes the capabilities to:

Enforce acceptable use policy control access to websites and Web 2.0applications over a secure connection

Provide transparent inspection of all encrypted (HTTPS, SSL, TLS) Web trafficand policy-based certificate validation and authorization

Control application usage by inspecting and blocking unwanted applicationsover SSL.


7


Mail Security GatewayFor most organizations, email is a vital business tool and one of the primary methods of business communication and collaboration. Controlling growing attacks and mitigating mail malware are now critical business issues, and although most companies have implemented some type of messaging security solution, incomplete strategies can expose your organization to malware exploits, as well as create performance and productivity issues. eSafe Mail Security gateway provides comprehensive messaging security solutions that block sudden spam, malicious worms and malware outbreaks in realtime, as they emerge. As an industry leader, award winning solution of 99% spam block, eSafe Mail Security gateway protects against virtually all spam and malware, without blocking legitimate email. In addition, comprehensive anti-phishing protection prevents targeted attacks as phishing elements are stripped from all suspicious email. eSafe innovative spam management and quarantine self-provisioning features help to reduce both TCO and IT staff requirements.

Advanced Anti-SpameSafes Advanced Anti-Spam module provides complete protection, total control and increased productivity. An industry first, eSafes Dual Anti-spam Engines combine both realtime reputation and deep content analysis technologies into a single, integrated solution. eSafe Advanced Anti-spam provides best-of-breed detection and blocking - checking both the context and the content of email messages for spam attributes and distribution patterns, while providing the only realtime solution to blocking sudden spam and malware outbreaks as they emerge.

Management and ReportingAdvanced ReporterPeriodic review and analysis of network traffic is a critical component of your security program. By monitoring your existing security solution you can identify areas where you might need to modify your configuration or implement additional security measures to protect against new threats. eSafe Advanced Reporter provides you and your security team with the tools you need to evaluate your current content security, assess your Web policy compliance, and easily communicate any security issues and justify new requirements. eSafe Advanced Reporter is based on a centralized system with a graphically rich and easy to use user interface, and includes interactive dashboards and reports with sophisticated analysis capabilities. eSafe Advanced Reporter provides over 200 pre-defined reports, as well as the flexibility to create focused user and group reports, delivering a robust, out-of-the-box reporting solution to evaluate risks, assess productivity, and ensure Web policy compliance.

Enterprise-Ready Management and ControlA single security center management platform integrates your security solutions and data to give you realtime information, so that you can make the right security decision. Through a streamlined eSafe Security Center and robust management features, eSafe delivers critical insight into your network, your users and your policy which allows for enhanced productivity. With centralized data management and analysis, role-based administration and logging, you can

8



optimize your security policy, identify the source of attacks, and focus on trouble spots with both user and group views.

Flexible PlatformseSafe XG appliance family is a turn-key secure solution available on a wide range of platforms that meet your business needs. eSafe is also available as a virtual appliance for 3rd party certified hardware or as a VMWare virtual appliance prebuilt solution. All eSafe XG appliances are designed to be:

Simple: eSafe XG appliances are pre-configured with best practices securitypolicy settings, straightforward setup, and fully customizable to your needs.

Reliable: Purpose-built, robust and highly reliable, eSafe XG appliancesinclude high availability and failover technology with a built-in fail bypass option, as well as firmware restore and upgrade.

Scalable: A single eSafe XG appliance can support thousands of users, and apatented, inline cluster mode allows connection of multiple appliances for transparent load balancing.

Manageable: eSafe XG appliances feature centralized management throughan intuitive interface console, which provides clear reporting data and access to essential tools for ongoing review and analysis of network traffic, employee productivity and policy compliance.


9

Chapter 1 - Product Types and Deployment Modes

Product Types and Deployment ModesWhen installing the appliance, you must decide which product and deployment mode you wish to install. The product determines the type of traffic that will be inspected: web traffic, email traffic, or both. The following products are available:

The Web Security Gateway relies on deep packet inspection of ALL inboundHTTP and FTP traffic, including legitimate sites, to provide complete protection against dynamic Web threats. eSafe Web Security Gateway uses proprietary technologies to detect and defend against suspicious and malicious code in realtime without over-blocking. eSafe Web Security Gateway prevents all types of Web-based malicious code from entering the network including spyware, Trojans, viruses, targeted attacks, worms, and blended threats.

The Mail Security Gateway provides comprehensive messaging securitysolutions that block sudden spam, malicious worms and malware outbreaks in realtime, as they emerge. eSafe Mail Security Gateway protects against virtually all spam and malware, without blocking legitimate email. In addition, comprehensive anti-phishing protection prevents targeted attacks as phishing elements are stripped from all suspicious email. eSafe innovative spam management and quarantine self-provisioning features help to reduce both TCO and IT staff requirements. After deciding on the product, you must decide on the deployment mode. The eSafe Appliance can be deployed in the network in the following modes:

Transparent Bridge Mode Proxy Mode SSL Mode Router Mode Forwarding Proxy Mode ICAP Mode Mail ModeA description of these modes follows.

10



Transparent Bridge ModeInline bridge mode provides seamless deployment and transparent inspection of HTTP, FTP, SMTP, and POP3 traffic, as well as application control (for example, P2P and streaming traffic). Installation is plug-and-play and no changes to the network configuration are necessary. This mode provides scalability and allows load balancing when installed as a Security Cluster. In typical networks, eSafe is installed in-line between the firewall and the LAN and functions as a network bridge or a router, transparently scanning traffic before forwarding it to the firewall and then to the Internet. Transparent Bridge Cluster Several eSafe appliances can be installed in-line and together serve as a network bridge. In case an appliance fails, its bypass NIC will fail open and other devices in the cluster will automatically re-synchronize in order to inspect the traffic instead of the appliance that failed. This mode can be used for eSafe Web and for eSafe Gateway products.


11


Proxy ModeeSafe in Proxy mode allows deploying eSafe as a proxy server that includes all of eSafes content security features. In this mode, eSafe scans HTTP and FTP (over HTTP) traffic, and has the ability to scan SMTP traffic too. Application control is possible for HTTP-based applications. This mode allows for seamless integration with Active Directory and LDAP for authentication of all HTTP traffic. This mode is easy to implement and does not require any changes to the network, and physically separates browsing users from the Internet. All users browsers need to be configured to browse through the appliance. Scalability is achieved by using standard round-robin proxy load-balancing methods or via third party load balancers.

12



SSL ModeeSafe in SSL mode is suited to organizations that demand extra security and acknowledge the fact that an encrypted connection does not guarantee that the data being transmitted, or the content of an encrypted web page, is free of malicious code. This mode provides transparent inspection of all encrypted (HTTPS, SSL, TLS) web traffic and policy based certificate authorization at the gateway, also blocking anonymizer technologies and tunneling attempts. With eSafe in SSL mode, all encrypted packets such as encrypted web pages, webbased email, instant messaging, and chat content, are inspected and blocked if found to be malicious, before being allowed to enter the enterprise network. eSafe in SSL mode is installed as a SSL/HTTPS proxy. All users browsers must be configured to use this proxy for surfing encrypted HTTPS/SSL websites. eSafe can inspect both HTTP and HTTPS traffic on one appliance, for up to 500 users. For more than 500 users, eSafe must be installed on a dedicated appliance that will check HTTPS traffic, in addition to the regular eSafe Web appliance that will inspect unencrypted HTTP.


13


Router ModeIn this mode, eSafe acts as a router and requires creating a subnet and reassigning the LANs Default Gateway to the internal NIC of the eSafe machine. The eSafe machine operates as the default gateway and traffic is forwarded to the firewall and then to the Internet. eSafe transparently scans HTTP, FTP, SMTP, and POP3 traffic between the LAN and the Internet. Router Cluster Mode If you want to replace an existing router or combine eSafe with third party load balancers - especially in complex networks - we recommend using Router Cluster Mode. This mode provides seamless deployment and transparent inspection of HTTP, FTP, SMTP, and POP3 traffic, as well as application control (for example, P2P and streaming traffic), and ensures that the network is secured even in the event that all machines are down. In this mode, several eSafe appliances are installed in parallel and together work as a cluster. One of the appliances serves as a master router and redirects traffic to other eSafe appliances for inspection. In case an appliance in the cluster fails, the master appliance will stop redirecting traffic to it. If the master fails, the next eSafe appliance will automatically assume the role of the master. This mode can be used for eSafe Web and for eSafe Gateway products and requires some changes to the network configuration.

14



Forwarding Proxy ModeeSafe serves as a non-caching HTTP proxy in front of an existing caching proxy. All users browsers are configured to browse through this proxy, which in turn redirects traffic to another caching proxy. This mode is suitable for eSafe Web only. Unless absolutely necessary, we recommend using either ICAP or Inline with Proxy modes instead.

ICAP ModeNetworks that include proxy servers that support ICAP (for example Blue Coat and Cisco) can benefit from eSafes Web Security Suite by installing eSafe in ICAP mode. This can be used in conjunction with proxy servers that support ICAP to provide content scanning and filtering, and block Internet-based malicious code. The proxy server (ICAP client) sends content to the eSafe appliance (ICAP server) where it is inspected for malicious content. Since the ICAP protocol includes builtin provisioning for load-balancing, several eSafe appliances can be connected to create a cluster which can support a large number of users.


15


Mail ModeeSafe in SMTP relay mode provides comprehensive email security to protect organizations from email-borne security threats and maximize productivity. eSafe detects and blocks viruses, exploits, malicious code, spam, cookies, malicious content found in Office documents, and hacker attacks; without blocking legitimate emails. This mode provides flexibility by allowing granular control of the varying security needs of different groups or users within the company. In this mode, the eSafe Appliance is installed in the DMZ (demilitarized zone) as a secure SMTP relay, effectively shielding the internal network and mail servers from the outside world. All inbound and outbound email is inspected before being forwarded to the destination. In addition to the regular mail relay functions, it also includes anti-relay/spamming/bombing mechanisms.

Working with eSafe on VMwareTMeSafe is available as a pre-built VMwWare virtual appliance solution. Installing eSafe on VMware makes it possible to virtually support any new VMwaresupported HW platform (with minimum hardware requirements). Currently eSafe supports operation with VMware ESXi 3.5. The following deployment modes can be installed on VMware:

eSafe Mail eSafe SSL eSafe ProxyInstalling eSafe on VMware is especially suited to small to medium organizations. In the chapters that follow, you will find instructions for installing each of the deployment modes described in this section.

16


Chapter 2 Installing the eSafe ApplianceThis chapter provides details on installing the eSafe Appliance in various deployment modes; from connecting a workstation for initial setup to placing the appliance in the network after installation. Follow the instructions specific to the mode you wish to install. Before you install the appliance, we recommend completing the checklist to help you get started.

Contents: Pre-deployment Checklist Installing the Appliance in Transparent Bridge Mode Installing the Appliance in Proxy Mode Installing the eSafe Appliance in Mail Mode Installing the eSafe Appliance in Router Mode Installing the eSafe Appliance in SSL Mode Installing the eSafe Appliance in ICAP Mode Installing the eSafe Appliance in Router Cluster Mode


17

Chapter 2 - Pre-deployment Checklist

Pre-deployment ChecklistBefore you proceed, take note of the following questions that will assist you in deciding which product and deployment mode you wish to install. Do you want to inspect Web, Mail or Web and Mail traffic? If you want to inspect both Web and Mail traffic, do you want to do this on the same appliance or on two dedicated appliances? Which deployment mode would you like to use? For more details on the various modes, see the Product Types and Deployment Modes section. Allocate an IP address to the eSafe Appliance, and for the management interface (mandatory). Note: XG110 does not require a management address.

Web Mail Web & Mail

Deployment mode:

Appliance IP address:

Management IP address:

What is the IP address of your networks DNS? What is the IP address of your networks Default Gateway? Which directory services (e.g. LDAP) are used in your network and where are the containers located? What is the IP address of the organizations mail server? What is the administrators email address for receiving alerts? Do you require comprehensive security reports?

DNS IP address:

DG IP address:

LDAP/AD Server IP address:

Mail server IP address:

Administrator email address:

Follow this link to learn more about the eSafe Advanced Reporter.

18


Chapter 2 - Installing the Appliance in Transparent Bridge Mode

Installing the Appliance in Transparent Bridge ModeIn Transparent Bridge Mode, the appliance is connected to the network via two network ports as an inline connection between the internal network and the Internet ports, and via a dedicated management port. In this mode, eSafe transparently scans traffic before forwarding it to the firewall and then to the Internet. This mode requires minimal configuration.Note:To install eSafe in Transparent Bridge Cluster mode, follow the instructions for installing in regular bridge mode.

Connecting the eSafe Appliance to a WorkstationConnect the appliance to a workstation in order to perform basic configuration. 1. Prepare a Windows-based workstation/laptop for initial configuration with IE 6.0 or above. 2. Plug one end of a crossover cable into the MNG (management) port (Eth0) on the appliance and the other end of the crossover cable into the Ethernet port of the workstation you prepared in the previous step. 3. Connect the power cable to the appliance and to a power source. 4. Turn on the appliance and the workstation.

Accessing the ApplianceNote:The appliances default IP address is 10.0.0.1/24.

1. Verify that the workstations IP address is in the same subnet as the appliance. 2. On the workstation, open the browser (IE v.6 or above) and access the appliance at https://10.0.0.1:37233. A security alert appears. 3. Accept the security alert in order to continue. The Login page appears. 4. Log in to the Appliance Manager using the default username (admin), and password (esafe). The Configuration Wizard will start automatically and the Welcome screen will appear.

Using the Setup Wizard to Configure the Appliance1. In the Welcome screen, click Next to display the License Agreement page. 2. Read the License Agreement and click I Accept. Click Next to display the Choose Product and Deployment Mode page. Take note that:

In the Choose Product and Deployment Mode page, you need to decidewhich traffic you want to scan and how you want to deploy your appliance.

The Central Management Server option allows defining a central eSafemachine that collects all eSafe events (traffic, system, DLP, etc.) from multiple eSafe machines and saves them to a local database in-depth


19


monitoring and analysis.

3. Under Choose Product, select the Secured Gateway check box and then select Web Security Gateway and/or Mail Security Gateway, in order to inspect web and/or mail traffic. 4. From the Choose deployment mode drop-down list, select Transparent Bridge. 5. Select the Central Management Server check box if you want this machine to be a central machine.

20



6. Click Next to display the Network Settings page.

Note:Depending on the type of appliance, you may be able to connect to the appliance via network cards other than Eth0.

7. Define the following network settings to enable the eSafe Appliance to communicate with the network:

Under Appliance IP settings, enter the management IP address andnetmask that you have assigned to the eSafe Appliance. This must be a valid IP address from the network/DMZ.

Next to Default Gateway, enter the IP address of the gateway device thatis used to forward traffic to destinations beyond the local network.

Select the Disable High Availability NIC features check box if you donot want to allow the fail open feature when the appliance is down.

The Reset unused interfaces option is enabled by default and clears allNIC information. (It is especially useful when reconfiguring the appliance.)

Under Name Resolution, enter the hostname of the eSafe Appliance toenable identification of the appliance in the network, and the IP addresses of the DNS servers in the network that will be used to resolve machine names. 8. Click Next. The Password page appears.


21


9. In the Password page, change the appliances admin user default password. This password will also be used to access the eSafe Security Center. You will also be prompted to change the root password (first time installation only).

10.Click Next to display the Set Time and Date page.

22



11.Define the current date and time, and the time zone in which the appliance will operate. Click Next to display the Registration page.

12.Enter your contact details in order to register your eSafe Appliance. This allows you to receive security updates and important eSafe news. 13.Select the Enable Extended HB Information check box to allow the appliance to send information on the status of the eSafe components to the eSafe Operations Center for analysis. 14.Click Next to display the Finish page. 15.Click Apply and Shutdown. The appliance is now ready for connection to the network.


23

Chapter 2 - Installing the Appliance in Proxy Mode

Installing the Appliance in Proxy ModeIn this mode, eSafe is deployed as a proxy server that harnesses eSafes content security features. eSafe scans HTTP and FTP (over HTTP) traffic, and can also scan SMTP traffic. Application control is possible for HTTP-based applications. This mode allows for seamless integration with Active Directory and LDAP for authentication of all HTTP traffic.






The Central Management Server option allows defining a central eSafemachine that collects all eSafe events (traffic, system, DLP, etc.) from multiple eSafe machines and saves them to a local database in-depth

24



monitoring and analysis.

3. Under Choose Product, select the Secured Gateway check box and then select Web Security Gateway. 4. From the Choose deployment mode drop-down list, select eSafe Proxy. 5. Select the Central Management Server check box if you want this machine to be a central machine.


25




Under Appliance IP settings, enter the IP address and netmask that youhave assigned to the eSafe Appliance. This must be a valid IP address from the network/DMZ.



Under Name Resolution, enter the hostname of the eSafe Appliance toenable identification of the appliance in the network, and the IP addresses of the DNS servers in the network that will be used to resolve machine names.

26



8. Click Next. You will be prompted to define proxy parameters.

9. In the eSafe Proxy Parameters page, you must define settings for connecting to the proxy:

Listening Port: This is the port on which the proxy will listen. The default is8080.

Enable Parent Proxy: Select this option to enable use of a parent proxy.Define the proxy hostname and port.

Click the Force using parent proxy checkbox if the eSafe machine doesnot have a direct Internet connection and requires a parent proxy.

Enable Cache: Select this checkbox to enable caching of traffic. Define themaximum size of the cache.

Enable WCCP: WCCP support enables transparent redirection of traffic toeSafe via Cisco, and other routers and switches. Select the Enable WCCP check box to enable traffic redirection. You will then be prompted to choose the relevant radio button to define whether traffic will be redirected to a switch or router.

Next to WCCP machine name, enter the IP address of the switch/router. Next to WCCP port, enter the port that eSafe will listen to.


27


10.Click Next. You will be prompted to select the authentication type.

From the drop-down list, select the authentication method:

No authentication: When authentication is disabled, the proxy is open andavailable to all machines where eSafe is defined as a proxy server. eSafe is unable to identify users in this case.

NTLM Authentication Settings: Allows integrating/authenticating againstthe Microsoft Active Directory. Only domain users are able to connect to eSafe Proxy. Define the following:

Host Name: Define the eSafe machine name. Domain Name: Define the domain in which eSafe will be located. AD Server: Define the Active Directory server name along with thepassword server name and Wins server name. (These values are usually the same.)

Samba Group: Define the workgroup name. Password Server: Usually the domain controller.

28



Wins Server: Wins server of company. Usually the domain controller.

Basic (LDAP): Allows connecting the organization's LDAP server andvalidating credentials at the server. Define the following:

Basic Realm: Part of the text the user will see when prompted theirusername and password.

Server Location: Define the IP address of the Active Directory or LDAPserver.

Base DN: Define the distinguished name of the root from which user/group details will be taken.

Bind DN: Define a user name to allow access to the LDAP server. Bind Password: Define the password to connect to the server. Search filter: Define expressions to search the user data.

Basic (Text): This method uses a standard Linux user name and passwordfile.

File path: Enter the path to the file.

Note:Please refer to the information at the end of this section regarding Creating a Flat File for authenticating users with eSafe Proxy mode.

11.Define the settings and click Next. The Password page appears.


29


12.In the Password page, change the appliances admin user default password. This password will also be used to access the eSafe Security Center. You will be prompted to change the root password (first time installation only).


30






31


Additional InformationCreating a Flat File for authenticating users in eSafe Proxy modeIn scenarios were the user credential information is not available as part of a supported directory service (such as Open LDAP or Active Directory), eSafe supports user authentication for browsing through the Proxy server based on an internal user and password list file known as a Flat File. When using eSafe Proxy mode with the Flat File authentication method, please note the following points and guidelines in order for the authentication to work. properly: 1. The flat file should be created with a program that creates htpasswd. There are various programs and websites that can create *.passwd files (for example http:/ /www.htaccesstools.com/htpasswd-generator-windows/) 2. After creating the flat file, it should be copied to eSafe under: /opt/eproxy/ 3. Permissions for the flat file should be changed to: chmod 666 users.htpasswd 4. Restart the Squid service (service squid restart) and then restart the eSafe service (service esafe restart). 5. In order for eSafe to identify the authenticated users (for profiles), define manual users via the eSafe Security Center, that have the same credentials as in the flat file. When a user attempts to browse the Internet, a prompt for entering their user name and password will automatically appear. Please note that any time the flat file is updated, the Squid and eSafe services should be restarted as outlined in step 4 above.

32


Chapter 2 - Installing the eSafe Appliance in Mail Mode

Installing the eSafe Appliance in Mail ModeThis mode allows deploying eSafe as an MX email relay at the gateway providing anti-spam, antivirus, anti-malware and deep content security features. In this mode, eSafe scans all incoming and outgoing SMTP traffic. This mode allows for seamless integration with Active Directory and LDAP for assigning different user and group policies for antispam and content filtering.






The Central Management Server option allows defining a central eSafemachine that collects all eSafe events (traffic, system, DLP, etc.) from multiple eSafe machines and saves them to a local database in-depth monitoring and analysis.


33


3. Under Choose Product, select the Secured Gateway check box and then select Mail Security Gateway, in order to inspect web and/or mail traffic. In the Choose deployment mode drop-down list, the SMTP Relay option will be selected automatically. 4. Select the Central Management Server check box if you want this machine to be a central machine.

34









Under Name Resolution, enter the hostname of the eSafe Appliance toenable identification of the appliance in the network, and the IP addresses of the DNS servers in the network that will be used to resolve machine names.

Under SMTP Client Identification, define the string the appliance will usefor identification purposes when communicating with SMTP clients that use the helo command. It is recommended that this string is the same as the appliance name. 7. Click Next. The Mail Servers page appears. You must define all the network's internal mail servers to enable scanning SMTP traffic. You must also include the port number that will be used to listen to SMTP traffic (the default is port


35


25). If the server has a backup machine, you can define more than one IP address for that server.

Click Add to define the domain name and IP address(es) of each mail serverin the network that will be protected.

8. Click Next. The Password page appears.

36



9. In the Password page, change the appliances admin user default password. This password will also be used to access the eSafe Security Center. You will also be prompted to change the root password (first time installation only).



37




38


Chapter 2 - Installing the eSafe Appliance in Router Mode

Installing the eSafe Appliance in Router ModeIn this mode, eSafe is installed in-line between the firewall and the LAN and functions as a network router. This mode requires definition of the appliance interfaces and some configuration changes.






The Central Management Server option allows defining a central eSafemachine that collects all eSafe events (traffic, system, DLP, etc.) from multiple eSafe machines and saves them to a local database in-depth monitoring and analysis. 3. Under Choose Product, select the Secured Gateway check box and then select Web Security Gateway.


39


4. From the Choose deployment mode drop-down list, select Other Modes. In the page that appears, select eSafe Router from the drop-down list.

5. Select the Central Management Server check box if you want this machine to be a central machine. 6. Click Next to display the Network Settings page.





Select the Disable High Availability NIC features check box if you do40 eSafe SmartSuite Deployment Guide


not want to allow the fail open feature when the appliance is down.


Under Name Resolution, enter the hostname of the eSafe Appliance toenable identification of the appliance in the network, and the IP addresses of the DNS servers in the network that will be used to resolve machine names. 8. Click Next. The Password page appears. 9. In the Password page, change the appliances admin user default password. This password will also be used to access the eSafe Security Center. You will also be prompted to change the root password (first time installation only).


41




12.Enter your contact details in order to register your eSafe Appliance. This allows you to receive security updates and important eSafe news.

42



13.Select the Enable Extended HB Information check box to allow the appliance to send information on the status of the eSafe components to the eSafe Operations Center for analysis. 14.Click Next to display the Finish page. 15.Click Apply and Shutdown. The appliance is now ready for connection to the network.


43

Chapter 2 - Installing the eSafe Appliance in SSL Mode

Installing the eSafe Appliance in SSL ModeThis mode provides transparent inspection of all encrypted (HTTPS, SSL, TLS) web traffic and policy based certificate authorization at the gateway, also blocking anonymizer technologies and tunneling attempts. eSafe in SSL mode is installed as a SSL/HTTPS proxy. All users browsers must be configured to use this proxy for surfing encrypted HTTPS/SSL websites.


Accessing the ApplianceNote: The appliances default IP address is 10.0.0.1/24. 1. Verify that the workstations IP address is in the same subnet as the appliance. 2. On the workstation, open the browser (IE v.6 or above) and access the appliance at https://10.0.0.1:37233. A security alert appears. 3. Accept the security alert in order to continue. The Login page appears. 4. Log in to the Appliance Manager using the default username (admin), and password (esafe). The Configuration Wizard will start automatically and the Welcome screen will appear.




44



4. From the Choose deployment mode drop-down list, select Other Modes. In the page that appears, select eSafe Web SSL from the drop-down list.





The Reset unused interfaces option is enabled by default and clears allNIC information. (It is especially useful when reconfiguring the


45


appliance.)

Under Name Resolution, enter the hostname of the eSafe Appliance toenable identification of the appliance in the network, and the IP addresses of the DNS servers in the network that will be used to resolve machine names. 8. Click Next. You will be prompted to define SSL proxy parameters.

Next to eSafe Web SSL Proxy Port, enter the proxy port. Select whether the proxy Internet connection is Direct or via a Parent Proxyor IP address. If you select parent proxy, define the IP address and port that will be used to connect to the parent proxy. 9. Click Next. The Password page appears.

46



10.In the Password page, change the appliances admin user default password. This password will also be used to access the eSafe Security Center. You will also be prompted to change the root password (first time installation only).



47



13.Enter your contact details in order to register your eSafe Appliance. This allows you to receive security updates and important eSafe news. 14.Select the Enable Extended HB Information check box to allow the appliance to send information on the status of the eSafe components to the eSafe Operations Center for analysis. 15.Click Next to display the Finish page. 16.Click Apply and Shutdown. The appliance is now ready for connection to the network. Important Note: In order to avoid errors when accessing the eSafe Appliance Manager in the future, follow by the steps below: 1. Run Internet Explorer. 2. Select Tools | Internet Options | Connections | LAN settings | Advanced. 3. Under Exceptions, add the eSafe machine IP address to the exceptions list.

48


Chapter 2 - Installing the eSafe Appliance in ICAP Mode

Installing the eSafe Appliance in ICAP ModeInternet Content Adaptation Protocol (ICAP) is an open HTTP-based protocol that enables dynamic scanning and modification of web content. To achieve this, ICAP clients pass HTTP based content to the ICAP servers for manipulation. The content is standardized and can be leveraged to help deliver value-added services, such as content filtering, virus scanning, and content translation. eSafe Web can be used in conjunction with proxy servers that support ICAP (such as Blue Coat Systems) to provide content scanning and filtering, and repair Internet-based malicious code. The proxy server (ICAP client) sends content to the eSafe Web machine (ICAP server) for scanning, based on the rules defined in eSafe. This mode allows creating a cluster for scalability.






The Central Management Server option allows defining a central eSafemachine that collects all eSafe events (traffic, system, DLP, etc.) from multiple eSafe machines and saves them to a local database in-depth monitoring and analysis.eSafe SmartSuite Deployment Guide 49


3. Under Choose Product, select the Secured Gateway check box and then select Web Security Gateway. 4. From the Choose deployment mode drop-down list, select Other Modes. In the page that appears, select eSafe ICAP from the drop-down list.

Note:By default, eSafe Web is configured to listen for ICAP traffic on port 1344. If necessary, it is possible to change this port via the esafenipca.ini file, located in Program Files/eSafe. In the [proxy] section, change the value next to the [proxylisten port] key.





The Reset unused interfaces option is enabled by default and clears allNIC information. (It is especially useful when reconfiguring the appliance.)50 eSafe SmartSuite Deployment Guide


Under Name Resolution, enter the hostname of the eSafe Appliance toenable identification of the appliance in the network, and the IP addresses of the DNS servers in the network that will be used to resolve machine names. 8. Click Next. The Password page appears. 9. In the Password page, change the appliances admin user default password. This password will also be used to access the eSafe Security Center. You will also be prompted to change the root password (first time installation only).


51




12.Enter your contact details in order to register your eSafe Appliance. This allows you to receive security updates and important eSafe news.

52



13.Select the Enable Extended HB Information check box to allow the appliance to send information on the status of the eSafe components to the eSafe Operations Center for analysis. 14.Click Next to display the Finish page. 15.Click Apply and Shutdown. The appliance is now ready for connection to the network. 16.Follow the steps in the next section to configure the Blue Coat proxy server to work with eSafe.

Configuration ProceduresThe proxy server (ICAP client) must be configured to send all HTTP traffic to the eSafe Web (ICAP server) machine for scanning. eSafe Web for ICAP supports operation with the Blue Coat proxy server. Use the instructions that follow to configure the proxy server.

Configuring the Blue Coat Systems Proxy ServerMake sure that you install the latest version of the Blue Coat Systems proxy server, or upgrade to the latest version (SGOS: 2.1.10 Release ID: 20570, or higher). To install the proxy server, follow the instructions in the relevant Blue Coat Systems documentation. Once installed, you must configure the ICAP service. To create and configure an ICAP service using the Management Console: 1. In the Blue Coat Systems proxy server, select Management Console | External Services| ICAP Services.

2. Click New. The Add List Item dialog appears. 3. In the ICAP service name field, enter an alphanumeric name. Click OK.


53


4. Select the new ICAP service name and click Edit. The Edit ICAP Service dialog appears.

5. Next to Service URL, enter the ICAP server URL (i.e. the eSafe Web IP address), written in the following format: icap://(eSafe IP)/respmod, as illustrated in the picture above. 6. Click the Sense Settings button. This will allow the server to automatically acquire all defaults settings that are required to communicate with eSafe. 7. Click OK to save the settings and then click Apply. 8. Repeat steps 2-7; in step 5, enter the ICAP server URL as follows: icap://(eSafe IP)/reqmod. Select request modification as the method supported. 9. To improve eSafe ICAP performance and reliability, we recommend only scanning necessary file/MIME types, and bypassing unnecessary types (e.g. .gif, .jpg, .pdf). This can be configured in the ICAP client Policy Manager.

54



eSafe Web in ICAP Mode with Load Balancing and Fail Over CapabilitiesMost ICAP clients include the ability to work with multiple ICAP servers to provide load balancing and fail over capabilities. To enable load balancing and fail over with eSafe Web in ICAP mode, you can install multiple eSafe machines and then configure the ICAP client to perform load balancing and fail over between the various machines. Detailed information on configuring the ICAP client to perform load balancing and fail over can be found in the proxy server manufacturers documentation.


55

Chapter 2 - Installing the eSafe Appliance in Router Cluster Mode

Installing the eSafe Appliance in Router Cluster ModeThis mode allows installing several eSafe appliances in parallel to work together as a cluster, ensuring that the network is secured even in the event that all machines are down. This mode provides seamless deployment and transparent inspection of web and/or mail traffic, as well as application control. This mode supports operation with third-party load balancers.







56



4. From the Choose deployment mode drop-down list, select Other Modes. In the page that appears, select eSafe Router Cluster from the drop-down list.






Under Name Resolution, enter the hostname of the eSafe Appliance toenable identification of the appliance in the network, and the IP addresses of the DNS servers in the network that will be used to resolve


57


machine names. 7. Click Next. The Cluster VIP Settings page appears. The eSafe Security Cluster in Router mode operates with Virtual IP Addresses (VIP). At least two VIPs are needed; one for each side of the cluster. These VIPs will be the external identity of the eSafe Cluster. The VIPs will be available as long as at least one node in the cluster remains healthy.

Define the internal and external VIPs that will be used by the eSafe Cluster. Note that all eSafe Cluster member machines must have the same VIP definitions. 8. Click Next. The Password page appears. 9. In the Password page, change the appliances admin user default password. This password will also be used to access the eSafe Security Center. You will also be prompted to change the root password (first time installation only).

58




11.Define the current date and time, and the time zone in which the appliance will operate.


59


12.Click Next to display the Registration page.

13.Enter your contact details in order to register your eSafe Appliance. This allows you to receive security updates and important eSafe news. 14.Select the Enable Extended HB Information check box to allow the appliance to send information on the status of the eSafe components to the eSafe Operations Center for analysis. Click Next to display the Finish page. 15.Click Apply and Shutdown. The appliance is now ready for connection to the network.Note:Initially defining a cluster requires logging on to eSafe Security Center via the central machine, defining a new cluster, dragging the central machine (which appears under the ALL branch in the machine tree) to the cluster, and then defining the other cluster members.

60


Chapter 3 Managing the ApplianceThe eSafe Appliance Manager is a web-based application that allows you to change the settings defined using the eSafe Appliance Setup Wizard, view information, and perform additional management actions. This section provides details for accessing the Appliance Manager application and provides a description of all menus and options available in the Appliance Manager.

Contents: About the Appliance Manager Accessing the Appliance Manager Status Menu Settings Menu Support Menu Connecting the eSafe Appliance to the Network Adding Firewall Rules


55

Chapter 3 - About the Appliance Manager

About the Appliance ManagerThe eSafe Appliance Manager is a web-based application that provides you with the tools to change the settings defined using the eSafe Appliance Setup Wizard, view information, and perform additional actions.

Accessing the Appliance ManagerFollow the steps below to access the eSafe Appliance Manager. 1. Open Internet Explorer and connect to the IP address of the eSafe Appliance as configured using the eSafe Appliance Setup Wizard. For example, https://x.x.x.x:37233, where x.x.x.x is the IP of the eSafe Appliance. Note! The eSafe Appliance uses secure HTTP protocol. Make sure that

eSafe Smart Suite Deployment Guide

Documents

Transcript of eSafe Smart Suite Deployment Guide