Symantec Messaging Gateway10.0GettingStarted …€™s primary role is to respond to specific...

Symantec™ MessagingGateway 10.0 Getting StartedGuide

powered by Brightmail™

The software described in this book is furnished under a license agreement andmay be usedonly in accordance with the terms of the agreement.

Documentation version: 10.0

PN: 21257306

Legal NoticeCopyright © 2012 Symantec Corporation. All rights reserved.

Symantec and the Symantec Logo are trademarks or registered trademarks of SymantecCorporation or its affiliates in theU.S. and other countries. Other namesmaybe trademarksof their respective owners.

This Symantec product may contain third party software for which Symantec is requiredto provide attribution to the third party (“Third Party Programs”). Some of the Third PartyPrograms are available under open source or free software licenses. The LicenseAgreementaccompanying the Software does not alter any rights or obligations you may have underthose open source or free software licenses. Please see theThird Party LegalNoticeAppendixto this Documentation or TPIP ReadMe File accompanying this Symantec product for moreinformation on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use,copying, distribution, and decompilation/reverse engineering. No part of this documentmay be reproduced in any form by any means without prior written authorization ofSymantec Corporation and its licensors, if any.

THEDOCUMENTATIONISPROVIDED"ASIS"ANDALLEXPRESSORIMPLIEDCONDITIONS,REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TOBELEGALLYINVALID.SYMANTECCORPORATIONSHALLNOTBELIABLEFORINCIDENTALOR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINEDIN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software andDocumentation are deemed to be commercial computer softwareas defined in FAR12.212 and subject to restricted rights as defined in FARSection 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights inCommercial Computer Software or Commercial Computer Software Documentation", asapplicable, and any successor regulations. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software andDocumentation by theU.S.Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation350 Ellis StreetMountain View, CA 94043

http://www.symantec.com

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1

http://www.symantec.com

Technical SupportSymantec Technical Support maintains support centers globally. TechnicalSupport’s primary role is to respond to specific queries about product featuresand functionality. TheTechnical Support group also creates content for our onlineKnowledge Base. The Technical Support group works collaboratively with theother functional areas within Symantec to answer your questions in a timelyfashion. For example, theTechnical Support groupworkswithProductEngineeringand Symantec Security Response to provide alerting services and virus definitionupdates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the rightamount of service for any size organization

■ Telephone and/or Web-based support that provides rapid response andup-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7days a week basis

■ Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our Web siteat the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreementand the then-current enterprise technical support policy.

Contacting Technical SupportCustomers with a current support agreement may access Technical Supportinformation at the following URL:


Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should beat the computer onwhich theproblemoccurred, in case it is necessary to replicatethe problem.

When you contact Technical Support, please have the following informationavailable:

■ Product release level



■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registrationIf yourSymantecproduct requires registrationor a licensekey, access our technicalsupport Web page at the following URL:


Customer serviceCustomer service information is available at the following URL:


Customer Service is available to assist with non-technical questions, such as thefollowing types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs, DVDs, or manuals



Support agreement resourcesIf youwant to contact Symantec regarding an existing support agreement, pleasecontact the support agreement administration team for your region as follows:

[email protected] and Japan

[email protected], Middle-East, and Africa

[email protected] America and Latin America

mailto:[email protected]



Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 1 Introducing Symantec Messaging Gateway . . . . . . . . . . . . . . . . . . . . 9

About Symantec Messaging Gateway .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9What's new in Symantec Messaging Gateway .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Where to get more information .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14About basic deployment ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 2 Installing your appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

About installation configurations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Installation checklist ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18System requirements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Setting up the appliance hardware .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Starting the appliance software set up .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Specifying Ethernet interfaces ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Specifying a static IP address for routing .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Specifying gateway and DNS IP addresses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Specifying the role for the appliance .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Registering your license .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Troubleshooting license file registration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Updating to the latest software during initial setup .... . . . . . . . . . . . . . . . . . . . . . . . . 27Configuring the Control Center ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Adding a Scanner through the Control Center ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Configuring the Scanner for inbound and outbound mail

filtering .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Chapter 3 Deploying Symantec Messaging Gateway as aVirtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

About Symantec Messaging Gateway Virtual Edition .... . . . . . . . . . . . . . . . . . . . . . . 37System requirements for virtual deployment ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Deploying an OVF template on an ESX 4.x or ESXi 5/4.x Server ... . . . . . . . . . 39Installing froman ISO image orOS restore CDonto a virtualmachine

on your ESX or ESXi Server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Contents

Using an OS restore CD on your ESX or ESXi Server to boot yourvirtual computer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Using an ISO image on your datastore to boot your virtualcomputer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Using an OS restore CD or ISO image on your local computer to bootyour virtual computer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Contents8

Introducing SymantecMessaging Gateway

This chapter includes the following topics:

■ About Symantec Messaging Gateway

■ What's new in Symantec Messaging Gateway

■ Where to get more information

■ About basic deployment

About Symantec Messaging GatewaySymantecMessagingGateway offers enterprises a comprehensive gateway-basedmessage-security solution. Symantec Messaging Gateway delivers inbound andoutbound messaging security, real-time antispam and antivirus protection,advanced content filtering, and data loss prevention in a single platform.

Symantec Messaging Gateway does the following to protect your environment:

■ Detects spam, denial-of-service attacks, and other inbound email threats

■ Leverages a global sender reputation and local sender reputation analysis toreduce email infrastructure costs by restricting unwanted connections

■ Filters email to removeunwanted content, demonstrate regulatory compliance,and protect against intellectual property and data loss over email

■ Obtainsvisibility intomessaging trendsandeventswithminimal administrativeburden

See “Where to get more information” on page 14.

1Chapter

What's new in Symantec Messaging GatewayTable1-1 lists SymantecMessagingGateway'snew features andenhanced features.

Table 1-1 Symantec Messaging Gateway new features and enhanced features

DescriptionNew feature orenhancement

You can obtain custom spam rules specifically for yourorganization based on the missed spam messages and falsepositive messages that administrators and end users submit.

This feature provides the following benefits:

■ It improvesSymantecMessagingGateway's ability to detectspam and helps administrators control false positiveincidents.

■ It makes it easier to submit missed spam messages or falsepositivemessages toSymantec for analysis and rule creation.

■ It provides visibility into the submission status and rulecreation.

When you configure this feature, administrators and end userscan submit emailmessages to Symantec asmissed spamor falsepositives.Withinminutes, Symantec creates custom rules. Theconduit obtains these rules which are then applied to eachconfigured Scanner.

Creation of custom spamrules

The Enforce Server provides a centralized Web-basedmanagement console and incident repository.

This integration lets you remediate quarantinedmessages fromeither Symantec Messaging Gateway Control Center or fromtheEnforceServer administration console. If remediationoccursfromEnforce Server, itwrites the status to SymantecMessagingGateway so the incident status stays synchronized. You can alsosynchronize status updates fromSymantecMessagingGatewayto Enforce Server.

Integrationwith EnforceServer

Introducing Symantec Messaging GatewayWhat's new in Symantec Messaging Gateway

10

Table 1-1 Symantec Messaging Gateway new features and enhanced features(continued)


SymantecMessaging Gateway lets any host in a deployment beprovisioned with IPv6 addresses.

First configure your Scanners with at least one primary IPv4address that Symantec Messaging Gateway can use forcommunication between the Control Center and Scanner. Youconfigure this primary IPv4 address when you initially installthe appliance. Once the initial setup is complete and a Scanner,Control Center, or both have been configured, you canimplement IPv6 addresses as needed.

IPv6 addresses are only supported for certain features.

IPv6 addresses aresupported

You can conserve scanning resources when you select themalwarepolicy action tobypass the scanningof content filteringpolicies. Symantec Messaging Gateway takes the actions thatyou specify for that malware policy but does not scan themessage for content filtering policies. When you select thisaction, you can bypass the scanning of specific content filteringpolicies or of all content filtering policies.

Ability to bypassscanning contentfiltering policies whenSymantec MessagingGatewaydetectsmalware

You can now send spam or suspected messages to contentincident folders. This feature lets you categorize spam andsuspected spam messages into content incident folders so thatyou can analyze them and fine-tune your spam policies.

When you create or modify a spam policy, you now have theoption to Create an informational incident or Create aquarantine incident for a policy action. Then you specify theinformational incident or quarantine incident folder that youwant to use (you must have previously created these folders).You can also select these options when you configure senderauthentication failure.

Improvements to spamfiltering

11Introducing Symantec Messaging GatewayWhat's new in Symantec Messaging Gateway



Themessage queuenowprovides details about howmany timesthe MTA attempted to deliver a message and when the nextdelivery attempt is scheduled.

The message audit log also includes details about the messagedelivery attempts and contains the logical IP address as well.The logical IP address is derived from the “Received:” headersof themessage content. SymantecMessagingGatewayuses thisIP address for filtering purposes. Based on your deployment,this addressmay be identical to the “Accepted from” IP address.

Additional informationabout messages in themessage queue andmessage audit log

Symantec Messaging Gateway now lets you customize yourbackups. In addition to a full backup, you can back up allconfiguration data (which includes policies), plus one or moreof the following: log data, reports, and messages in contentincident folders.

For example, assume that you want to back up and maintainmessages in incident folders for compliance requirements butdo not have enough storage space. You can back up policies pluscontent incidents exclude logs and reports and store the backupoff-box.Another example is that youmayhave a situationwhereyou want to copy the policies that you have on one ControlCenter to another. You canbackup thepolicies and restore themon the other Control Center.

You can create custom backups through the Control Center orat the command line.

Greater flexibility tocustomize your backups

Negative rules are rules inwhicha conditionmustnot bepresentto trigger a violation. An example of a negative rule is: doesnotcontain Subject.

Additional negativecontent filtering policyconditions

Previously, Symantec Messaging Gateway only scanned theHTML body. Now you can scan HTML tags in the body of themessage.

Ability to scan HTMLtags in themessage body

Introducing Symantec Messaging GatewayWhat's new in Symantec Messaging Gateway

12



YoucannowdefinehowyouwantSymantecMessagingGatewayto address subsequent content filtering policies.When a policyis triggered, you may still want to have Symantec MessagingGatewayperformanynon-conflicting actions for thenext policythat it evaluates. Or you can specify that for the next policyevaluated, to only create incidents in an incident folder or senda notification if those actions are specified. Another optionwould be that once amessage triggers a content filtering policy,no subsequent content filtering policies are evaluated. Thisoption conserves scanning resources.

Specify subsequentcontent filtering policyactions

All of the predefined attachment lists that Symantec providesin SymantecMessagingGateway are nowpremiumattachmentlists. These premium attachment lists cannot be modified nordeleted. But you can copy any of these lists and modify thecopies. You can also delete custom listswhen they are no longerneeded.

If youupgrade fromapreviousversion, predefined, customizableattachment lists are retained, as well as any modifications thatyou made to those lists. Any content filtering policy that usesthese customized attachment lists as a condition continues towork as you defined it in your policy.

Upon upgrade, new versions of the default, predefined customattachment lists appear in the Attachment List table. Thesenew lists are premium attachment lists. For example, if youupgrade fromversion9.5x, twoversions ofArchiveFiles appearin the Attachment List table: one is the previous custom list;the other is the new premium list.

Content filtering templates use premium attachment lists. Ifyou want to use a custom attachment list, modify the contentfiltering policy and specify the custom attachment list that youwant to use.

All predefinedattachment lists are nowpremium attachmentlists

These new variables provide links to the Control Center pageswhereusers canviewor remediate incidents. Thenewvariablesalso let you specify whether users can auto-authenticate or ifthey must type their credentials to access the Control Center.

New content filteringincident notificationmessage variables

13Introducing Symantec Messaging GatewayWhat's new in Symantec Messaging Gateway



In addition to the ability to approve incidents or reject incidentsin quarantine incident folders, you can also create a customaction. You define the customactionwhen you configure policyactions.

New custom policyactions

Where to get more informationThe following resources provide more information about your product:

The Symantec Messaging Gateway documentation setconsists of the following manuals:

■ Symantec Messaging Gateway Administration Guide

■ Symantec Messaging Gateway Installation Guide

■ Symantec Messaging Gateway Getting Started Guide

■ SymantecMessaging Gateway Command Line ReferenceGuide

■ Symantec Messaging Gateway Release Notes

■ Symantec Messaging Gateway Software Update Notes

www.symantec.com/business/support/documentation.jsp?language=englishview=manualspid=53991

Documentation

Symantec Messaging Gateway includes a comprehensiveHelp system that contains conceptual and proceduralinformation.

Product Help system

Introducing Symantec Messaging GatewayWhere to get more information

14

http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991



Visit the Symantec Web site for more information aboutyour product as follows:

■ www.symantec.com/enterprise/support

Provides access to the technical support knowledge base,newsgroups, contact information, downloads, andmailing list subscriptions

■ https://licensing.symantec.com/acctmgmt/index.jsp

Provides information about registration, frequentlyasked questions, how to respond to error messages, andhow to contact Symantec License Administration

■ www.symantec.com/business/index.jsp

Provides product news and updates

■ www.symantec.com/business/security_response/index.jsp

Provides you access to the virus encyclopedia, whichcontains information about all known threats;information about hoaxes; and access to white papersabout threats

Symantec Web site

About basic deploymentYou can use each appliance to perform a variety of functions. During the initialsetup, the installation wizard prompts you to choose the function that eachappliance will perform. Before you install the product, decide which functions toassign your appliance. Contact a sales representative for additional help withperformance sizing.

The available functions are as follows:

15Introducing Symantec Messaging GatewayAbout basic deployment

http://www.symantec.com/enterprise/support

https://licensing.symantec.com/acctmgmt/index.jsp

http://www.symantec.com/business/index.jsp

http://www.symantec.com/business/security_response/index.jsp

AControl Center lets you configure andmanage all of the followingfrom a Web-based interface:

■ Email filtering

■ SMTP routing

■ System settings

■ Spam Quarantine

■ Suspect Virus Quarantine

■ Content filtering incident folders

■ All other functions

The Control Center provides information on the status of all ofthe Symantec Messaging Gateway hosts in your environment,including logs and reports.

You must configure one Control Center for your site. One ControlCenter controls one or more Scanners.

Control Center

Scanners can perform all of the following tasks:

■ Perform filtering based on IP connections, such as ConnectionClassification, Fastpass, and various sender groups

■ Filter email for viruses, spam, and noncompliant messages

You can configure multiple Scanners.

Scanner

Performs both functions. This configuration is suitable for smallerinstallations.

Control Center andScanner

Note: This documentation assumes that you will configure a single appliance asboth a Control Center and a Scanner, and that your Scannerwill perform inboundand outbound mail filtering. If your filtering requirements exceed this basicscenario, refer to the Symantec Messaging Gateway Installation Guide.

Introducing Symantec Messaging GatewayAbout basic deployment

16

Installing your appliance


■ About installation configurations

■ Installation checklist

■ System requirements

■ Setting up the appliance hardware

■ Starting the appliance software set up

■ Specifying Ethernet interfaces

■ Specifying a static IP address for routing

■ Specifying gateway and DNS IP addresses

■ Specifying the role for the appliance

■ Registering your license

■ Updating to the latest software during initial setup

■ Configuring the Control Center

■ Adding a Scanner through the Control Center

■ Configuring the Scanner for inbound and outbound mail filtering

About installation configurationsYou can install and run Symantec Messaging Gateway in several ways:

2Chapter

Install and run a physical, Symantec-supplied appliance.Symantec MessagingGateway appliance

Install and run a virtual appliance, using your choice ofhardware.

See “About Symantec Messaging Gateway Virtual Edition”on page 37.

Symantec MessagingGateway Virtual Edition

Install and run a combination of physical and virtualcomponents.

Mixed-mode

Installation checklistTable 2-1 describes the information to have on hand and the hardware to have inbefore you install Symantec Messaging Gateway.

Table 2-1 Installation checklist

DescriptionItem

KeyboardandVGAmonitoror throughanother computer througha serial port. After initial setup, you can log into an appliance'scommand line interface using SSH.

Console access toappliance for initialsetup

The same license file can be used to license multiple appliances.Valid license file

The URL you use to access the appliance's Control Center Webinterface.

Hostname

■ A routable static IP address assigned to eth0 for inboundemail, and one of the following for outbound email:

■ Routable static IP address assigned to eth1 (recommended)

■ Routable static virtual IP address

■ Separate port that shares the one routable static IP addressassigned to eth0

IP addresses assigned to eth0 or eth1 require a netmask IPaddress and a gateway IP address. Refer to the Scanner scenariosto determine IP address requirements.

A static IP addressesandone or twonetmaskand gateway IPaddresses

DNS is required to route email. You can use the Internet rootDNS servers or specify internal DNS servers.

Domain Name Servers(DNS)

Internet or internal.NTP servers (optional)

Installing your applianceInstallation checklist

18

Table 2-1 Installation checklist (continued)

DescriptionItem

Instead of using a direct connection, you can optionally specifya proxy for registration, filters, and retrieval of virus definitionsusing LiveUpdate.

Hostname, port, username, andpassword forproxy (optional)

If there are MTAs configured between your Scanners and theInternet, on the Inbound Mail Filtering - Connections wizardpage, configure the Scanners to only accept email from theupstream MTAs. If there is a firewall between any of yourappliances and the Internet, the firewall must be configured topermit network traffic through certain ports.

IP addresses fromwhich to permit traffic

System requirementsTable 2-2 lists the minimal system requirements.

Table 2-2 System requirements

RequirementItem

The Control Center supports the following browsers:

■ Microsoft Internet Explorer 9/8

■ Mozilla Firefox 13 or later

■ Chrome 19 or later

Web browsers

Symantec Messaging Gateway supports the following LDAP directorytypes:

■ Windows 2008 Active Directory (both LDAP and Global Catalog)

■ Windows 2003 Active Directory (both LDAP and Global Catalog)

■ Sun Directory Server 7.0



■ Lotus Domino LDAP Server 8.5



■ OpenLDAP 2.4

■ OpenLDAP 2.3

Symantec Messaging Gateway is LDAP v.3 compliant and can beconfigured to work with other directory server types.

LDAP

19Installing your applianceSystem requirements

Setting up the appliance hardwareBefore you can install and configure the appliance, you must first set up thehardware.

To set up the appliance hardware

1 Unpack the appliance and either rack mount it or place it on a level surface.

2 Plug in AC power.

3 Plug in an Ethernet Cable to DRAC port and enable DRAC. For moreinformation on DRAC, see Dell Support.

4 Connect the appliance with one of the following methods:

■ Connect a keyboard and VGA monitor to the appliance.

■ Connect another computer to the appliance with the serial port.Use a null modem cable with a DB9 connector and settings of 9600 bps,8/N/1.

■ Connect to appliance through DRAC console from a remote computer.

5 Connect an Ethernet cable to the Ethernet jack that is labeled 1 on the backpanel of the appliance, which corresponds to eth0.

To use the second Ethernet port for outbound traffic, connect a second cableto the Ethernet jack that is labeled 2 on the back of the appliance andcorresponds to eth1.

See “Starting the appliance software set up” on page 20.

Starting the appliance software set upAfter you set up the appliance hardware, begin the software set up process.

See “Setting up the appliance hardware” on page 20.

To start the appliance software set up

1 Turn on the power.

2 Log on with the logon name admin and the password symantec.

3 When you are prompted, type your new password twice.

Installing your applianceSetting up the appliance hardware

20

4 When you are prompted, type a fully qualified domain name for this host.

To avoid problems with message routing, this host name should not be yourmail domain, such as symantecexample.com.

For example, the name should be similar in form to:

host6.symantecexample.com

5 When you are prompted, type the correct time zone.

Type ? to see a list of time zones.

Press the space bar to scroll through the list or type Q to exit the list.

6 To continue installation, next you specify Ethernet interfaces.

See “Specifying Ethernet interfaces” on page 21.

Specifying Ethernet interfacesAfter you perform the initial steps of starting the appliance setup, the next stepis to configure the Ethernet interfaces.

See “Starting the appliance software set up” on page 20.

To specify Ethernet interfaces

1 When you are prompted, type the IP address for the Ethernet interface thatis labeled 1 on the back of the appliance.

For example:

192.168.0.1

2 When you are prompted, type the subnet mask for Ethernet interface 1.

For example:

255.255.255.0

21Installing your applianceSpecifying Ethernet interfaces

3 When you are prompted if you want to use the second Ethernet interface,interface 2, type one of the following responses:

You want to use interface 2.YES

You do not want to use interface 2.

Skip to the next procedure.

See “Specifying a static IP address for routing”on page 22.

NO

4 When you are prompted, type the IP address for Ethernet interface 2.

For example:

192.168.12.3

5 When you are prompted, type the subnet mask for Ethernet interface 2.

For example:

255.255.255.0

6 To continue installation, next you specify a static IP address for routing.

See “Specifying a static IP address for routing” on page 22.

Specifying a static IP address for routingAfter you set up the Ethernet interfaces, the next step in setting up your applianceis to set up a static IP address for routing. You can set up multiple static IPaddresses or none at all.

See “Specifying Ethernet interfaces” on page 21.

Installing your applianceSpecifying a static IP address for routing

22

To specify a static IP address static for routing

1 When you are prompted whether you want to add a static IP address forrouting, type one of the following responses:

You want to add a static IP address for routing.YES

You do not want to add a static IP address for routing.


See “Specifying gateway and DNS IP addresses”on page 23.

NO

2 When you are prompted, specify the IP address or CIDR block of thedestination host or network.

3 If you configure multiple Ethernet interfaces, you are prompted to specifythe Ethernet Interface number (either 1 or 2, the default is 1).

This setting is to force the route to be associated with the specified device.

4 When you are prompted whether you want to add another static IP address,type one of the following responses:

You want to add another static IP address.

Repeat steps 2 through 3 to add another static IPaddress.

YES

You do not want to add another static IP address.


See “Specifying gateway and DNS IP addresses”on page 23.

NO

5 To continue installation, next you specify gateway and DNS IP addresses.

See “Specifying gateway and DNS IP addresses” on page 23.

Specifying gateway and DNS IP addressesAfter you configure the static IP address, specify the default gateway IP addressand the IP address of your DNS server. You can add up to three DNS server IPaddresses.


23Installing your applianceSpecifying gateway and DNS IP addresses

To specify gateway and DNS settings

1 When you are prompted, type the IP address of the default gateway (defaultrouter).

2 When you are prompted, type the IP address of the DNS server.

3 When you are prompted if you want to enter another DNS server, type oneof the following responses:

You want to add an additional DNS server.

Type the IP address.

You can add up to three addresses.

YES

You do not want to an additional DNS server.


See “Specifying the role for the appliance” on page 24.

NO

4 To continue installation, next you specify the role for the appliance.


Specifying the role for the applianceAfter you have specified IP addresses for your default gateway and DNS servers,specify the role for the appliance.

See “Specifying gateway and DNS IP addresses” on page 23.

The roles that you can choose are as follows:

■ Scanner only

■ Control Center only

■ Scanner and Control Center

To set the role for the appliance

1 When you are prompted, choose one of the following roles for this appliance:

■ Scanner only

■ Control Center only

Installing your applianceSpecifying the role for the appliance

24

■ Scanner and Control Center

2 For Scanneronly, when prompted, type the IP address of the Control Centerthat you intend to use to manage this Scanner.

3 When you are prompted, type one of the following responses:

The summary information is correct.

Product setup is complete and the appliance restarts.After the appliance restarts, you can register yourappliance.

See “Registering your license” on page 25.

YES

The summary information is not correct.

You return to the beginning of the process to makeyour changes.

See “Starting the appliance software set up”on page 20.

NO

Registering your licenseTo register your license, you need the license file that Symantec provides you.Place this file on the computer from which you access the Control Center. EachtimeyouaddaScanner, youmust confirmyour licenses or register again.However,you can use the same license file for each Scanner.

Note: For your Scanners, ensure that your network is configured to permitoutbound connections to Symantec on port 443. Symantec Messaging Gatewaycommunicates with Symantec Security Response over a secure connection forproduct registration and ongoing operations.

If you are performing the initial setup of your appliance, these steps appear inthe setup wizard after the appliance restarts.


25Installing your applianceRegistering your license

To register your license

1 From a computer that can access your appliance, locate the appliance in abrowser.

The default logon address is as follows:

https://<hostname>

where <hostname> is the host name that you designate for your applianceduring setup or the IP address.

To use HTTP, you must enable HTTP through the command line interfaceand specify port 41080.

2 When the security alert message appears, accept the self-signed certificateto continue.

3 On the Control Center logon page, log on as user admin and use the passwordthat you specified set during initial setup.

4 On the End-User License Agreement page, click I accept the terms of thelicense agreement and click Next.

5 On the License Information Registration page, click Browse to locate yourlicense file.

6 Select your license file and click Open to return to the License Registrationpage.

7 If your Scanner uses a proxy server for communicationswithSymantec, clickProxy Server.

8 To specify a proxy server, check Use HTTP Proxy and type the server hostname and port. If required, type the user name and password.

9 Click Register License.

If registration was successful, the License Registration Information pagereturns.

See “Troubleshooting license file registration” on page 27.

Registrationmay fail because of an inaccessible proxy, closed port 443, or anexpired, missing, or corrupt license file.

Installing your applianceRegistering your license

26

10 If you have another license file for a different feature, repeat the process forregistering each license.

11 When all of the license files are successfully registered, click Next.

If your software is up-to-date, the setup wizard appears. Continue with theinstallation process.

See “Configuring the Control Center” on page 28.

If a software update is available, the Software Update page appears.

See “Updating to the latest software during initial setup” on page 27.

Troubleshooting license file registrationIf youhave difficulty installing a license during installation, the installationwizardlets you troubleshoot the issue with the Traceroute utility or the Ping utility.

Troubleshooting license file registration

1 On the License Information Registration page, click Utilities.

2 In the Utility field, click the drop-down menu and select whether to useTraceroute or Ping, and then in the Host name or IP address field, type thehost name or IP address.

Make sure you can connect to https://register.brightmail.com.

3 Click Run.

The results appear in the Results text box.


5 Complete registration.


Updating to the latest software during initial setupSymantec recommends that you apply the current software update after youregister the product, if one is available.


27Installing your applianceUpdating to the latest software during initial setup

http://register.brightmail.com

Updating to the latest software during initial setup

1 On the Software Update page, select any of the following options:

Lets you update your software later.Skip

Updates your software now.

After the update, the setupwizard appears to help youconfigure your appliance.


Update

Returns you to the License Registration page.


Cancel

Back

2 When the software update finishes, do one of the following tasks:

■ Refresh your browser.

■ Close and re-open your browser to ensure that the cached versions ofgraphics redisplay correctly.

3 To continue installation, next you configure the Host.


See the Symantec Messaging Gateway Administration Guide for details onConfiguring Scanners.

Configuring the Control CenterAfter you register your license or after you complete the software update, theAdministrator Settings page appears in the setup wizard.


See “Updating to the latest software during initial setup” on page 27.

Configure the Control Center before you configure any Scanners. If you specifiedthat this appliance is a Control Center and a Scanner, the wizard continues withthe Scanner set up after the Control Center set up finishes.

Installing your applianceConfiguring the Control Center

28

To configure the Control Center

1 On the Administrator Settings page, type an email address for theadministrator.

2 Check Receive Alert Notifications to have Symantec Messaging Gatewaysend alert notifications to this address.

You can set up alert notifications for outbreaks, spam and virus filters,message queues, disk space, SMTP authentication, directories, licenses,software updates, and events. Events include scheduled task, service,hardware, swap space, and UPS issues.

You can add additional administrators ormodify this administrator's settingsin the Control Center later.

3 Click Next.

4 On theTimeSettings page, to verify that the date that appears in theCurrentAppliance Time area is correct, select one of the following options:

The time is correct and you do not want to makechanges. This option is the default setting.

Do not change the time

Youwant tomanually change the time.Type thepropervalues in the Date and Set Time fields.

Set time manually

Youwant to useNTP servers tomanage time. Type theIP address for up to three NTP servers.

Use NTP servers

5 Click Next.

6 On the System Locale page, specify the locale that the appliance should usefor formatting numbers, dates, and times. This setting is the language andregional formatting Symantec Messaging Gateway uses for messages.

7 Select a Quarantine fallback encoding format.

Fallback encoding is the formatting that the product uses for quarantinedmessages if the formatting that you specified in the SystemLocale field fails.

29Installing your applianceConfiguring the Control Center

8 Click Next.

If your appliance has been set up as a Control Center and a Scanner, theScanner Role page appears, and you must define your Scanner role asdescribed in the following topics:

See “Configuring the Scanner for inbound and outbound mail filtering”on page 32.

If you set up your appliance as a Control Center only, the Setup Summarypage lists your selected configuration options.

9 On the Setup Summary page, select any of the following options:

You are satisfied with the settings and do not want tomake changes. This option is the default setting.

Finish

You want to modify your settings.Back

Youwant to end the setupwithout savingyour changes.You cannot use the appliance until you complete thesetup.

Cancel

10 If your Scanner is not on the Control Center, set up a Scanner on a separateappliance. You can do this task through the Control Center.

See “Adding a Scanner through the Control Center” on page 30.

Adding a Scanner through the Control CenterYou must have Full Administration rights or Manage Settings modify rights toadd a Scanner.

Note: None of the settings that you specify throughout the wizard are final untilyou click Finish at the end of the wizard.

To add a Scanner through the Control Center

1 On the Control Center, click Administration > Hosts > Configuration.

2 If this Scanner is the first Scanner that you add, the Add Scanner wizardappears. Otherwise, on the Host Configuration page under Reconfigure aScanner or Control Center host, click Add.

3 On the Add Scanner Wizard page, click Next.

4 On the Scanner Host Settings page, do all of the following:

Installing your applianceAdding a Scanner through the Control Center

30

■ In the Host description box, type a description for the new Scanner.

■ In theHost name or IP address box, type the host name or IP address forthe new Scanner.

5 Click Next.

6 On the License Registration page, click Browse to locate your license file.

7 Select your license file and click Open to return to the License Registrationpage.

8 If your Scanner uses a proxy server for communicationswithSymantec, clickProxy Server.

9 To specify a proxy server, check Use HTTP Proxy and type the server hostname and port.


If registration was successful, the License Registration page returns.

If the license registration fails, perform troubleshooting steps.

See “Troubleshooting license file registration” on page 27.

11 If you have another license file for a different feature, repeat the process forregistering each license.

12 When all the license files are successfully registered, click Next.

If your software needs to be updated, the Software Update page appears. Ifnot, proceed to step 14.

13 On the Software Update page, select any of the following options:

Lets you update your software later.Skip

Updates your softwarenow.After theupdate, the setupwizard returns you to the Time Settings page.

Update

Returns you to the License Registration page.


Cancel

31Installing your applianceAdding a Scanner through the Control Center

14 On theTimeSettingspage, verifywhether the date in theCurrentApplianceTime area is correct. Select one of the following options:

The time is correct and you do not want to makechanges. This option is the default setting.

Do not change the time

Youwant tomanually change the time.Type thepropervalues in the Date and Set Time fields.

Set time manually

Youwant to useNTP servers tomanage time. Click andprovide the IP address for up to three NTP servers.

Use NTP servers

15 To complete the Add Scanner wizard, you must now configure the Scannerbased on its function.

See “Configuring the Scanner for inbound and outbound mail filtering”on page 32.

To configure the Scanner for inbound or outbound filtering only, see theSymantec Messaging Gateway Installation Guide.

Configuring the Scanner for inbound and outboundmail filtering

You can configure the Scanner to perform both inbound mail filtering andoutboundmail filtering. You canuse the sameEthernet interface for both inboundmail filtering and outbound mail filtering. Or you can create a virtual IP addressto use for either inbound or outbound mail filtering.

To configure the Scanner for inbound and outbound mail filtering

1 On the Scanner Role page, click Inbound and Outbound mail filtering thenclick Next.

2 On the Create Optional Virtual IP Address page, select one of the followingoptions:

You want to create a Virtual IP address.Yes

Youdonotwant to create aVirtual IP address. Proceedto step 6.

No

3 Click Next.

Installing your applianceConfiguring the Scanner for inbound and outbound mail filtering

32

4 On the Create Virtual IP Address page, do all of the following tasks:

Click to select the Ethernet interface.Ethernet

Type the IP address for the virtual server.IP address

Type the subnet mask IP address.Subnet mask

Type the network IP address.Network

Type the broadcast IP addressBroadcast

5 Click Next.

6 On the InboundMailFiltering page, click Inboundmail IPaddress to selectthe IP address to use for inbound mail filtering.

7 In the Inbound mail SMTP port field, type the port, and then click Next.

8 On the Inbound Mail Filtering - Accepted Hosts page, to specify the IPaddresses of themail servers fromwhich this Scanner should accept inboundmail, select one of the following options:

Youwant your Scanner to acceptmail fromall sourcesor the Scanner is deployed at the gateway. For aScanner deployed at the Internet gateway, Symantecrecommends that you select this option to acceptmailfrom any MTA on the Internet.

All IP addresses

You want to restrict the domains from which yourScanner acceptsmail. Type IP addresses, CIDR ranges,or domains. If theScanner is deployedbehindupstreammail servers, specify the upstream mail servers.

Specific IP Addresses

9 Click Next.

33Installing your applianceConfiguring the Scanner for inbound and outbound mail filtering

10 On the Local Domains page, check the addresses that you want to acceptinbound mail for in the Local Domains list.

To modify the list, do any of the following tasks:

Type the address into the Domain or email addressfield forwhich to accept inboundmail field, and clickAdd.

For each domain address or email address that youadd, you can also specify whether messages should berouted through a specific host and port. Add thatinformation to the Optionally route to the followingdestination host and Port fields.

To add an address

Check the address to remove and click Delete.To delete an address

Click Import, and then navigate to an existing file.To import a list of addresses

Check Enable MX Lookup. If you enable MX lookup,you must specify a host name, not an IP address.

For example, enable MX lookup if you configuremultiple downstreammail servers anduseMXrecordsfor email load balancing.

To routemessages accordingto the MX record for thespecified host name

11 Click Next.

12 On the Outbound Mail Filtering page, click the drop-down list to select theIP address to use for outbound mail filtering.

13 In the Outbound mail SMTP port field, type the port, and click Next.

14 On the Outbound Mail Filtering - Accepted Hosts page, do one of thefollowing tasks:

■ Specify the internal host to which this Scanner should relay local domainmail after filtering is complete. This server is typically a downstreammailserver, such as your corporate mail server.

■ Check Enable MX Lookup for this host. If you enable MX lookup, specifya host name instead of an IP address.

15 Click Next.

16 On the Mail Filtering - Mail Delivery page, type a host name or IP addressand port to specify how you want to relay local domain filtered mail.

17 Optionally, check Enable MX lookup for this host.


34

18 On the Mail Filtering - Non-local Mail Delivery page, select one of thefollowing options to specify how you want to relay filtered mail:

You want to use MX Lookup to return thehosts for any domain.

Use default MX Lookup

You want to specify a new host. Type ahost name or IP address and port.Symantec recommends that you checkEnable MX lookup for this host if youposition the Scanner at the gateway. Ifyou choose this option, specify a hostname (not an IP address).

Define new host

You want to use an existing host. Select ahost from the drop-down list. If there is aseparate gateway MTA between theScanner and the Internet, provide thatMTA's host name or IP address and port.

Use an existing host

19 Click Next.

20 On the Setup Summary page, review your settings and select one of thefollowing options:

You are satisfied with the settings and want to savethem.

Finish

You want to modify your settings. Go back and reviseyour settings.

Back

Youwant to cancel your changeswithout saving them.Cancel

35Installing your applianceConfiguring the Scanner for inbound and outbound mail filtering


36

Deploying SymantecMessaging Gateway as aVirtual Machine


■ About Symantec Messaging Gateway Virtual Edition

■ System requirements for virtual deployment

■ Deploying an OVF template on an ESX 4.x or ESXi 5/4.x Server

■ Installing from an ISO image or OS restore CD onto a virtual machine on yourESX or ESXi Server

■ Using an OS restore CD on your ESX or ESXi Server to boot your virtualcomputer

■ Using an ISO image on your datastore to boot your virtual computer

■ Using an OS restore CD or ISO image on your local computer to boot yourvirtual computer

About Symantec Messaging Gateway Virtual EditionUse Symantec Messaging Gateway Virtual Edition with VMware to create asimulated computer environment (a virtual computer) onwhich to run SymantecMessaging Gateway. The guest software is a complete operating system thatcontains the Symantec Messaging Gateway Virtual Edition software. It runs in asimilarmanner to the application as installed on a standalone hardware platform.

3Chapter

You can deploy the Symantec Messaging Gateway as a virtual appliance on yourexisting VMware infrastructure in one of the following ways:

■ As an OVF on ESX 4.x and ESXi 5/4.xSee “Deploying an OVF template on an ESX 4.x or ESXi 5/4.x Server”on page 39.

■ As an ISO or OSrestore CDSee “Installing from an ISO image or OS restore CD onto a virtual machine onyour ESX or ESXi Server” on page 41.

The resources that are allocated to SymantecMessaging Gateway Virtual Editionmust meet the minimum requirements.

See “System requirements for virtual deployment” on page 38.

This documentation assumes the following:

■ Your environment has an existing VMware ESX or ESXi Server deployment.

■ You are familiar with administering virtual computers.

■ Your environment meets all pre-requisite system requirements.

For more information about VMware and to download trialware and prerequisiteapplications, see the VMware Web site at www.vmware.com.

System requirements for virtual deploymentTable 3-1 lists the system requirements to deploy Symantec Messaging Gatewayas a guest on VMware ESX Server and VMware ESXi Server. You must install andconfigure one of these servers before you install Symantec Messaging GatewayVirtual Edition.

Note: Symantec Messaging Gateway does not support any version of BusLogicController.

For requirements specific to VMware ESX Server and VMware ESXi Server, referto your VMware documentation.

Table 3-1 Supported Configurations for Symantec Messaging Gateway VirtualEdition

NotesMinimumRecommendedDescription

—Version 4.xVersion 4.1VMware ESXServer

Deploying Symantec Messaging Gateway as a Virtual MachineSystem requirements for virtual deployment

38

http://www.vmware.com

http://www.vmware.com/support/pubs/

Table 3-1 Supported Configurations for Symantec Messaging Gateway VirtualEdition (continued)

NotesMinimumRecommendedDescription

ESXi 5 update 1 is alsosupported.

Version 5.0/4.xVersion 4.1VMware ESXiServer version

For Scanner-only virtualmachines.

90 GBFor moreinformation,consult theSymantecKnowledge Basearticle, DiskSpaceRecommendationsfor SymantecMessagingGateway VirtualEdition.

Disk space

For Control Center–only virtualmachines.

90 GB

For combined Scanner andControlCentervirtualmachines.

90 GB

Aminimumof 4GB is necessaryto run Symantec MessagingGateway and the virtualmachine.

4 GB8 GBMemory

ESX 4.x and ESXi 5/4.x arelimited to two virtual CPUs pervirtual machine. Symantecrecommends allocating up tofour, based on workloaddemands and hardwareconfiguration.

24CPUs

Only onenetwork interface cardis required per virtual machine.

12NICs

See “About Symantec Messaging Gateway Virtual Edition” on page 37.

Deploying anOVF template on anESX4.x or ESXi 5/4.xServer

An OVF template is a virtual machine that includes the software you plan to runon the machine. You can deploy an OVF template that contains SymantecMessaging Gateway Virtual Edition on a VMware ESX Server 4.x or VMware ESXi

39Deploying Symantec Messaging Gateway as a Virtual MachineDeploying an OVF template on an ESX 4.x or ESXi 5/4.x Server

Server 4.x. To deploy the OVF template, use a vSphere or vCenter client on adifferent computer than the computer hosting your ESX or ESXi Server.

You may want to ensure that your guest computer is configured to restart whenthe host computer restarts. Consult your VMware documentation for moreinformation.

Note: If you cannot successfully complete this procedure, you can instead use anOS restore disk.

See “Installing from an ISO image or OS restore CD onto a virtual machine onyour ESX or ESXi Server” on page 41.

To deploy an OVF template on an ESX 4.x or ESXi 5/4.x Server

1 Insert the DVD that contains the OVF template or locate the OVF templateonline.

The OVF template file name is as follows:

Symantec_Messaging_Gateway_10.0.*.ovf

If you accessed the file online, proceed to step 2. If you inserted the DVD,proceed to step 3.

2 If you access the file online, unzip the file.

The OVF template file name is as follows:

Symantec_Messaging_Gateway_10.0.ovf

3 In the File menu, click Deploy OVF template.

4 On the Source page, click Deploy from file.

5 Select the file. If necessary, click Browse to find the file.

6 Click Next.

7 On the OVF Template Details page, click Next.

8 On the Name and Location page, enter the name for your deployment andclick Next.

9 On the Ready to Complete page, click Finish.

Deploying the OVF may take a few minutes.

When complete, the new computer appears in your inventory.

10 After deployment is complete, access the new virtual computer from yourclient. The standard Symantec Messaging Gateway boot sequence begins.

Deploying Symantec Messaging Gateway as a Virtual MachineDeploying an OVF template on an ESX 4.x or ESXi 5/4.x Server

40

Installing from an ISO image or OS restore CD onto avirtual machine on your ESX or ESXi Server

Youcanconfigure avirtualmachineanddeployan instanceofSymantecMessagingGateway from an OS restore CD or an ISO image. You can perform this task on acomputer that runs ESX 4.x or ESXi 5/4.x, but you must install either server first.

Use only ASCII characters in the entry fields when you create a virtual computerwith the management interface. The virtual computer's display name and pathcannot contain non-ASCII characters. Do not use spaces when you create filenames and directories for virtual computers.

You may want to ensure that your guest computer is configured to restart whenthe host computer restarts. Consult your VMware documentation for moreinformation.

Note: By default, ESXi uses DHCP and does not use a root password. If you useESXi, Symantec recommends that you modify the ESXi settings to create a rootpassword and assign a static IP address before installation.


To install from an ISO image or OS restore CD onto a virtual machine on your ESX4.x or ESXi 5/4.x Server

1 Click on the ESX or ESXi Server on which you want to place your virtualmachine.

2 On the File menu, click New, then click Virtual Machine.

3 Select the Typical option and click Next.

4 Type a descriptive name for the virtual computer and click Next.

5 Select a data store option. This setting is where your virtual computer islocated on the physical disk. Make this selection based on your particularstorage configuration. Options can vary. Click Next.

6 Select the virtual machine version.

If you use ESX 4.x, select Virtual Machine version 7.

7 For theOS, clickLinux as the guest operating systemandRedHatEnterpriseLinux 5 (32-bit) as the version, and then click Next.

41Deploying Symantec Messaging Gateway as a Virtual MachineInstalling from an ISO image or OS restore CD onto a virtual machine on your ESX or ESXi Server

8 Reserve the necessary quantity of disk space, and then click Next.

See “System requirements for virtual deployment” on page 38.

More disk space may be required based on your deployment.

After you reserve disk space and complete deployment, any changes to diskspace require that you repeat the OS restore process.

9 Select the LSI SAS SCSI device.

10 On the Ready to Complete page, check Edit the virtual machine settingsbefore submitting and click Continue.

11 Click Memory at the left. Reserve the system memory based on yourdeployment needs, and then click Next.

Aminimumof 4GB is necessary to runSymantecMessagingGatewayVirtualEdition and the virtual computer. Symantec recommends that youuse at least8 GB.

12 Click CPU at the left. Select the number of virtual CPUs, and then click Next.

ESX 4.x and ESXi 4.x are limited to two virtual CPUs per virtual computer.Symantec recommends allocating a minimum of two virtual processors.

13 If youwant a secondnetwork interface, click theAddbutton at the top, choosethe Ethernet Adapter, click Next, click Next again, and click Finish.

14 Click Finish.

15 Continue the deployment to bootstrap your virtual appliance.

See “Using an OS restore CD on your ESX or ESXi Server to boot your virtualcomputer” on page 42.

See “Using an ISO image on your datastore to boot your virtual computer”on page 43.

See “Using an OS restore CD or ISO image on your local computer to bootyour virtual computer” on page 44.

Using an OS restore CD on your ESX or ESXi Server toboot your virtual computer

After you configure a virtual computer on ESX Server or ESXi Server, you can usean OS restore CD or ISO image as your bootstrap media.


Deploying Symantec Messaging Gateway as a Virtual MachineUsing an OS restore CD on your ESX or ESXi Server to boot your virtual computer

42

To use an OS restore CD on your ESX or ESXi Server to boot your virtual computer

1 Insert the OS restore disk into your ESX or ESXi Server's CD drive.

2 Click Edit virtual machine settings.

3 On the Hardware tab, select CD/DVD Drive 1.

4 Choose Host Device and choose CD.

5 Check Connect at power on and click OK.

6 Click the power on virtual machine icon.

The virtual machine now reboots from the CD drive.

7 Click the Disconnect CD/DVD button and remove the disk from your driveto prevent the system from performing another OS restore.

Symantec recommends that you disconnect your boot media immediatelyafter the initial boot process to avoid a future accidental OS restore.

8 Once the installation process is complete, turn off the computer through theclient and edit your computer settings.


10 Uncheck Connect at power on and click OK.

11 Restart your computer to begin the Symantec Messaging Gateway bootsequence.

Using an ISO image on your datastore to boot yourvirtual computer

After you configure a virtual computer on ESX Server or ESXi Server, you can usean ISO image on your datastore as your bootstrap media.


To use an ISO image on your datastore to boot your virtual computer

1 On the Hardware tab, select New CD/DVD and check Datastore ISO file asthe Device Type.

2 ClickBrowse and select the ISO file on your datastore. If you have not alreadyadded the ISO image to your datastore, refer to your VMware documentationfor the procedure.

3 Check Connect at Power on, then click Finish. The new virtual computerappears in the inventory.

43Deploying Symantec Messaging Gateway as a Virtual MachineUsing an ISO image on your datastore to boot your virtual computer

4 Turnonyournewcomputer and access your console. The boot process begins.

5 If the console prompts you to partition your SDA device, click your mouseon the console window, and then press the Enter key for Yes.

6 Once the installation process is complete, turn off the computer through theclient and edit your computer settings.


8 Uncheck Connect at power on and click OK.

9 Restart your computer to begin the Symantec Messaging Gateway bootsequence.

Using an OS restore CD or ISO image on your localcomputer to boot your virtual computer

After you configure a virtual computer on an ESX Server or ESXi Server, use anOS restore CD or ISO image on your local computer as your bootstrap media.


To use an OS restore CD or ISO image on your local computer to boot your virtualcomputer

1 Insert the OS restore CD into the drive on your local computer, or copy theISO image onto your local hard drive.

2 Click Edit virtual machine settings.

3 On the Hardware tab, select New CD/DVD and make sure Client Device isselected as the Device Type.

4 On the Options tab, select Boot Options and set the Force BIOS Setup.

5 Click OK. The new virtual computer appears in the inventory.

6 Click on the new virtual computer in the inventory, then click the consoleicon.

7 Click the power on virtual machine icon.

Deploying Symantec Messaging Gateway as a Virtual MachineUsing an OS restore CD or ISO image on your local computer to boot your virtual computer

44

8 If you are using in ISO image. click Connect CD/DVD > Use ISO image, andbrowse to your ISO image. If you are using anOS restore CD, choose the letterof your computer's CD/DVD drive.

The boot process begins.

9 Once the installation process is complete, the Symantec Messaging Gatewayboot sequence begins.

If the Symantec Messaging Gateway boot sequence does not begin, turn offthe computer through the client, click Disconnect CD/DVD device todisconnect your ISO image, then restart your computer.

45Deploying Symantec Messaging Gateway as a Virtual MachineUsing an OS restore CD or ISO image on your local computer to boot your virtual computer

Deploying Symantec Messaging Gateway as a Virtual MachineUsing an OS restore CD or ISO image on your local computer to boot your virtual computer

46

Symantec Messaging Gateway10.0GettingStarted …€™s primary role is to respond to specific...

Documents

Transcript of Symantec Messaging Gateway10.0GettingStarted …€™s primary role is to respond to specific...