Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

Similar documents
Installation Guide McAfee Firewall Enterprise (Sidewinder ) on Riverbed Services Platform

Product Guide. McAfee Plugins for Microsoft Threat Management Gateway Software

McAfee SiteAdvisor Enterprise 3.5.0

Firewall Enterprise epolicy Orchestrator

McAfee Firewall Enterprise epolicy Orchestrator Extension

Release Notes for McAfee(R) Security for Microsoft Exchange(TM) Version 8.0 Copyright (C) 2013 McAfee, Inc. All Rights Reserved

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

Boot Attestation Service 3.0.0

McAfee Host Intrusion Prevention 8.0

Release Notes - McAfee Deep Defender 1.0

McAfee Boot Attestation Service 3.5.0

Release Notes for McAfee(R) Security for Lotus Domino(TM) Version 7.5 with Patch 2 Hotfix Copyright (C) 2013 McAfee, Inc. All Rights Reserved

McAfee Endpoint Security

McAfee. Deployment and User Guide. epo 4 / Endpoint Encryption

Installation Guide. McAfee epolicy Orchestrator software D R A F T

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Addendum. McAfee Virtual Advanced Threat Defense

Total Protection Service

McAfee Data Protection for Cloud 1.0.1

McAfee epo Deep Command 1.0.0

Best Practices Guide. Amazon OpsWorks and Data Center Connector for AWS

McAfee epolicy Orchestrator 4.5 Hardware Sizing and Bandwidth Usage Guide

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager

========================================================== Release date: December 03, This release was developed and tested with:

McAfee Change Control Using Change Reconciliation and Ticket-based Enforcement

McAfee Network Security Platform 8.3

McAfee Cloud Identity Manager

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

McAfee epolicy Orchestrator Software

Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

McAfee Cloud Identity Manager

Release Notes for McAfee(R) VirusScan Enterprise for Linux Version Hotfix Copyright (C) 2013 McAfee, Inc. All Rights Reserved

McAfee Cloud Identity Manager

Installation Guide. McAfee Web Gateway Cloud Service

McAfee File and Removable Media Protection 6.0.0

McAfee Network Security Platform 8.1

ACE Live on RSP: Installation Instructions

Installation Guide. McAfee epolicy Orchestrator Software. Draft for Beta

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

Product Guide Revision A. McAfee Client Proxy 2.3.2

Product Guide. McAfee GetClean. version 2.0

Installation Guide. McAfee Enterprise Mobility Management 10.1

McAfee epolicy Orchestrator 4.5 Reporting Guide

McAfee Cloud Identity Manager

McAfee Enterprise Mobility Management 12.0 Software

Product Guide. McAfee Web Gateway Cloud Service

Product Guide Revision A. Intel Security Controller 1.2

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Change Control and McAfee Application Control 8.0.0

Product Guide. McAfee Web Gateway Cloud Service

McAfee MVISION Endpoint 1811 Installation Guide

McAfee Solidcore Platform Support Matrix Version (Nov 16, 2011)

Product Guide. McAfee GetSusp

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

Support Visit mysupport.mcafee.com to find product documentation, announcements, and support.

McAfee MVISION Endpoint 1808 Installation Guide

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Installation Guide

McAfee Network Security Platform

McAfee Network Security Platform 9.1

McAfee Network Security Platform 8.3

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee Management of Native Encryption 3.0.0

Data Loss Prevention Discover 11.0

McAfee Client Proxy Product Guide

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Firewall Enterprise and 8.3.x

McAfee Change Control and McAfee Application Control 6.1.4

CYAN SECURE WEB Installing on Windows

McAfee Content Security Reporter 2.6.x Migration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Cloud Identity Manager

Migration Guide. McAfee Content Security Reporter 2.4.0

Hardware Guide. McAfee MVM3200 Appliance

Product Guide. McAfee SiteAdvisor Enterprise 3.5 Patch2

McAfee Active Response 2.0.0

Scripting Guide. McAfee Drive Encryption 7.2.0

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee File and Removable Media Protection Installation Guide

Cloud Workload Discovery 4.5.1

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

Product Guide. McAfee Content Security Reporter 2.4.0

McAfee Rogue System Detection 5.0.0

Product Guide Revision A. Endpoint Intelligence Agent 2.2.0

Installation and Configuration Guide

Installation and Configuration Guide

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Microsoft Intune Integration Guide

Transcription:

Installation Guide McAfee Web Gateway for Riverbed Services Platform

COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Web Gateway Installation Guide for Riverbed Services Platform

Contents Preface 5 About this guide.................................. 5 Audience.................................. 5 Conventions................................. 5 What's in this guide.............................. 6 Finding product documentation............................ 6 1 Introduction 7 About McAfee Web Gateway on Riverbed Services Platform................. 7 McAfee Web Gateway overview............................ 7 RSP overview................................... 8 Requirements................................... 9 Deployment scenario................................ 9 2 McAfee Web Gateway Installation 11 About installation................................. 11 Download the McAfee Web Gateway package...................... 11 Add the package to RSP............................... 12 Install the package in a slot on RSP.......................... 12 Configure the RSP data flow............................. 12 3 Setup and Configuration 15 Set up the Web Gateway.............................. 15 Turn on McAfee Web Gateway.......................... 16 Perform initial configuration.......................... 17 Log on to the McAfee Web Gateway user interface................. 17 Configure a web security policy......................... 18 Import and activate a license.......................... 18 Post-setup tasks.................................. 18 Index 19 McAfee Web Gateway Installation Guide for Riverbed Services Platform 3

Preface Contents About this guide Finding product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Conventions This guide uses the following typographical conventions and icons. Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis. Bold User input or Path Code Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program. A code sample. User interface Hypertext blue Words in the user interface including options, menus, buttons, and dialog boxes. A live link to a topic or to a website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee Web Gateway Installation Guide for Riverbed Services Platform 5

Preface Finding product documentation What's in this guide This guide is organized to help you find the information you need. This guide is intended for network and security administrators who have responsibility for installing Web Gateway. The guide assumes you are familiar with: Internet and its associated terms and applications Network and network terminology, including TCP/IP protocols Riverbed Steelhead appliances System administration UNIX and Microsoft Windows operating system Finding product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access... User documentation Do this... 1 Click Product Documentation. 2 Select a Product, then select a Version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. 6 McAfee Web Gateway Installation Guide for Riverbed Services Platform

1 1 Introduction Run McAfee Web Gateway on Riverbed Services Platform to provide localized security at branch offices of your organization without the need for additional hardware. Contents About McAfee Web Gateway on Riverbed Services Platform McAfee Web Gateway overview RSP overview Requirements Deployment scenario About McAfee Web Gateway on Riverbed Services Platform McAfee Web Gateway provides comprehensive web security that can run as a virtual machine. McAfee Web Gateway consolidates key security applications, such as anti-virus, anti-malware, web cache, and URL filtering, into a single solution. Riverbed Services Platform (RSP) runs virtualized services on Riverbed Steelhead WAN optimization appliances. McAfee Web Gateway on RSP is a single-source, in-band package that passes data through the gateway to and from branch office locations. This allows administrators to provide local web security at branch offices without deploying additional hardware. McAfee Web Gateway overview McAfee Web Gateway is a web security product that provides filtering and policy management to defend against blended threats to your network. The gateway protects your network against threats from the web, such as viruses and other malware, inappropriate content, data leaks, and related issues. You can also use the gateway to ensure regulatory compliance and a productive work environment. The gateway connects your network to the web and implements web security rules by filtering the web requests, responses, and any embedded objects in the traffic that is sent to the web (requests) and sent from the web (responses). McAfee Web Gateway Installation Guide for Riverbed Services Platform 7

1 Introduction RSP overview Features McAfee Web Gateway on RSP provides the following functions: AAA proxy functionality for: HTTP, HTTPS, FTP, Instant Messaging Additional proxies for SOCKS, RTSP, MMS User-based policy SSL content inspection Global Threat Intelligence-enabled web filtering Global reputation-based filtering Geolocation-based filtering Malware scanning Comprehensive, customizable application control within web applications Limitations on RSP When deployed on RSP, McAfee Web Gateway has the following limitations: Tested to support a maximum of 500 users Does not support: Hardware accelerator cards High availability Transparent bridge mode Transparent router mode RSP overview RSP consolidates virtualized services on a single Riverbed Steelhead appliance. RSP provides the following benefits: VMware-based virtualization Up to five virtualized services (packages) for each Riverbed Steelhead appliance Support for various service types: In-band The service is positioned in the optimized data path. Out-of-band The service is positioned separately from the optimized data path and provides infrastructure for the remote network. For more information about RSP, see the RSP User Guide at http://support.riverbed.com. 8 McAfee Web Gateway Installation Guide for Riverbed Services Platform

Introduction Requirements 1 Requirements McAfee Web Gateway runs on Riverbed Steelhead appliances that meet the following requirements: Riverbed Steelhead appliance with 64-bit processor Riverbed Optimization System (RiOS) version 6.0 or later RSP version 6.0 or later, installed and licensed Available RSP slot 35 GB of free disk space 2 GB of free memory Deployment scenario McAfee recommends the following deployment scenario. In this scenario, the gateway is deployed in-band between RiOS and the Riverbed Steelhead appliance WAN interface. As a result, network traffic passes through the Riverbed Steelhead appliance and the gateway. In the data center, the gateway is deployed independently from the Riverbed Steelhead appliance. Additional configurations are available, but not tested. Figure 1-1 In-band deployment This deployment offers the following advantages: McAfee Web Gateway Installation Guide for Riverbed Services Platform 9

1 Introduction Deployment scenario A full next generation web security gateway, including: Global Threat Intelligence-empowered URL filtering Malware protection SSL Scanning URL filtering Virus protection Full Microsoft Active Directory integration for authentication and flexible policy control All of these running on the Riverbed Steelhead appliance Figure 1-2 In-band protection for the data center and branch office How the network traffic is processed is determined by its destination. The table shows how traffic destined for a remote LAN is processed compared to traffic destined for the Internet. Table 1-1 Traffic processing based on destination Traffic destination Processing Remote LAN 1 McAfee Web Gateway is configured as the proxy for web browsers and will proxy web traffic in general based on its policy, which can include destinations in the remote LAN. 2 RiOS determines that the destination is behind another Riverbed Steelhead appliance and optimizes traffic. Internet 1 When the traffic reaches McAfee Web Gateway, the traffic is filtered and continues to the Internet only if the security policy allows it. 2 RiOS determines that the destination is not behind another Riverbed Steelhead appliance and does not optimize the traffic. 10 McAfee Web Gateway Installation Guide for Riverbed Services Platform

2 2 McAfee Web Gateway Installation Installing McAfee Web Gateway on RSP includes downloading the package, adding and installing the package, and configuring the data flow. Contents About installation Download the McAfee Web Gateway package Add the package to RSP Install the package in a slot on RSP Configure the RSP data flow About installation During installation and configuration, network connectivity to the Internet and remote LANs will be interrupted. McAfee recommends that you schedule downtime to install and configure the gateway. Download the McAfee Web Gateway package After you purchase McAfee Web Gateway for RSP, a grant letter was emailed to you containing download, activation, and support information. Complete the following task from the computer you are using to administer the Riverbed Steelhead appliance. Task 1 Go to the McAfee Web Gateway extranet and log on using the information provided in your grant letter. 2 Go to Software McAfee Web Gateway 7.x Download. 3 Scroll down to McAfee Web Gateway on Riverbed Steelhead and download the McAfee Web Gateway for RSP pkg. McAfee Web Gateway Installation Guide for Riverbed Services Platform 11

2 McAfee Web Gateway Installation Add the package to RSP Add the package to RSP Add the McAfee Web Gateway package to RSP before installing the package. Task 1 Using a web browser, connect to the Management Console of the Riverbed Steelhead appliance. 2 Select Configure Branch Services RSP Packages. The RSP Packages window appears. 3 Click Add a Package. The Fetch a Package view appears. 4 In the Name field, specify a descriptive name for the package, such as Web_Gateway. 5 Select From Local File, then click Browse and select the McAfee Web Gateway package in the folder you extracted. 6 Click Add Package. The McAfee Web Gateway package uploads to the Riverbed Steelhead appliance. Install the package in a slot on RSP When you install McAfee Web Gateway, you install it into a slot on the RSP. Task 1 Click an empty slot number. The slot details appear. 2 In the Slot Name field, specify a descriptive name for the slot, such as Web Gateway. 3 From the Package drop-down list, select the McAfee Web Gateway package. 4 Click Update Slot to install McAfee Web Gateway. This might take a few minutes. When installation is complete, package details appear for the slot. 5 Save the changes. Configure the RSP data flow After McAfee Web Gateway is installed on RSP, you need to configure the Virtual Network Interface (VNI). The RSP data flow determines where the gateway is position in the optimized data path. To deploy the gateway as an in-band LAN package, add a McAfee Web Gateway VNI to the data flow in a specific order. Adding the VNI creates a default VNI rule to redirect all traffic to the McAfee Web Gateway slot. Do not modify the default VNI rule. 12 McAfee Web Gateway Installation Guide for Riverbed Services Platform

McAfee Web Gateway Installation Configure the RSP data flow 2 Task 1 Select Configure Branch Services RSP Data Flow. The RSP Data Flow window appears. 2 Configure a VNI for the McAfee Web Gateway LAN interface. a b c d e Click Add a VNI. From the Interface drop-down list, select slot:mcafee2, where slot is the name of the McAfee Web Gateway slot. From the Data Flow Position drop-down list, select Start. Click Add. Confirm the data flow configuration appears as: 3 Select the McAfee2 VNI and verify that L2switch is enabled. 4 Save the changes. McAfee Web Gateway Installation Guide for Riverbed Services Platform 13

3 3 Setup and Configuration After installing McAfee Web Gateway on RSP, log on to the McAfee Web Gateway user interface and complete setup and configuration. Contents Set up the Web Gateway Post-setup tasks Set up the Web Gateway Complete configuring the McAfee Web Gateway by setting up a web security policy and activate a license. Tasks Turn on McAfee Web Gateway on page 16 Use the Riverbed Steelhead Management Console to turn on McAfee Web Gateway. Perform initial configuration on page 17 After opening McAfee Web Gateway on the RSP, you can complete necessary configuration steps. Log on to the McAfee Web Gateway user interface on page 17 Open the McAfee Web Gateway user interface to complete configuration. Configure a web security policy on page 18 The first time you log on to the McAfee Web Gateway user interface, a policy creation wizard appears. Import and activate a license on page 18 After the initial logon and web security policy configuration, you must import a license. McAfee Web Gateway Installation Guide for Riverbed Services Platform 15

3 Setup and Configuration Set up the Web Gateway Turn on McAfee Web Gateway Use the Riverbed Steelhead Management Console to turn on McAfee Web Gateway. Task 1 Enable the McAfee Web Gateway slot. a Select Configure Branch Services RSP Packages. b c Click the slot that contains McAfee Web Gateway. The slot details appear. Click Enable Slot. A message appears indicating that the slot is enabled and the gateway boots. 2 Connect to the McAfee Web Gateway console for configuration. a b Click the slot that contains McAfee Web Gateway. The slot details appear. Click Launch VM Console. The VMware Infrastructure Web Access window appears in a new browser tab or window. If a certificate warning appears, accept the certificate to proceed. c In the VMware Infrastructure Web Access window, specify the Riverbed Steelhead credentials, then click Log In. If a message appears indicating the VMware Remote Console plug-in is not found, follow the on-screen instructions to install it. d Select Virtual Machine Open in a New window. The VMware Remote Console window appears. 16 McAfee Web Gateway Installation Guide for Riverbed Services Platform

Setup and Configuration Set up the Web Gateway 3 Perform initial configuration After opening McAfee Web Gateway on the RSP, you can complete necessary configuration steps. Task 1 Click inside the VMware Remote Console window, then press Enter. 2 Use the wizard to configure the following: Primary network interface IP address (entered manually or configured dynamically by DHCP) Host name DNS server 3 Review and confirm the summary that is displayed after configuring the host name. 4 Configure the root password. 5 Configure the remote logon with SSH. The initial configuration is completed and the IP address is displayed. Log on to the McAfee Web Gateway user interface Open the McAfee Web Gateway user interface to complete configuration. Task 1 Open a web browser and go to http://<ipaddress>:4711 or https://<ipaddress>:4712, where <ipaddress> is the address you configured during initial setup. If you log on using HTTPS, accept the self-signed certificate that appears. 2 Log on to the user interface using the following credentials: User name: admin Password: webgateway The first time you log on to the McAfee Web Gateway user interface, you are prompted to create a web security policy. McAfee Web Gateway Installation Guide for Riverbed Services Platform 17

3 Setup and Configuration Post-setup tasks Configure a web security policy The first time you log on to the McAfee Web Gateway user interface, a policy creation wizard appears. Using the wizard, do one of the following: Configure your own policy Select values for organization, location, and a basic level of permission or restriction and click OK to complete. Select Default to use the default web security policy. Import and activate a license After the initial logon and web security policy configuration, you must import a license. Task 1 In the McAfee Web Gateway user interface, go to Configuration Appliances and select License. 2 On the Import License window, click end user license agreement and select the checkbox. The License File field and Browse button are enabled. 3 Click Browse and browse through to the location where your license file is stored. 4 Select the file and click Activate. The license is imported and license information appears. After importing a license, virus signatures and other important information is updated automatically. This can take several minutes. During the automatic update, you might see an error message stating that modules cannot be loaded. The update needs to complete and then modules are loaded. The user interface becomes available after the update is complete. Post-setup tasks After setting up and completing initial configuration tasks, you can complete additional tasks to customize your McAfee Web Gateway on RSP. Consider these additional configuration tasks: Configure additional rules and rule sets to customize web filtering. Configure accounts for additional administrators. For information about managing McAfee Web Gateway or additional tasks, see the McAfee Web Gateway Product Guide at http://mysupport.mcafee.com. 18 McAfee Web Gateway Installation Guide for Riverbed Services Platform

Index A about this guide 5 activate license 18 B branch services 16 C configuration after 18 scenario 9 conventions and icons used in this guide 5 D deployment 9 documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 download 11 E end user license agreement 18 F features 7 G grant letter 11 I import license 18 in-band deployment scenario 9 installation about 11 IP addresses user interface 17 L M management console 16 McAfee ServicePortal, accessing 6 O out-of-band 8 P package add to RSP 12 download 11 R requirements 9 RSP about 7 benefits of 8 deployment 9 packages 12 requirements 9 with Web Gateway 7 RSP packages 16 S scenario 9 ServicePortal, finding product documentation 6 setup overview 15 post 18 slot enable 16 system requirements 9 T Technical Support, finding product information 6 U user interface IP addresses 17 Web Gateway 17 license 18 limitations 7 McAfee Web Gateway Installation Guide for Riverbed Services Platform 19

Index V virtual machine launch 16 VM console launch 16 W Web Gateway about 7 Web Gateway (continued) on RSP 7 package 11, 12 requirements 9 user interface 17 web security policy 18 what's in this guide 6 wizard web security policy 18 20 McAfee Web Gateway Installation Guide for Riverbed Services Platform

700-2728A-00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback