SonicWALL Security 6.2 Appliance

Similar documents
SonicWALL Security Software

SonicWALL Security Software

Dell SonicWALL Security 8.1.1

For example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.

SonicWall Security 9.0.6

SonicWall Security 9.0.5

SonicWALL Security 6.0 Software

Dell SonicWALL Security 8.2. Administration Guide

Using Centralized Security Reporting

SonicOS Release Notes

Ciphermail Webmail Messenger Administration Guide

McAfee Gateway Appliance Patch 7.5.3

provides several new features and enhancements, and resolves several issues reported by WatchGuard customers.

Enabling and Activating Anti-Spam

Managing SonicWall Gateway Anti Virus Service

Platform Compatibility... 1 Enhancements... 2 Known Issues... 3 Upgrading SonicOS Enhanced Image Procedures... 3 Related Technical Documentation...

Appliance Installation Guide

Performance Objects and Counters for the System

Anti-Spoofing. Inbound SPF Settings

Office 365 Standalone Security

SonicWall Security

Configuring the SMA 500v Virtual Appliance

SonicOS Standard Release Notes SonicWALL, Inc. Software Release: June 4, 2009

Using Diagnostic Tools

FileCruiser. Administrator Portal Guide

SonicOS Standard Release Notes SonicWALL Secure Anti-Virus Router 80 Series SonicWALL, Inc. Software Release: March 15, 2007

Version SurfControl RiskFilter - Administrator's Guide

PineApp Mail Secure 5.1 User Manual

SysGauge SYSTEM MONITOR. User Manual. Version 3.8. Oct Flexense Ltd.

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

Technical Note. FortiMail Best Practices Version 3.0 MR4.

Release Notes. Dell SonicWALL SRA Release Notes

PROMISE ARRAY MANAGEMENT ( PAM) USER MANUAL

SonicWALL / Toshiba General Installation Guide

Managing Spam. To access the spam settings in admin panel: 1. Login to the admin panel by entering valid login credentials.

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

WeCloud Security. Administrator's Guide

Release Notes. Dell SonicWALL SRA Release Notes

Comodo Dome Antispam Software Version 6.0

Stealthwatch System Version 6.10.x to Update Guide

SonicOS Enhanced Release Notes SonicWALL, Inc. Software Release: February 8, 2007

Configuring Gmail (G Suite) with Cisco Cloud Security

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4

High Availability on the SonicWALL TZ 210

Avaya Aura TM System Platform R6.0 Release Notes Issue 2.0

========================================================================= Symantec Messaging Gateway (formerly Symantec Brightmail Gateway) version

Dell EMC ME4 Series Storage Systems. Release Notes

Configure Beta ESA to Accept Production ESA Traffic

Mail Assure Quick Start Guide

MX Control Console. Administrative User Manual

SonicWall Web Application Firewall 2.0. AWS Deployment Guide

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

Mail Assure. Quick Start Guide

vrealize Operations Management Pack for NSX for Multi-Hypervisor

Appliance Upgrade Guide

Stealthwatch System Version Update Guide

AVAYA Avaya Aura System Platform Service Pack R6.2.1 Release Notes Issue 1.3

Release Notes Dell SonicWALL SRA Contents Platform Compatibility Licensing on the SRA Appliances and Virtual Appliance

Spam Quarantine. Overview of the Spam Quarantine. This chapter contains the following sections:

System Performance Objects and Counters

SonicOS Enhanced Release Notes

SonicOS Release Notes

Upgrade Guide. Platform Compatibility. Dell SonicWALL Aventail E-Class SRA 10.7 Upgrade Guide. Secure Remote Access

Symptom Condition / Workaround Issue Full domain name is not resolved by the RDP- ActiveX Client.

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Sophos Virtual Appliance. setup guide

Tracking Messages. Message Tracking Overview. Enabling Message Tracking. This chapter contains the following sections:

Setting up Microsoft Office 365

Troubleshooting IMAP Clients and ViewMail for Outlook

SonicWALL SSL VPN 2.5 Early Field Trial

Introduction. Logging in. WebMail User Guide

How does the Excalibur Technology SPAM & Virus Protection System work?

Comodo Dome Antispam Software Version 6.0

Configuring Access Rules

Web Self Service Administrator Guide. Version 1.1.2

USER GUIDE. Accessing the User Interface. Login Page Resetting your Password. Logging In

Contents. Platform Compatibility. New Features. Secure Remote Access SonicWALL SSL VPN 2.5 Early Field Trial (EFT) for SSL-VPN 200

Franzes Francisco Manila IBM Domino Server Crash and Messaging

Avaya Aura TM System Platform R6.0.1 Service Pack Release Notes Issue 1.4

SRA Virtual Appliance Getting Started Guide

Integrate Cisco IronPort Security Appliance (ESA)

Viewing Capture ATP Status

Set Up Cisco ISE in a Distributed Environment

IBM FlashSystem 720 & FlashSystem 820 Remote Support Overview

Centralized Policy, Virus, and Outbreak Quarantines

Bomgar Appliance Upgrade Guide

Configuring Cisco TelePresence Manager

Symantec ST Symantec Messaging Gateway Download Full Version :

Cisco Encryption

PowerLink Host Data Manager User Guide

Migrating from IBM Lotus Domino to Zimbra Collaboration Suite

Upgrading Software and Firmware

Zimbra Collaboration Suite Virtual Appliance VMware Installation

AccessEnforcer Version 4.0 Features List

Log & Event Manager UPGRADE GUIDE. Version Last Updated: Thursday, May 25, 2017

Workshare Protect Server 3.9 on Microsoft Azure. Admin Guide

PROMISE ARRAY MANAGEMENT ( PAM) FOR FastTrak S150 TX2plus, S150 TX4 and TX4000. User Manual. Version 1.3

Symptom Condition / Workaround Issue No validation is provided for name and IP address fields when creating bookmarks.

M1000, M2000, M3000. eprism Installation Guide

Enforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide

Transcription:

Email Security SonicWALL Email Security 6.2 Appliance System Compatibility SonicWALL Email Security 6.2 is supported on the following SonicWALL Email Security appliances: SonicWALL Email Security 200 SonicWALL Email Security 300 SonicWALL Email Security 400 SonicWALL Email Security 500 SonicWALL Email Security 6000 SonicWALL Email Security 8000 Enhancements The following is a list of enhancements made to features in the SonicWALL Email Security 6.2 Appliance release: BATV To reduce the number of false bounce messages (NDRs), you can now enable Bounce Address Tag Validation on your outbound messages. This feature is described in the New Features section of this document and in the Administrator s Guide. Performance Monitoring Performance Monitoring allows you to see a visual representation of performance metrics on your SonicWALL Email Security system. This feature is described in the New Features section of this document and in the Administrator s Guide. Enhanced Licensing MySonicWALL has updated product licensing, including per-user licenses and stackable licenses. For more information on the new licensing model, see the technote New Licensing Model for Email Security.

Known Issues The following is a list of known issues in the SonicWALL Email Security 6.2 release: Operation 65089: Symptom: After a reboot, the Email Security Appliance may not properly re-synchronize with the Network Time Protocol server. Using the SonicWALL command-line interface to turn the appliance s NTP connection off and then on again resets the time properly. To ameliorate the issue, be sure you always allow the appliance to power-off gracefully. Condition: Occurs on restart of an ESA, if the ESA is not able to immediately connect to the NTP server. 49468: Symptom: When attempting to view or ununk a very large message in the junkbox, users may see the error Sorry, but there was an error. Please click the close button and try again. If you continue to experience problems, contact SonicWALL Support. Condition: Occurs when a user or administrator attempts to view or unjunk a very large message (over 66 MB). Power-down Procedure Your SonicWALL Email Security Appliance will perform better if you follow the shutdown procedures when you need to power-down. To shut down your appliance, use the web interface, or press the power button on the front of the appliance once. Holding down the power button or unplugging your appliance does not give it time to write all the data in volatile memory to stable memory, and you may lose settings or data. 2

Resolved Known Issues The following is a list of resolved known issues in the SonicWALL Email Security 6.2.2 release: 69674: Symptom: Customers who have upgraded all their remote analyzers to 6.2 and licensed them as a cluster on MySonicWALL.com may have experienced licensing problems. Resolution: Fixed the license associations so customers do not experience licensing problems. The following is a list of resolved known issues in the SonicWALL Email Security 6.2 release: 66412: Symptom: Vulnerability scanners reported that unauthorized access was possible through the RemoteBindAddress. Resolution: Changed the SonicWALL version of Firebird to only accept connections from the localhost. 65319: Symptom: Some French-language emails were being wrongly identified. Resolution: Improved the language detection by character sets. 64564: Symptom: SonicWALL Email Security returned an SPF fail result if a message had an unknown macro. Messages with a fail result were put in the junk box. Resolution: Changed the SPF handling to return a neutral result, which will result in fewer false positives. 48198: Symptom: An earlier version of Apache Tomcat had a vulnerability in the web connector. Resolution: The version of Tomcat distributed with SonicWALL Email Security has been upgraded. 66600: Symptom: When users upgraded to 6.1 or 6.1.1, they sometimes had to rebuild their reporting database and therefore lost some historical reporting data. Resolution: Updated the connection method for the new versions of the software. The following is a list of resolved known issues in the SonicWALL Email Security 6.1.1 release: 65949: Symptom: Unable to log in to the SonicWALL Email Security management interface, and unable to ping the LAN IP address of the SonicWALL Email Security appliance. Condition: After upgrading to the SonicWALL Email Security 6.1.0 release, IP address and hostname for the appliance are not retained. 3

New Features The following new features have been added to version 6.2. This section contains the technical notes written to introduce the features. BATV SonicWALL has added an option to use Bounce Address Tag Validation (BATV) to reduce the number bounce messages received by users (such as non-delivery receipts (NDR) and delivery status notification (DSN) messages.). Bounce Address Tag Validation SonicWALL Email Security has added support for Bounce Address Tag Validation (BATV). BATV adds a stamp to the envelope of all outbound mail. If the mail is bounced and does not reach a recipient, the stamp alerts the inbound mail processor that this email originated within your organization. False bounce messages, which will not have the stamp, will not be passed through the inbound mail processor. To use BATV, SonicWALL Email Security must touch all outbound mail. For maximum efficiency of processing inbound bounces, SonicWALL Email Security should be your first-touch inbound mail processor. SonicWALL Email Security will read the bounce message envelope, determine whether or not it is legitimate, and only download and pass through legitimate messages. The added BATV tag is removed before the email is passed to the users. BATV is not enabled by default. Although BATV is a powerful tool to eliminate false bounce messages, some configurations on other mail servers may cause the BATV system to reject legitimate bounce messages. The user who sent out the message would not know it did not reach the intended recipient. Reasons for false positives might include: LDAP upstream of SonicWALL Email Security Null reverse paths instead of From fields Divergent SonicWALL Email Security configuration Incorrect or altered reverse mail paths Users might also get false negatives where they get false bounce messages even though they did not send the originals. False negatives might come from a spambot or zombie infection of the organization. In that case, the spam would be properly stamped as it left the organization. What is a Bounce Message? Bounced messages are also known as non-delivery receipts (NDR) and delivery status notification (DSN). They are an email message from a receiving or relaying mail server to notify the sender that their email message has not reached the destination. This notification system allows users to assume that messages are successful unless they are otherwise notified. The user receives a message telling them that their email was not received by the recipient. Sometimes, the original email or a part of it is attached. Sometimes, there is a plain-language explanation of why the email failed. Like any other email message, there is a header indicating the server that sent the message. Almost always, a legitimate bounced message will contain the headers and envelope of the original message. This allows for troubleshooting. This is also what BATV uses to validate legitimate bounced messages. However, some spammers spoof a legitimate address, and use it to send out spam. When the email is recognized as spam and rejected, or when it is rejected for other reasons, the bounce messages come back to the legitimate address, even though that user is not the one who sent them out. These false bounce messages are called backscatter and place a burden on spoofing victim s email sever. 4

Enabling BATV on SonicWALL Email Security To enable BATV, you must turn it on for both your outbound and inbound SonicWALL Email Security servers, if they are different. If you are running an all-in-one system, you only have to turn it on once. BATV will work best if your SonicWALL portal is the last-touch for outbound mail and the first-touch for inbound mail. NOTE: For the first 4-5 days after you enable BATV, your users may not receive legitimate bounce messages. This is because there are email messages which are still trying to reach an invalid destination, and when they come back, they will not have the appropriate stamp. To enable BATV: 1. Log into your Email Security as an administrator. 2. Choose System from the left navigation bar. 3. Choose Connection Management. 4. Scroll down to the Quality of Service section. 5. Click in the Bounced Address Tag Validation to enable BATV 6. Click Apply Changes. BATV is now enabled. If you have different servers for inbound and outbound mail, make sure that it is enabled on both servers. Troubleshooting BATV This section contains some common problems and solutions for using BATV with SonicWALL Email Security. Problem: Users are still receiving false bounce messages. Causes: You may not have enabled BATV on your inbound mail server, or it may be that the inbound BATV filtering happens too late in the inbound process. Problem: Users are not receiving valid bounce messages. Causes: Users may be sending out POP3 mail and bypassing the outbound stamp from the servers. BATV may be implemented in one direction and not the other. Other organizations mail servers may not recognize BATV, or may treat it as an attack. Conclusion BATV is a solution to email backscatter caused by spoofed email addresses. Only messages sent from within your organization will be returned as bounces. This drastically reduces the bounce traffic. BATV must be enabled on both inbound and outbound servers to work. 5

Performance Monitoring SonicWALL has added a performance monitoring section to SonicWALL Email Security. This feature allows administrators to view and compare performance metrics with the Email Security interface without downloading and formatting CVS files. The performance monitoring section displays data that has always been collected by SonicWALL Email Security. Performance monitoring allows administrators to monitor a single metric over a period of time, or to compare two metrics. Once an administrator creates a graph, the graph can be saved or emailed to share with others who do not have administrator privileges. Reading Performance Monitoring There are two ways of viewing the data: by comparing data from the same day but different process metrics, or by comparing data of the same process metric across several days. The View Multiple metrics for a given date option creates a graph which contains one or two process metrics for a given date. If there are two metrics, a second y-axis scale will appear at the right-hand side of the graph for the interpretation of the second metric. The Compare many data files for a single performance metric option creates a graph for a single process metric across multiple days. Each day s worth of data is a line of a different color. Up to six data files can be displayed. Graphs are shown for a 24-hour period starting and ending at midnight GMT+0. Once a graph is specified, it will not display or redraw until the Refresh Reports button is clicked. To view the raw data files used to build a particular graph, click either the Email to or the Download buttons and a ZIP file containing the data files and also the bitmap will be provided accordingly. NOTE: When the Email Security System is processing heavy email volume/large attachments the CPU processor time may be higher than normal. This is an expected behavior. CPU processor time can vary widely depending on number of factors and high processor time alone is not an indication of a potential issue, so unless you are noticing very slow email processing/delivery coupled with high CPU processor time(~100%) for an extended period of time (typically > 1hour) there is no indication of any functional issue with the product. However if you notice these symptoms and the issue persists for extended periods of time, contact the SonicWALL Support. Creating a Performance Monitoring Graph To create a performance monitoring graph: 1. Log into your Email Security as an administrator. 2. Choose Reports & Monitoring from the left navigation bar. 3. Choose Monitoring. 4. Choose Performance Monitoring. 6

5. You will see the empty performance monitoring graphs. 6. Choose the type of performance graph you want. 7. For the multiple metrics graph: Select the date you want information on from the select data file dropdown box. Click in the first select process box and choose a process. Click in the first select metric box and choose a metric of the selected process. If you want to compare a second metric, repeat the process with the second set of dropdown boxes. 7

Click the Refresh button. You will see the performance graph for those metrics on that day. 8. For the multiple days graph: Select the process and metric you want information on. Select your dates from the data file dropdown boxes. 8

Click the Refresh button. You will see the performance graph for that metric on those days. Monitored Metrics The following processes are currently monitored and available as data files. These data files have always existed, but the information is now more readily accessible. Monitoring Service Tomcat Service Replicator Service SMTP Server Thumb Updater Service Database Service Operating System MTA Service 9

Metrics List These are the process metrics that are being tracked and stored in the data files. Most of these metrics exist in each process. The most common metrics appear in the table below. Metrics not shown in the list are usually System process monitoring. Process Metric Private Bytes(kB) Virtual Bytes(kB) %Disk Time %Processor Time Available Bytes Avg. Disk Bytes/Transfer Avg. Disk Queue Length Buffer Bytes Cache Bytes Committed Bytes Connections Established Connection Failures Connections Reset Handle Count Install Dir Free Space Private Bytes Description The percentage of elapsed time that the selected disk drive was busy servicing read or write requests. The percentage of elapsed time that all of process threads used to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code is executed to handle some hardware interrupts and trap conditions The amount of physical memory, in bytes, available to processes running on the computer. This is calculated by adding the amount of space on the Zeroed, Free, and Standby memory lists. Free memory is ready for use; zeroed memory consists of pages of memory filled with zeros to prevent subsequent processes from seeing data used by a previous process; standby memory is memory that has been removed from a process' working set, but is still available to be recalled. This counter displays the last observed value only; it is not an average. The time, in seconds, of the average disk transfer. The average number of read and write requests queued for the selected disk during the sample interval. Used in Linux systems. Buffer Bytes is the number of bytes consumed by the kernel. The sum of the Memory\\System Cache Resident Bytes, Memory\\System Driver Resident Bytes, Memory\\System Code Resident Bytes, and Memory\\Pool Paged Resident Bytes counters. This counter displays the last observed value only; it is not an average. The amount of committed virtual memory, in bytes. Committed memory is the physical memory which has space reserved on the disk paging file(s). There can be one or more paging files on each physical drive. This counter displays the last observed value only; it is not an average. The number of TCP connections for which the current state is either ESTABLISHED or CLOSE-WAIT. The number of times TCP connections have made a direct transition to the CLOSED state from the SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN-RCVD state. The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state. The total number of handles this process currently has open. This number is the sum of the handles currently open by each thread in this process. For Windows, the number of bytes remaining free on the installation drive. Private Bytes is the current size, in bytes, of memory that this process has allocated which cannot be shared with other processes. 10

Segments Retransmitted/sec Segments/sec Swap Available Bytes Thread Count Virtual Bytes The rate at which segments are retransmitted, that is, segments transmitted containing one or more previously transmitted bytes. The rate at which TCP segments are sent or received using the TCP protocol. Used in Linux systems. Swap Available Bytes is Swap space which is still free to use. The number of threads currently active in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread. The current size, in bytes, of the virtual address space the process is using. Use of virtual address space does not imply corresponding use of either disk or main memory pages. Virtual space is finite, and the process can limit its ability to load libraries. Conclusion SonicWALL Email Security has added performance monitoring graphs so that administrators can more easily see performance metrics for their systems. These graphs compliment other graphs already existing in the product. 11

Upgrading to Email Security Firmware 6.2 The following procedures are for upgrading an existing Email Security firmware to Email Security 6.2. Downloading SonicWALL Email Security Firmware 6.2 1. Log into your mysonicwall.com account at http://www.mysonicwall.com. 2. In the left navigation pane under Downloads, click Download Center. 3. In the Activate Service Software Download dialog box, select a language from the Select Language drop-down list. 4. Select the checkbox to agree to the terms and conditions, and then click Submit. 5. In the Download Center screen, select Email Security Firmware from the Type drop-down list. If not already on this selection, the screen will refresh to show links to the available Email Security firmware versions and release notes. 6. Click the link for the version that you want and then select Save in the dialog box to save the download to your local files system. Backing Up Your Existing Environment Before you upgrade your firmware to 6.2, you should back up your existing environment. This will enable you to restore it if you decide to change back for some reason. Your backup should include the setting files, including the per user settings. To back up your existing environment: 1. Login to Email Security interface using the admin account 2. In the left navigation pane under System, choose Backup/Restore. You will see the Backup/Restore page: 3. In the Manage Backups section, select Settings. 4. Click Take Snapshot Now to create a snapshot. 5. Click Download Snapshot to save the snapshot to your local file system If, after upgrading to 6.2, you need to roll back to a previous version, go back to the Backup/Restore page and use the Manage Restores section to upload the snapshot you have stored. Note: Rollback is allowed to version 6.1.1 only. 12

Upgrading Your SonicWALL Email Security Firmware Follow this procedure to upgrade your existing Email Security to Email Security 6.2. 1. Navigate to the System > Advanced page and scroll down to the Upload Patch section. 2. Click Browse to locate the Email Security Firmware file on your local file system, and then click Apply Patch. 3. As part of the upgrade process, the Email Security appliance will reboot. The upgrade process could take between 10-20 min. All the settings and data will be preserved. Document part number: 232-001533-00 Rev: A Last updated: 8/7/2008 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback