Professional Documents
Culture Documents
0
C opyright 2011 McAfee, Inc. All Rights Reserved.
Dashboard
The Dashboard provides a summary of the activity of the appliance. Use this page to access most of the pages that control the appliance. On a cluster master appliance, use this page also to see a summary of activity on the cluster of appliances.
The email flowing through the appliance. The overall system health of the appliance. Current detection rates. The performance of your network. Email messages being queued by the appliance. The number of scanning policies that you have in place, separate by protocol.
You can also configure a list of links to tasks that you often use, providing you with a quick and easy method of moving to the correct area of the user interface. The lower pane of this page displays key graphic information about performance of the appliance. Each of these dashboard panes can be customized to show the information that you need most often. When you log on to the appliance, and as you work within its configuration pages, a dialog box appears up in the bottom-right hand corner of the screen to inform you of any recommended configuration changes, or give warning messages concerning the appliance operation or settings. For example, when you first set up the appliance, it warns you that it is operating as an open -relay.
Dashboard portlets
The Dashboard contains several portlets, each providing you with information on a particular area or feature of your McAfee Email Gateway. Portlet summaries Option Definition
Summarizes the data recorded in the Detections portlets by the total number of inbound messages that were delivered, blocked, bounced, quarantined, or queued. You can further disseminate the data by sender/connection, recipient, and content. Locate specific messages by their status, or by sender or recipient by clicking Search to go to the Message Search page.
Tasks
Displays a list of common tasks that link directly to the configuration page in the appliance.
Cluster
Summarizes the data recorded in the Detections portlets by the total number of outbound messages that were delivered, blocked, bounced or queued. You can further disseminate the data by sender/connection, recipient, and content. Locate specific messages by their status, or by sender or recipient by clicking Search to go to the Message Search page.
Displays the number of detections under each protocol. Click Report to go to the Email Reports page.
Network Summary
Displays the number of connection, throughput, and kernel mode blocking status for the SMTP protocol.
Services
Displays the status of important components and lets you change the settings of recommended system configuration changes:
For Updates, a green status indicates that the component will update itself automatically. To make a manual update, click the link to go the relevant page in the user interface. For other components, a green status indicates that the component is operating within acceptable limits. To enable a service, or fix an issue, click the associated link
Option
Definition
System Summary
Displays information about the load on the system, the amount of disk space free for each partition, details about CPU usage for each processor and memory, used and free memory, and swap rate.
Hardware Summary
Uses status indicators to show information about network interfaces, hardware modules, UPS servers, bridge mode, and RAID status.
This portlet displays no data when the appliance is installed in a virtual environment.
Some data is displayed in graph format that shows appliance activity over time.
If you are using the quarantine features, messages may also summarized in the quarantined list.
Counter
Definition
Counter
Definition
A top level counter which increments for each email that passes the MAIL FROM stage of the SMTP conversation. If multiple messages are sent down one connection, this counter will increment. You can drill down to see how the email connection was received:
TLS The email was received over a TLS connection Non TLS The email was received over a standard non TLS connection
Delivered
A top level counter which increments for each email that is delivered. You can drill down to see how the email was delivered:
Plain The email was delivered as a standard plain message Encrypted The email was delivered encrypted by:
Secure Web Mail the content was encrypted using one of the following methods:
S/Mime the content was encrypted by S/MIME PGP the content was encrypted by PGP Plain the content was a standard plain message
Non TLS The email was delivered over a standard non TLS connection:
Secure Web Mail the content was encrypted by one of the following methods:
Push Pull
Counter
Definition
Push/Pull
S/Mime the content was encrypted by S/MIME PGP the content was encrypted by PGP
Blocked
A top level counter which increments for each email that is blocked. You can expand the counter to see the number of messages blocked by sender or connection, recipient, and content:
Sender/Connection provides a breakdown of the scanner which blocked the email, either: Deny Sender, RBL (Real-Time Blackhole Lists), BATV , SPF (Sender Policy
Framework).
Recipient provides a breakdown of the scanner which blocked the email, either: AntiRelay, Grey Listing , LDAP Recipient , Directory Harvesting . Content provides a breakdown of the scanner which blocked the email, either: GTI Message Reputation , Sender ID , DKIM, Spam, Phish , Mail Filtering , Mail Size Filtering , File Filtering , Compliance, Image Filtering , DLP, Virus, PUPs, Packers .
Bounced
Queued
The total number of inbound messages that were queued awaiting delivery.
Quarantined
A top level counter which increments for each message that is quarantined.
The total number of messages in all of the quarantine queues. The total number of messages requested for release by users by quarantine digests.
Type the name of a particular sender or recipient for whom you wish to locate a message, and click Search to go to the Message Search page.
Counter
Definition
Search
Click Search to go to the Message Search feature where you can look for messages based on their status; either blocked, bounced, delivered, quarantined, or queued.
If you are using the quarantine features, messages may also summarized in the quarantined list.
Counter
Definition
A top level counter which increments for each email that passes the MAIL TO stage of the SMTP conversation. If multiple messages are sent down one connection, this counter will increment. You can drill down to see how the email connection was received:
TLS The email was received over a TLS connection Non TLS The email was received over a standard non TLS connection
Delivered
A top level counter which increments for each email that is delivered. You can drill down to see how the email was delivered:
Counter
Definition
Secure Web Mail the content was encrypted using one of the following methods:
S/Mime the content was encrypted by S/MIME PGP the content was encrypted by PGP Plain the content was a standard plain message
Non TLS The email was delivered over a standard non TLS connection:
S/Mime PGP
Blocked
A top level counter which increments for each email that is blocked. You can expand the counter to see the number of messages blocked by sender or connection, recipient, and content.
Counter
Definition
Bounced
Queued
The total number of outbound messages that are queued awaiting delivery.
Quarantined
A top level counter which increments for each message that is quarantined.
The total number of messages in all of the quarantine queues. The total number of messages requested for release by users by quarantine digests.
Search
Click Search to go to the Message Search feature where you can look for messages based on their status; either blocked, bounced, delivered, quarantined, or queued.
The counters that appear in this portlet work differently to those in the Inbound and Outbound Summary portlets where each message represents a single counter. In the Detections portlets, one message can increment several counters, depending on the number of checks it fails.
Option
Definition
Total
Shows the total number of inbound and outbound messages that triggered a detection, and expands the statistics further to see the number of messages based on the following criteria:
Sender/Connection provides a breakdown of the scanner which triggered a detection, either: Deny Sender, RBL (Real-Time Blackhole Lists), BATV , or SPF (Sender Policy
Option
Definition
Framework).
Recipient provides a breakdown of the scanner which triggered a detection, either: Anti-Relay, Grey Listing , LDAP Recipient , or Directory Harvesting . Content provides a breakdown of the scanner which triggered a detection, either: GTI Message Reputation , Sender ID , DKIM, Spam, Phish , Mail Filtering, Mail Size Filtering , File Filtering , Compliance, Image Filtering , DLP, Virus, PUPs, Packers .
Inbound
Shows the total number of inbound messages that triggered a detection, and expands the statistics further to see the number of messages based on the following criteria:
Sender/Connection provides a breakdown of the scanner which triggered a detection, either: Deny Sender, RBL (Real-Time Blackhole Lists), BATV , SPF (Sender Policy
Framework).
Recipient provides a breakdown of the scanner which triggered a detection, either: Anti-Relay, Grey Listing , LDAP Recipient , Directory Harvesting . Content provides a breakdown of the scanner which triggered a detection, either: GTI Message Reputation , Sender ID , DKIM, Spam, Phish , Mail Filtering , Mail Size Filtering , File Filtering , Compliance, Image Filtering , DLP, Virus, PUPs, Packers .
Outbound
Shows the total number of inbound messages that triggered a detection, and expands the statistics further to see the number of messages based on the following criteria:
Sender/Connection provides a breakdown of the scanner which triggered a de tection, either: Deny Sender, RBL (Real-Time Blackhole Lists), BATV , SPF (Sender Policy
Framework).
Recipient provides a breakdown of the scanner which triggered a detection, either: Anti-Relay, Grey Listing , LDAP Recipient , Directory Harvesting . Content provides a breakdown of the scanner which triggered a detection, either: GTI Message Reputation , Sender ID , DKIM, Spam, Phish , Mail Filtering , Mail Size Filtering , File Filtering , Compliance, Image Filtering , DLP, Virus, PUPs, Packers .
This information describes the data available from the POP3 Detections portlet. From here, find out how many messages triggered a detection based on threats such as viruses, packers, or potentially inappropriate images.
The counters that appear in this portlet work differently to those in the Inbound and Outbound Summary portlets where each message represents a single counter incrementation. In the Detections portlets, one message can increment several counters, depending on the number of checks it fails.
Option
Definition
Spam
Phish
Image Filtering
Virus
PUPs
Packers
Option
Definition
Uptime
Displays the amount of time the appliance has been running since it was last started
Load Average
Option
Definition
Processor
Memory
Displays:
Memory used includes used and buffered memory Free memory includes free and cached memory
Swap
Displays:
Used Percentage used of swap (the area on the hard disk that is part of the appliance's virtual memory which temporarily stores inactive memory pages if there is insufficient physical memory available to do so.) Rate A high swap-rate indicates the system is in some form of overload.
Disk Space
Displays the percentage of Inodes and disk space used for each partition
functioning normally
Further descriptions of a red status indicator for external services are given in the definition table.
Option
Definition
Network Interface
Received Data received over the network interface Transmitted Data sent over the network interface Speed Speed of the network interface in bits per second
A red status indicator against any Network Interface indicates that urgent attention is required.
You may need to: Review your network configuration and check it is correct. Check that the switch is functioning correctly. Check that the switch configuration is correct. Check the cabling to and from the appliance. (Not necessary for the Content Security Blade Server). In virtual appliance installations, check the virtual switch configuration.
Hardware Modules
Option
Definition
Power Supply
Any module that is not installed is categorized as Not Applicable. Any module that shows as red or amber contains links to Troubleshoot | Troubleshooting Tools | Hardware Status where you can get more detailed information.
UPS
Using battery power (that is, not mains power) The battery is discharging No battery protection is available The UPS is overloaded The UPS is trimming or boosting incoming voltage
Bridge
A red status indicates that McAfee Email Gateway is running in bridge mode, and is not forwarding the network data. A red status indicates that the RAID status is not running to optimal levels.
Raid
Option
Definition
Connections
A top level counter which increments to show the total number of TCP connections made to the SMTP port on the appliance
Throughput
A top level counter which increments to show the average throughput of data for all TCP connections made to the SMTP port on the appliance
A top level counter which increments to show the total number of SYN packets blocked from an IP address that has triggered a Reject, close and deny (Block)action. The GTI message reputation lookup feature is configured to pe rform this action by default for the next ten minutes.
Option
Definition
Device
Type
Displays the type of scanning device: Cluster Master Cluster Failover Scanning
State
Displays the current state of each appliance: Network Connected to the network.
Redundant The Cluster Failover device is not currently running but will take over if the
master cluster appliance fails.
Option
Definition
Install Installing software. Synchronizing Synchronizing with the cluster master. Boot Booting. Shutdown Shutting down. Malconfigured Configuration file is faulty. Unconfigured Not configured for load balancing. Disabled Disabled by the user. Failed No longer on the network. No heartbeat was detected. Fault A fault has been detected on this appliance. Legacy Not compatible for load balancing. Load Active
Displays the average system load over a period of five minutes. Displays the number of active connections for each appliance. The row for the cluster master shows the total for all appliance. Displays the number of connections handled by each appliance since the counters were last reset. Displays the versions of anti-spam and anti-virus DAT files. The version numbers are the same if the appliances are up-to-date. During updating, the values might be different. To see more information, move the cursor over the text and wait for a yellow box to appear.
Connections
Option
Definition
Search the Message Queue Search for messages blocked, bounced, delivered,
quarantined, and queued by sender, recipient, and subject.
Option
Definition
View Favorite Reports Display your most popular email reports in a variety of
view types.
Create Policy
Manage Policy (SMTP) Go to the Email Policies settings for the SMTP protocol
where you can create and edit policies for anti-virus and anti-spam protection, and compliance settings.
Manage Policy (POP3) Go to the Email Policies settings for the POP3 protocol
where you can create and edit policies for anti-virus and anti-spam protection, and compliance settings.
Register DLP Documents Restrict the flow of sensitive information sent by email
through the appliance. for example, block the transmission of a sensitive document such as a financial report that is to be sent outside of your organization.
Configure Email Relay Domains Build a list of IP addresses, networks, and users
who can, or cannot connect to the appliance.
Configure Domain Routing Set up the network hosts that you want the appliance
to use to route mail traffic to specific domains.
Manage Certificates Use digitally signed certificates for tasks such as securely
transferring email using TLS, or using S/MIME certificates .
Configure Network
Manage Network Settings View and edit basic settings for the appliance such as
its domain name, and the network interfaces settings.
Option
Definition
Manage Virtual Hosting Specify the addresses where the appliance receives or
intercepts mail traffic on the Inbound Address Pool.
Configure System
Generate Syslog Reports Set up and view system logs for a variety of events. Define Directory Services Configure the appliance to work with your LDAP
servers.
Configure SNMP Send alerts to the trap manager for a variety of events. Configure DNS and Routing Create a list of DNS servers and sort them in order
of priority, and set up routes.
Troubleshoot
Run System Tests Perform a series of tests on the appliance to ensure that key
areas are functioning correctly.