This Document was adapted from the online help for MEG 7.

0
C opyright 2011 McAfee, Inc. All Rights Reserved.

Dashboard
The Dashboard provides a summary of the activity of the appliance. Use this page to access most of the pages that control the appliance. On a cluster master appliance, use this page also to see a summary of activity on the cluster of appliances.

Benefits of using the Dashboard

This topic discusses the benefits of using the dashboard within the user interface of your Email Gateway. The Dashboard provides a single location for you to view summaries of the activities of the appliance. Depending on how you have your appliance configured, you can view information about:

The email flowing through the appliance. The overall system health of the appliance. Current detection rates. The performance of your network. Email messages being queued by the appliance. The number of scanning policies that you have in place, separate by protocol.

You can also configure a list of links to tasks that you often use, providing you with a quick and easy method of moving to the correct area of the user interface. The lower pane of this page displays key graphic information about performance of the appliance. Each of these dashboard panes can be customized to show the information that you need most often. When you log on to the appliance, and as you work within its configuration pages, a dialog box appears up in the bottom-right hand corner of the screen to inform you of any recommended configuration changes, or give warning messages concerning the appliance operation or settings. For example, when you first set up the appliance, it warns you that it is operating as an open -relay.

Dashboard portlets
The Dashboard contains several portlets, each providing you with information on a particular area or feature of your McAfee Email Gateway. Portlet summaries Option Definition

Inbound Mail Summary

Summarizes the data recorded in the Detections portlets by the total number of inbound messages that were delivered, blocked, bounced, quarantined, or queued. You can further disseminate the data by sender/connection, recipient, and content. Locate specific messages by their status, or by sender or recipient by clicking Search to go to the Message Search page.

Tasks

Displays a list of common tasks that link directly to the configuration page in the appliance.

Cluster

On a master cluster appliance, displays the state of the cluster of appliances.

Outbound Mail Summary

Summarizes the data recorded in the Detections portlets by the total number of outbound messages that were delivered, blocked, bounced or queued. You can further disseminate the data by sender/connection, recipient, and content. Locate specific messages by their status, or by sender or recipient by clicking Search to go to the Message Search page.

SMTP Detections and POP3 Detections

Displays the number of detections under each protocol. Click Report to go to the Email Reports page.

Network Summary

Displays the number of connection, throughput, and kernel mode blocking status for the SMTP protocol.

Services

Displays the status of important components and lets you change the settings of recommended system configuration changes:

For Updates, a green status indicates that the component will update itself automatically. To make a manual update, click the link to go the relevant page in the user interface. For other components, a green status indicates that the component is operating within acceptable limits. To enable a service, or fix an issue, click the associated link

Option

Definition

to go the relevant page in the user interface.

System Summary

Displays information about the load on the system, the amount of disk space free for each partition, details about CPU usage for each processor and memory, used and free memory, and swap rate.

Hardware Summary

Uses status indicators to show information about network interfaces, hardware modules, UPS servers, bridge mode, and RAID status.

This portlet displays no data when the appliance is installed in a virtual environment.

Some data is displayed in graph format that shows appliance activity over time.

Option definitions Inbound Mail Summary portlet

Use the Inbound Mail Summary portlet to get the delivery and status information about messages sent to your organization. The information in this portlet relates to data from the SMTP Detections | Inbound portlet. Data is shown in bar chart format. Each incoming message is categorized as either: Delivered Blocked Bounced Queued

If you are using the quarantine features, messages may also summarized in the quarantined list.

Counter

Definition

Counter

Definition

Total Inbound Messages

A top level counter which increments for each email that passes the MAIL FROM stage of the SMTP conversation. If multiple messages are sent down one connection, this counter will increment. You can drill down to see how the email connection was received:

TLS The email was received over a TLS connection Non TLS The email was received over a standard non TLS connection

Delivered

A top level counter which increments for each email that is delivered. You can drill down to see how the email was delivered:

Plain The email was delivered as a standard plain message Encrypted The email was delivered encrypted by:

TLS The email was delivered over a TLS connection:

Secure Web Mail the content was encrypted using one of the following methods:

Push Pull Push/Pull

S/Mime the content was encrypted by S/MIME PGP the content was encrypted by PGP Plain the content was a standard plain message

Non TLS The email was delivered over a standard non TLS connection:

Secure Web Mail the content was encrypted by one of the following methods:

Push Pull

Counter

Definition

Push/Pull

S/Mime the content was encrypted by S/MIME PGP the content was encrypted by PGP

Blocked

A top level counter which increments for each email that is blocked. You can expand the counter to see the number of messages blocked by sender or connection, recipient, and content:

Sender/Connection provides a breakdown of the scanner which blocked the email, either: Deny Sender, RBL (Real-Time Blackhole Lists), BATV , SPF (Sender Policy
Framework).

Recipient provides a breakdown of the scanner which blocked the email, either: AntiRelay, Grey Listing , LDAP Recipient , Directory Harvesting . Content provides a breakdown of the scanner which blocked the email, either: GTI Message Reputation , Sender ID , DKIM, Spam, Phish , Mail Filtering , Mail Size Filtering , File Filtering , Compliance, Image Filtering , DLP, Virus, PUPs, Packers .

Bounced

The total number of inbound messages that were refused.

Queued

The total number of inbound messages that were queued awaiting delivery.

This includes messages that are subsequently successfully delivered.

Quarantined

A top level counter which increments for each message that is quarantined.

The total number of messages in all of the quarantine queues. The total number of messages requested for release by users by quarantine digests.

Sender and Recipient

Type the name of a particular sender or recipient for whom you wish to locate a message, and click Search to go to the Message Search page.

Counter

Definition

Search

Click Search to go to the Message Search feature where you can look for messages based on their status; either blocked, bounced, delivered, quarantined, or queued.

Option definitions Outbound Mail Summary portlet

Use the Outbound Mail Summary portlet to get the delivery and status information about messages sent from your organization. The information in this portlet relates to data from the SMTP Detections | Outbound portlet. Each incoming message is categorized as either: Delivered Blocked Bounced Queued

If you are using the quarantine features, messages may also summarized in the quarantined list.

Counter

Definition

Total Outbound Messages

A top level counter which increments for each email that passes the MAIL TO stage of the SMTP conversation. If multiple messages are sent down one connection, this counter will increment. You can drill down to see how the email connection was received:

TLS The email was received over a TLS connection Non TLS The email was received over a standard non TLS connection

Delivered

A top level counter which increments for each email that is delivered. You can drill down to see how the email was delivered:

Plain The email was delivered as a standard plain message

Counter

Definition

Encrypted The email was delivered encrypted by:

TLS The email was delivered over a TLS connection:

Secure Web Mail the content was encrypted using one of the following methods:

Push Pull Push/Pull

S/Mime the content was encrypted by S/MIME PGP the content was encrypted by PGP Plain the content was a standard plain message

Non TLS The email was delivered over a standard non TLS connection:

Secure Web Mail

Push Pull Push/Pull

S/Mime PGP

Blocked

A top level counter which increments for each email that is blocked. You can expand the counter to see the number of messages blocked by sender or connection, recipient, and content.

Sender/Connection displays the number of messages blocked because of their

sender or connection information.

Recipient displays the number of messages blocked because of their recipient.

Counter

Definition

Content displays the number of messages blocked because of their content

Bounced

The total number of outbound messages that were refused.

Queued

The total number of outbound messages that are queued awaiting delivery.

Quarantined

A top level counter which increments for each message that is quarantined.

The total number of messages in all of the quarantine queues. The total number of messages requested for release by users by quarantine digests.

Search

Click Search to go to the Message Search feature where you can look for messages based on their status; either blocked, bounced, delivered, quarantined, or queued.

Option definitions SMTP Detections portlet

Use the SMTP Detections portlet to find out the total number of messages that triggered a detection based on the sender or connection, the recipient, or the content, and to view data specific to either inbound or outbound SMTP traffic.

The counters that appear in this portlet work differently to those in the Inbound and Outbound Summary portlets where each message represents a single counter. In the Detections portlets, one message can increment several counters, depending on the number of checks it fails.

Option

Definition

Total

Shows the total number of inbound and outbound messages that triggered a detection, and expands the statistics further to see the number of messages based on the following criteria:

Sender/Connection provides a breakdown of the scanner which triggered a detection, either: Deny Sender, RBL (Real-Time Blackhole Lists), BATV , or SPF (Sender Policy

Option

Definition

Framework).

Recipient provides a breakdown of the scanner which triggered a detection, either: Anti-Relay, Grey Listing , LDAP Recipient , or Directory Harvesting . Content provides a breakdown of the scanner which triggered a detection, either: GTI Message Reputation , Sender ID , DKIM, Spam, Phish , Mail Filtering, Mail Size Filtering , File Filtering , Compliance, Image Filtering , DLP, Virus, PUPs, Packers .

Inbound

Shows the total number of inbound messages that triggered a detection, and expands the statistics further to see the number of messages based on the following criteria:

Sender/Connection provides a breakdown of the scanner which triggered a detection, either: Deny Sender, RBL (Real-Time Blackhole Lists), BATV , SPF (Sender Policy
Framework).

Recipient provides a breakdown of the scanner which triggered a detection, either: Anti-Relay, Grey Listing , LDAP Recipient , Directory Harvesting . Content provides a breakdown of the scanner which triggered a detection, either: GTI Message Reputation , Sender ID , DKIM, Spam, Phish , Mail Filtering , Mail Size Filtering , File Filtering , Compliance, Image Filtering , DLP, Virus, PUPs, Packers .

Outbound

Shows the total number of inbound messages that triggered a detection, and expands the statistics further to see the number of messages based on the following criteria:

Sender/Connection provides a breakdown of the scanner which triggered a de tection, either: Deny Sender, RBL (Real-Time Blackhole Lists), BATV , SPF (Sender Policy
Framework).

Recipient provides a breakdown of the scanner which triggered a detection, either: Anti-Relay, Grey Listing , LDAP Recipient , Directory Harvesting . Content provides a breakdown of the scanner which triggered a detection, either: GTI Message Reputation , Sender ID , DKIM, Spam, Phish , Mail Filtering , Mail Size Filtering , File Filtering , Compliance, Image Filtering , DLP, Virus, PUPs, Packers .

Option definitions POP3 Detections portlet

This information describes the data available from the POP3 Detections portlet. From here, find out how many messages triggered a detection based on threats such as viruses, packers, or potentially inappropriate images.
The counters that appear in this portlet work differently to those in the Inbound and Outbound Summary portlets where each message represents a single counter incrementation. In the Detections portlets, one message can increment several counters, depending on the number of checks it fails.

Option

Definition

Spam

Messages that could originate from a spammer.

Phish

Messages that could contain a phish attack.

Mail Size Filtering

Messages filtered because of their size.

Image Filtering

Messages that could contain inappropriate or pornographic images.

Virus

Messages that exhibit virus-like behavior or content.

PUPs

Messages that contain potentially unwanted programs.

Packers

Messages that could contain packers.

Option definitions System Summary portlet

The System Summary portlet displays information about load balancing, the disk space used for each partition, total CPU usage, used and available memory, and swap details.

Option

Definition

Uptime

Displays the amount of time the appliance has been running since it was last started

Load Average

Displays the five second load average

Option

Definition

Processor

Displays the total usage for all processors

Memory

Displays:

Memory used includes used and buffered memory Free memory includes free and cached memory

Swap

Displays:

Used Percentage used of swap (the area on the hard disk that is part of the appliance's virtual memory which temporarily stores inactive memory pages if there is insufficient physical memory available to do so.) Rate A high swap-rate indicates the system is in some form of overload.

Disk Space

Displays the percentage of Inodes and disk space used for each partition

Option definitions Hardware Summary portlet

The Hardware Summary portlet uses status indicators to show the status of network interfaces, UPS servers, bridge mode (if enabled), and RAID status. Information states On the Hardware Summary portlet, there are the following status indicators available:

functioning normally

a warning threshold has been exceeded

a critical threshold has been exceeded

the service is not enabled.

Further descriptions of a red status indicator for external services are given in the definition table.

Option

Definition

Network Interface

Shows the following for LAN1 and LAN2:

Received Data received over the network interface Transmitted Data sent over the network interface Speed Speed of the network interface in bits per second

A red status indicator against any Network Interface indicates that urgent attention is required.

You may need to: Review your network configuration and check it is correct. Check that the switch is functioning correctly. Check that the switch configuration is correct. Check the cabling to and from the appliance. (Not necessary for the Content Security Blade Server). In virtual appliance installations, check the virtual switch configuration.

Hardware Modules

Shows a summary status indicator about the following hardware modules:

Temperature Voltage Fan Current Physical Security

Cooling Device Memory Module Board Cable Interconnect Management subsystem

Option

Definition

Power Supply

Any module that is not installed is categorized as Not Applicable. Any module that shows as red or amber contains links to Troubleshoot | Troubleshooting Tools | Hardware Status where you can get more detailed information.

UPS

When enabled, the following status indicators are available:

Healthy The UPS is online with the mains power working

Requires Attention Due to one of the following potential

reasons:

Using battery power (that is, not mains power) The battery is discharging No battery protection is available The UPS is overloaded The UPS is trimming or boosting incoming voltage

Requires Immediate Attention The UPS is offline

Critical The battery is low

Bridge

A red status indicates that McAfee Email Gateway is running in bridge mode, and is not forwarding the network data. A red status indicates that the RAID status is not running to optimal levels.

Raid

Option definitions Network Summary portlet

This information describes the data available from the Network Summary portlet.

Option

Definition

Connections

A top level counter which increments to show the total number of TCP connections made to the SMTP port on the appliance

Throughput

A top level counter which increments to show the average throughput of data for all TCP connections made to the SMTP port on the appliance

Kernel Mode Blocking

A top level counter which increments to show the total number of SYN packets blocked from an IP address that has triggered a Reject, close and deny (Block)action. The GTI message reputation lookup feature is configured to pe rform this action by default for the next ten minutes.

Option definitions Cluster portlet

Use the Cluster portlet to get details and status data that relate to a cluster of McAfee Email Gateway appliances. This portlet becomes available when you have configured your appliance as part of a cluster, or if you are using the McAfee Content Security Blade Server hardware to run your McAfee Email Gateway.
This section is available only on a cluster master appliance or management blade (on a McAfee Content Security Blade Server).

Option

Definition

Device

Displays the name of the appliance as configured.

Type

Displays the type of scanning device: Cluster Master Cluster Failover Scanning

State

Displays the current state of each appliance: Network Connected to the network.

Redundant The Cluster Failover device is not currently running but will take over if the
master cluster appliance fails.

Option

Definition

Install Installing software. Synchronizing Synchronizing with the cluster master. Boot Booting. Shutdown Shutting down. Malconfigured Configuration file is faulty. Unconfigured Not configured for load balancing. Disabled Disabled by the user. Failed No longer on the network. No heartbeat was detected. Fault A fault has been detected on this appliance. Legacy Not compatible for load balancing. Load Active
Displays the average system load over a period of five minutes. Displays the number of active connections for each appliance. The row for the cluster master shows the total for all appliance. Displays the number of connections handled by each appliance since the counters were last reset. Displays the versions of anti-spam and anti-virus DAT files. The version numbers are the same if the appliances are up-to-date. During updating, the values might be different. To see more information, move the cursor over the text and wait for a yellow box to appear.

Connections

Component version information

Option definitions Tasks portlet

Use the Tasks portlet to link directly to the areas of the user interface that search the message queue, view reports, manage policies, configure mail protocol settings and network and system settings, and access troubleshooting features.

Option

Definition

View Message Queue and Reports

Search the Message Queue Search for messages blocked, bounced, delivered,
quarantined, and queued by sender, recipient, and subject.

Option

Definition

View Favorite Reports Display your most popular email reports in a variety of
view types.

Manage Scheduled Reports Create schedules for available report documents,

such as email activity.

Create Policy

Manage Policy (SMTP) Go to the Email Policies settings for the SMTP protocol
where you can create and edit policies for anti-virus and anti-spam protection, and compliance settings.

Manage Policy (POP3) Go to the Email Policies settings for the POP3 protocol
where you can create and edit policies for anti-virus and anti-spam protection, and compliance settings.

Manage Compliance Dictionaries Choose from a library of predefined rules, or

create your own rules and dictionaries specific to your organization. Compliance rules can vary in complexity from a straightforward trigger when an individual term within a dictionary is detected, to building on and combining score -based dictionaries which will only trigger when a certain threshold is reached. Using the advanced features of compliance rules, dictionaries can be combined using logical operations.

Register DLP Documents Restrict the flow of sensitive information sent by email
through the appliance. for example, block the transmission of a sensitive document such as a financial report that is to be sent outside of your organization.

Configure Mail Protocol

Configure Email Relay Domains Build a list of IP addresses, networks, and users
who can, or cannot connect to the appliance.

Configure Domain Routing Set up the network hosts that you want the appliance
to use to route mail traffic to specific domains.

Configure Encryption Enable the appliance to use supported encryption methods

to securely deliver your email messages.

Manage Certificates Use digitally signed certificates for tasks such as securely
transferring email using TLS, or using S/MIME certificates .

Configure Network

Manage Network Settings View and edit basic settings for the appliance such as
its domain name, and the network interfaces settings.

Manage a Cluster Specify the appliance's load balancing requirements when it

acts as part of a cluster.

Option

Definition

Manage Virtual Hosting Specify the addresses where the appliance receives or
intercepts mail traffic on the Inbound Address Pool.

Configure System

Configure ePO Management Set up the appliance to be managed by epolicy

Orchestrator.

Configure Quarantine Options Tell the appliane to store quarantined messages

itself, or to store them using the McAfee Quarantine Manager (MQM) service.

Generate Syslog Reports Set up and view system logs for a variety of events. Define Directory Services Configure the appliance to work with your LDAP
servers.

Configure SNMP Send alerts to the trap manager for a variety of events. Configure DNS and Routing Create a list of DNS servers and sort them in order
of priority, and set up routes.

Troubleshoot

Generate a Minimu m Escalation Reports Create a report that contains the

minimum information needed by support to help them diagnose a problem with the appliance.

Run System Tests Perform a series of tests on the appliance to ensure that key
areas are functioning correctly.

Back up and Restore Configuration Configure the appliance to back up the

configuration, or create a backup schedule, and restore the configuration if necessary.

C opyright 2011 McAfee, Inc. All Rights Reserved.