Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page
Integrating Data Security with Existing Infrastructure > Working with existing email infrastructure
Working with existing email infrastructure
Deployment and Installation Center | Data Security Solutions | Version 7.7.x
Applies to:                                         
In this topic:                                       
*
Data Security, v7.7.x
*
Using the SMTP agent
*
Using the protector
You can configure Websense Data Security within your existing email infrastructure to block and quarantine email that contravenes your policies.
You can do this by connecting Websense Email Security Gateway, the SMTP agent, or the Websense protector to the network directly in the path of the traffic, enabling traffic to be not only monitored, but also blocked, quarantined, or even terminated before it reaches its destination.
This section describes the SMTP agent and protector. For information on using Email Security Gateway, see Installing appliance-based Websense solutions.
Using the SMTP agent
If you want the option to block email that breaches policy, the SMTP agent is the easiest deployment option to configure, monitor, and debug in a production email environment. Do the following to set up the SMTP agent within your email infrastructure for this purpose:
1.
Run the Websense installer as described in Installing Data Security components. You can install the SMTP agent on a TRITON Management Server, supplemental Data Security server, or as a stand-alone agent on another Windows server machine equipped with Microsoft IIS.
2.
To configure the SMTP agent, in TRITON - Data Security, select Settings > Deployment > System Modules. Select the SMTP agent.
3.
Complete the fields as follows:
*
In the General tab:
*
Set the Mode to Blocking.
*
Specify the action to take when an unspecified error occurs.
*
In the SMTP Filter tab:
*
Select the Enable filtering on the following internal email domains check box.
*
Enter the domain name or names to monitor and click Add.
*
In the Encryption & Bypass tab:
*
If you want encrypted or flagged email to bypass analysis, select the Enable redirection gateway check box, then enter the redirection gateway IP and port. Specify the encryption and/or bypass flags to use.
*
In the Advanced tab:
*
Specify the footer to add to analyzed email, if any.
*
Click OK to save all the above settings.
4.
Select Main > Policy Management > DLP Policies. Select the policy rule that you wish to use for email management and click Edit.
5.
Complete the fields as follows:
*
Select Destinations, and check the Network Email box.
*
Select Severity & Action, then select an action plan that includes notifications.
6.
Click Deploy to activate the settings.
7.
Configure your corporate email server to route email to the SMTP agent. (The agent becomes a MTA.)
Using the protector
There are 2 different SMTP modes:
*
Monitoring mode (sometimes referred to as passive mode)
*
Explicit Mail Transfer Agent (MTA) mode
In monitoring mode, the protector monitors and analyzes SMTP traffic, but does not enable policies to block transactions. It is important that not all networks have permission to send email via the protector's SMTP service, otherwise the protector can be used as a mail relay. To avoid this, you should limit the networks that send email via the protector.
In explicit MTA mode, the protector acts as an MTA for your SMTP traffic and operates in protect mode. Protect mode allows you to block transactions that breach policy.
This section contains the basic steps required to configure Data Security for these 2 topologies.
For more information on deploying the protector inline, see Deploying the protector.
Pre-installation checklist
The figure below shows a common topology in which the protector is installed inline. The checklist in this section refers to the numbers in this figure.
Before installation, check the following:
*
Verify that the required hardware is available - check the latest release notes for the list of certified hardware.
*
If inline mode is selected, verify that the protector contains a certified Silicom Network card (either Dual or Quad).
*
Have the following ready before installation:
*
Valid IP addresses for the Data Security server and the protector management port in the Data Security LAN
*
Make sure the following IP addresses are known prior to installation - they are required in order to complete the procedure:
*
The complete list of internal networks (IP ranges and subnet masks) [1]
If there is more than one site, the internal networks list should include the networks of all sites.
*
A list of the mail server's IP addresses (in all sites) [4] [6]
*
The IP addresses of the mail relay, if one exists [5] [7]
*
The IP address of the outbound gateway for the protector - this will typically be the internal leg of the firewall [2]
*
The IP address of the inbound gateway for the protector - this will typically be the external leg of the backbone switch or router [6]
*
The HELO string the protector will use when identifying itself. This is relevant for the SMTP channel only.
*
If customized notifications will be displayed when content is blocked, these should be prepared beforehand.
Setting up SMTP in monitoring mode
1.
Power up the protector.
2.
Run the Websense installer as described in Installing Data Security components. During installation make sure the time, date and time zone are precise, and map eth0 to verify it is located on the main board.
3.
Connect eth0 of the protector to the LAN.
4.
To configure the protector, in TRITON - Data Security, select Settings > Deployment > System Modules. Select the protector.
5.
Complete the fields as follows:
*
In the General tab:
*
Select Enabled.
*
In the Networking tab:
*
Set Default gateway to the outbound gateway.
*
Set Interface to br0.
*
For the Connection mode, select Inline (Bridge).
*
In the Network Interfaces list, select br0 and click Edit. Select Enable bypass mode to allow traffic in case of Data Security Server software/hardware failure. Click OK.
*
In the Local Networks tab:
*
Select Include specific networks. Add all the internal networks for all sites. This list is used to identify the direction of the traffic.The mail servers and mail relays should be considered part of the internal network.
*
In the Services tab
*
Select the SMTP service. On the General tab, set the Mode to Monitoring bridge. On the Traffic Filter tab, set the Direction to Outbound. Click OK.
*
Select the HTTP service. On the General tab, set the Mode to Monitoring bridge. On the Traffic Filter tab, set the Direction to Outbound. On the HTTP Filter tab, select Exclude destination domains if required. Click OK.
*
Click OK to save all the above settings, and click Deploy to activate the settings.
6.
Connect the protector to the outgoing connection and to the organization's internal network. This should be done last, after the protector is fully configured.
Setting up SMTP in MTA modes
Starting the protector
1.
Power up the protector.
2.
Run the Websense installer as described in Installing Data Security components. Make sure the time, date and time zone are precise, and verify that eth0 (or whatever port you specified during installation) is mapped and located on the main board.
3.
Connect eth0 or the designated port of the protector to the LAN.
Configuring the protector
1.
In TRITON - Data Security, select Settings > Deployment > System Modules. Select the protector.
2.
In the General tab:
*
Select Enabled.
3.
In the Local Networks tab:
*
Select Include specific networks. Add all the internal networks for all sites. This list is used to identify the direction of the traffic.The mail servers and mail relays should be considered part of the internal network.
4.
In the Services tab:
*
Select the SMTP service.
*
On the General tab, set the Mode to Mail Transfer Agent (MTA).
*
On the Mail Transfer Agent (MTA) tab:
*
Set the Operation Mode to Blocking and select the behavior desired when an unspecified error occurs during analysis.
*
Set the SMTP HELO name. This is required.
*
Set the next hop MTA if required (for example, the company mail relay).
*
Set the addresses of all networks that are permitted to relay email messages through the protector. This is required, as it is important that not all networks have permission to send email via the protector's SMTP service, otherwise the protector can be used as a mail relay. This list should include the addresses any previous hops, such as your mail server.
5.
Click OK to save all the above settings for the protector.
6.
Select Main > Policy Management > DLP Policies. Select the policy rule that you wish to use for email management and click Edit.
7.
Complete the fields as follows:
*
Select Destinations, and check the Network Email box.
*
Select Severity & Action, then select an action plan that includes notifications.
 
* 
Note 
For more information about action plans, see the section "Action Plans" in TRITON - Data Security Help.
*
Click OK to save all the above settings.
8.
Click Deploy to activate the settings.
Connecting the protector
1.
Connect the protector to the outgoing connection and to the organization's internal network. This should be done last, after the protector is fully configured.
2.
If a next hop server exists (for example, a company mail relay) you must add the protector's IP address to its allowed relay list.
3.
(Optional) Set your mail server's next hop (smart host) to be the protector's IP address.

Go to the table of contents Go to the previous page Go to the next page
Integrating Data Security with Existing Infrastructure > Working with existing email infrastructure
Copyright 2016 Forcepoint LLC. All rights reserved.