QUICKSTART GUIDE
1 Getting Started You will need the following items to get started: •• A desktop or laptop computer •• Two ethernet cables (one ethernet cable is shipped with the _ Blocker, and you must provide the second). •• Web browser •• Network information for “Go Live” configuration (Step 10): •• MX records. Determine where your current MX records point. •• NAT settings. Determine where your Port 25 traffic is sent. •• Firewall settings. Determine the firewall ports you may need to open.
Plan the Installation To detect spam and viruses, the Cisco Spam and Virus Blocker Blocker must be installed at the perimeter of your network. It needs to be the first machine with an IP address that can access the Internet.
3 Change Your IP Address To connect to the Blocker, you will need to temporarily change the IP address of your computer. First, make a note of your current IP configuration settings as you will need to revert to these settings later. Then, make the following changes to your IP address: •• IP Address: 192.168.42.43 •• Subnet Mask: 255.255.255.0 •• Gateway: 192.168.42.
Plug In Place the Blocker in a location that provides enough air flow to prevent overheating. & & ' ' 47-21639-01 H:G>6A H:G>6A 96I6 96I6 POWER INPUT Plug the Blocker’s power cable into an electrical outlet.
5 Power Up important A flashing green power light indicates that the machine is plugged in but has not yet powered up. POWER Power up by pressing the On/Off switch on the front panel of the appliance. After the machine powers up, a solid green light indicates that the machine is running.
Connect to the Blocker The Blocker has two network ports: Data 1 and Data 2. & ' 96I6 H:G>6A Connect the Data 1 port to your computer using an ethernet cable. DATA 1 management: 192.168.42.42 & ' 47-21639-01 96I6 H:G>6A DATA 2 incoming email Connect the Data 2 port to the network using an ethernet cable. For the purposes of setup, connect to Data 1 as your management interface and configure incoming email on the Data 2 interface.
7 Log on to the Blocker Go to your management interface by entering the following URL in a web browser: http://192.168.42.42 The login page for the Blocker opens.
Run the System Setup Wizard The System Setup Wizard starts automatically. Accept license. Enter registration information. Enter network information (gathered in Step 1). Set anti-spam and anti-virus security settings. Review the configuration summary page. Log back in to the appliance with the username admin and the new password you set in the System Setup Wizard. The Blocker uses a self-signed certificate that may trigger a warning from your web browser.
9 Go Live Almost there.... You have completed the Blocker configuration. Now, you need to make changes in your network environment to ‘go live’ and allow the Blocker to process email. The following data flow diagram highlights network settings that you may need to change.
Configure Network Settings 10 To allow the Blocker to receive email, you may need to change the following network settings: MX RECORDS If your MX records point to a mail server, or if your spam and virus solution is hosted, you will need to change your MX records to point to the Blocker. To determine these settings, review your DNS records. Note that it can take up to 72 hours for DNS setting changes to propagate. PORTS FOR MORE info About your MX records, see Appendix B.
11 Test the Blocker Use the system test to verify that the Blocker is running properly. On the Next Steps page, enter an email address that is valid in your mail server, and click Run System Test. System Test The system test checks Blocker for internet connectivity and basic mail handling. Enter an email address that exists in your Exchange/Mail server: Verifying internet connection... Verifying MX record information... Connecting to your Exchange Server...
Run the Active Directory Wizard (OPTIONAL) You can run the Active Directory Wizard to enable the Blocker to accept email for users verified against your Active Directory server. This adds another layer of security to your network. To run the Active Directory Wizard, go to System Administration LDAP. Select the “using Active Directory Wizard” checkbox, and then click Add LDAP Server Profile.
13 Configuration Summary Review the following details of your configuration. MANAGEMENT You can manage your Blocker from the management port (Data 1) by entering http://192.168.42.42, or via the IP address assigned to your Data 2 interface after you have completed the System Setup Wizard. If you reset your configuration to factory default settings (for example, by re-running the System Setup Wizard), you can only access the Management interface from the Data 1 port (http://192.168.42.
You’re Done Congratulations, you have successfully installed the Cisco Spam and Virus Blocker! You may want to use message tracking and reporting to better understand how the Blocker is defending your network: MESSAGE TRACKING You can view details about message delivery and blocking by running queries using the Message Tracking service (in the GUI). To access message tracking, go to Monitor > Message Tracking.
a Appendix Changing Your Laptop IP Address (for Step 3) For Windows 1. Go to the Start menu and click Control Panel. The Control Panel opens. 2. Double-click Network Connections. The Network Connections window opens. 3. Right-click on the LAN or the correct Local Area Connection, and then click Properties. 4. Select Internet Protocol (TCP/IP), and then click Properties. 5. Check Use the following IP Address and enter 192.168.42.43 for the IP address, and 255.255.255.0 for subnet mask. 6.
Appendix About MX Records (for Step 10) A DNS record is like an entry in an Internet “phone book” for your domain. It translates a hostname (such as example.com) into an IP address. Included in the DNS record is an A record that maps the appliance hostname to its IP address and an MX record that directs incoming email to the correct mail server. If your MX record routes mail to your email server, you will need to change your MX records to point to your Blocker appliance.
c Appendix About Network Address Translation (for Step 10) NAT is the translation of an IP address used within one network to a different IP address used in another network. For example, you might want route email to a public IP address, while keeping all of your other addresses private. If you use Network Address Translation on your router or firewall, you may not need to change your MX records, but you may need to configure port forwarding to ensure email gets routed to the Blocker.
© Copyright 2008 Cisco IronPort Systems LLC ®. All rights reserved. The Cisco logo, IronPort Systems, Cisco Spam and Virus Blocker, Virus Outbreak Filters, Context Adaptive Scanning Engine (CASE), and SenderBase are trademarks of Cisco IronPort Systems LLC.
Cisco Spam & Virus Blocker © Cisco 2008 PN 78-18833-01
