-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Email Security Quick Configuration: First Initial Install Checklist
03/26/2020 
1,096 People found this article helpful
484,724 Views
Description
Quick Configuration: First Initial Install Checklist
Resolution
Quick Configuration: First Initial Install Checklist
Introduction:
This is a checklist of things to cover when doing the first install/deployment of SonicWall's Email Security in your production environment.
This quick checklist is aimed to get your unit up and running with as little to no prep time as possible. To fine tune your other features, please refer to our admin guide, other articles in our FAQ section, or other knowledgebase articles.
Things to consider:
1) Is the SonicWall Email Security solution being deployed a software version or an appliance?
2) If the SES unit is an appliance, will the product be deployed in the DMZ or the LAN?
3) If the SES unit is a software version, will it be installed on the downstream mailserver or as a standalone server? If it is going to be a standalone, will it be in the DMZ or on
the LAN?
4) What kind of firewall am I running and will I be able to create the rules necessary to route inbound traffic from the public ip address to the prvate ip of the SES unit?
5) Will I be filtering outbound mailflow? If so, can I create the necessary outbound rules on my firewall to allow SMTP traffic to go outbound from my SES unit instead of my
mailserver?
6) Which host will my current MX record resolve to? How do I go about making my MX record resolve to my SES unit?
Quick Configuration:
Below will outline the steps to take to quickly get your new SES unit online and filtering your mailflow against spam and phishing attacks.
1) Once you have logged into the web interface (default username and password is: admin, password), it will bring up the license mangement page. Please authenticate to
your registered mySonicWall.com account (this assumes that you have already created a mySonicWall.com account and have the product registered under that account prior
to). Please note: you will not be able to navigate through the rest of the UI until licensing has been addressed and the unit is current
with licensing. (Requirements for licensing to work - access to and from the SES unit on port 80 http, and port 443 https).
After authentication is complete, check the license expiration dates to confirm licensing has been validated.
2) Now we can start with configuring the inbound mail flow. This subsequently will be the configuration responsible for inbound mailflow. Under the System section, navigate to
the Network Architecture page.
A popup window will appear, allowing for the confiuration to take place:
Once that configuration has been saved and applied, if you will be filtering outbound mailflow as well, the following displays how to create the outbound mail flow.
Same as the creation of the inbound mailflow path, select Add Path and configure your outbound path. It is better to create the outbound path prior to making any changes on your firewall and/or mailserver as it will minimize downtime.
3) Now that the inbound and outbound paths from SES have been configured and finalized, you can now make the necessary changes to your firewall and mailserver to allow for
proper accessibility to and from SES for port 25 SMTP traffic.
4) One more thing to configure will be the LDAP Configuration page found under the System section of the webUI. Configuring this page will allow for dynamic updates of known
good recipient addresses found from your LDAP server. This allows for the enabling of the DHA feature, which can deflect 50-99% of all inbound mailflow at the connection
level.
5) Once the LDAP Configuration page has been configured and users are being populated through the SES, navigate to the Connection Management page under the System
section of SES. At the top of this page you will be allowed to enable DHA. For most deployments, permanently delete would be the best option to start off with.
6) Last but not least, you can finally navigate to the Anti-Spam, Anti-Phishing section to where default spam management page resides. On this page, you can specify what
sorting process will be performed on the various levels of spam detection that your SES unit encounters.
Side note configurations:
Internal DNS+ MX or DNS loopback "workaround" for the NDR stuck in MTA queue issue
This quick checklist is aimed to get your unit up and running with as little to no prep time as possible. To fine tune your other features, please refer to our admin guide, other articles in our FAQ section, or other knowledgebase articles.
Related Articles
- Email Security: Convert a .cer format SSL Certificate to .pem for TLS
- How to set up your MX record after you activated Email Security Hosted Solution
- Email Security: How to troubleshoot NDR's.
Categories
- Email Security > Email Security Appliance
- Email Security > Email Security Software
- Email Security > Hosted Email Security
YES
NO