Email Security Quick Configuration: First Initial Install Checklist

03/26/2020 1093 11483

DESCRIPTION:
Quick Configuration: First Initial Install Checklist

RESOLUTION:

Quick Configuration: First Initial Install Checklist

Introduction:  

This is a checklist of things to cover when doing the first install/deployment of SonicWall's Email Security in your production environment.

This quick checklist is aimed to get your unit up and running with as little to no prep time as possible. To fine tune your other features, please refer to our admin guide, other articles in our FAQ section, or other knowledgebase articles.

Things to consider:

1)  Is the SonicWall Email Security solution being deployed a software version or an appliance?

2)  If the SES unit is an appliance, will the product be deployed in the DMZ or the LAN?

3)  If the SES unit is a software version, will it be installed on the downstream mailserver or as a standalone server? If it is going to be a standalone, will it be in the DMZ or on

      the LAN?

4)  What kind of firewall am I running and will I be able to create the rules necessary to route inbound traffic from the public ip address to the prvate ip of the SES unit?

5)  Will I be filtering outbound mailflow? If so, can I create the necessary outbound rules on my firewall to allow SMTP traffic to go outbound from my SES unit instead of my

      mailserver?

6)  Which host will my current MX record resolve to? How do I go about making my MX record resolve to my SES unit?

Quick Configuration:     

Below will outline the steps to take to quickly get your new SES unit online and filtering your mailflow against spam and phishing attacks.

1) Once you have logged into the web interface (default username and password is: admin, password), it will bring up the license mangement page. Please authenticate to

     your registered mySonicWall.com account (this assumes that you have already created a mySonicWall.com account and have the product registered under that account prior

     to). Please note: you will not be able to navigate through the rest of the UI until licensing has been addressed and the unit is current

     with licensing. (Requirements for licensing to work - access to and from the SES unit on port 80 http, and port 443 https).

After authentication is complete, check the license expiration dates to confirm licensing has been validated.

 2)  Now we can start with configuring the inbound mail flow. This subsequently will be the configuration responsible for inbound mailflow. Under the System section, navigate to

       the Network Architecture page.

A popup window will appear, allowing for the confiuration to take place:

Once that configuration has been saved and applied, if you will be filtering outbound mailflow as well, the following displays how to create the outbound mail flow.

Same as the creation of the inbound mailflow path, select Add Path and configure your outbound path. It is better to create the outbound path prior to making any changes on your firewall and/or mailserver as it will minimize downtime.

3)  Now that the inbound and outbound paths from SES have been configured and finalized, you can now make the necessary changes to your firewall and mailserver to allow for

      proper accessibility to and from SES for port 25 SMTP traffic.

4)  One more thing to configure will be the LDAP Configuration page found under the System section of the webUI. Configuring this page will allow for dynamic updates of known

      good recipient addresses found from your LDAP server. This allows for the enabling of the DHA feature, which can deflect 50-99% of all inbound mailflow at the connection

      level.

5)  Once the LDAP Configuration page has been configured and users are being populated through the SES, navigate to the Connection Management page under the System

      section of SES. At the top of this page you will be allowed to enable DHA. For most deployments, permanently delete would be the best option to start off with.

6)  Last but not least, you can finally navigate to the Anti-Spam, Anti-Phishing section to where default spam management page resides. On this page, you can specify what

     sorting process will be performed on the various levels of spam detection that your SES unit encounters.

Side note configurations: 

Internal DNS+ MX or DNS loopback "workaround" for the NDR stuck in MTA queue issue

This quick checklist is aimed to get your unit up and running with as little to no prep time as possible. To fine tune your other features, please refer to our admin guide, other articles in our FAQ section, or other knowledgebase articles.