- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Email Security Quick Configuration: First Initial Install Checklist
03/26/2020 
1,095 People found this article helpful
98,548 Views
Description
Quick Configuration: First Initial Install Checklist
Resolution
Quick Configuration: First Initial Install Checklist
Introduction:
This is a checklist of things to cover when doing the first install/deployment of SonicWall's Email Security in your production environment.
This quick checklist is aimed to get your unit up and running with as little to no prep time as possible. To fine tune your other features, please refer to our admin guide, other articles in our FAQ section, or other knowledgebase articles.
Things to consider:
1) Is the SonicWall Email Security solution being deployed a software version or an appliance?
2) If the SES unit is an appliance, will the product be deployed in the DMZ or the LAN?
3) If the SES unit is a software version, will it be installed on the downstream mailserver or as a standalone server? If it is going to be a standalone, will it be in the DMZ or on
the LAN?
4) What kind of firewall am I running and will I be able to create the rules necessary to route inbound traffic from the public ip address to the prvate ip of the SES unit?
5) Will I be filtering outbound mailflow? If so, can I create the necessary outbound rules on my firewall to allow SMTP traffic to go outbound from my SES unit instead of my
mailserver?
6) Which host will my current MX record resolve to? How do I go about making my MX record resolve to my SES unit?
Quick Configuration:
Below will outline the steps to take to quickly get your new SES unit online and filtering your mailflow against spam and phishing attacks.
1) Once you have logged into the web interface (default username and password is: admin, password), it will bring up the license mangement page. Please authenticate to
your registered mySonicWall.com account (this assumes that you have already created a mySonicWall.com account and have the product registered under that account prior
to). Please note: you will not be able to navigate through the rest of the UI until licensing has been addressed and the unit is current
with licensing. (Requirements for licensing to work - access to and from the SES unit on port 80 http, and port 443 https).
After authentication is complete, check the license expiration dates to confirm licensing has been validated.
2) Now we can start with configuring the inbound mail flow. This subsequently will be the configuration responsible for inbound mailflow. Under the System section, navigate to
the Network Architecture page.
A popup window will appear, allowing for the confiuration to take place:
Once that configuration has been saved and applied, if you will be filtering outbound mailflow as well, the following displays how to create the outbound mail flow.
Same as the creation of the inbound mailflow path, select Add Path and configure your outbound path. It is better to create the outbound path prior to making any changes on your firewall and/or mailserver as it will minimize downtime.
3) Now that the inbound and outbound paths from SES have been configured and finalized, you can now make the necessary changes to your firewall and mailserver to allow for
proper accessibility to and from SES for port 25 SMTP traffic.
4) One more thing to configure will be the LDAP Configuration page found under the System section of the webUI. Configuring this page will allow for dynamic updates of known
good recipient addresses found from your LDAP server. This allows for the enabling of the DHA feature, which can deflect 50-99% of all inbound mailflow at the connection
level.
5) Once the LDAP Configuration page has been configured and users are being populated through the SES, navigate to the Connection Management page under the System
section of SES. At the top of this page you will be allowed to enable DHA. For most deployments, permanently delete would be the best option to start off with.
6) Last but not least, you can finally navigate to the Anti-Spam, Anti-Phishing section to where default spam management page resides. On this page, you can specify what
sorting process will be performed on the various levels of spam detection that your SES unit encounters.
Side note configurations:
Internal DNS+ MX or DNS loopback "workaround" for the NDR stuck in MTA queue issue
This quick checklist is aimed to get your unit up and running with as little to no prep time as possible. To fine tune your other features, please refer to our admin guide, other articles in our FAQ section, or other knowledgebase articles.
Related Articles
- SonicWall HES IP address blocklisted by UCEProtect or Backscatter
- How to add O365 connector for domain specific routing
- SonicWall Email Security on Hyper-V Platform
Categories
- Email Security > Email Security Appliance
- Email Security > Email Security Software
- Email Security > Hosted Email Security
YES
NO