Symantec™ Messaging

Gateway 10.6 Getting Started

Guide

powered by Brightmail™
Symantec™ Messaging Gateway 10.6 Getting Started
Guide
Documentation version: 10.6

Legal Notice
Copyright © 2015 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Symantec as on premises
or hosted services. Any use, modification, reproduction release, performance, display or
disclosure of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical Support’s
primary role is to respond to specific queries about product features and functionality.
The Technical Support group also creates content for our online Knowledge Base.
The Technical Support group works collaboratively with the other functional areas
within Symantec to answer your questions in a timely fashion. For example, the
Technical Support group works with Product Engineering and Symantec Security
Response to provide alerting services and virus definition updates.
Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right amount
of service for any size organization
■ Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
■ Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our website at
the following URL:
support.symantec.com
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support
information at the following URL:
support.symantec.com
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be at
the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
■ Product release level
■ Hardware information
 ■ Available memory, disk space, and NIC information
■ Operating system
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Symantec
■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:
www.symantec.com/business/support/

Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs, DVDs, or manuals
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:

Asia-Pacific and Japan [email protected]

Europe, Middle-East, and Africa [email protected]

North America and Latin America [email protected]

 Contents

Technical Support ............................................................................................... 4

Chapter 1 Introducing Symantec Messaging Gateway .................... 9
About Symantec Messaging Gateway ................................................ 9
Where to get more information ........................................................ 10
About basic deployment ................................................................. 11

Chapter 2 Installing your appliance ................................................... 13

About installation configurations ...................................................... 13
Installation checklist ...................................................................... 14
System requirements .................................................................... 15
Setting up the appliance hardware ................................................... 16
Starting the appliance software set up .............................................. 17
Specifying Ethernet interfaces ......................................................... 18
Specifying a static IP address for routing ........................................... 19
Specifying gateway and DNS IP addresses ....................................... 20
Specifying the role for the appliance ................................................. 21
Registering your license ................................................................. 22
Troubleshooting license file registration ....................................... 24
Updating to the latest software during initial setup ............................... 24
Configuring the Control Center ........................................................ 25
Adding a Scanner through the Control Center .................................... 27
Configuring the Scanner for inbound and outbound mail filtering ............ 29

Chapter 3 Deploying Symantec Messaging Gateway as a

Virtual Machine ............................................................. 33
About Symantec Messaging Gateway Virtual Edition ........................... 33
Virtual software terminology ...................................................... 34
Symantec Messaging Gateway support for VMware Tools .............. 35
Symantec Messaging Gateway Support for Hyper-V Tools .............. 36
Installing Symantec Messaging Gateway on VMware ........................... 36
System requirements for virtual deployment on VMware ................. 37
Installing from an ISO image or OS restore CD onto a virtual
machine on your ESXi Server ............................................. 38
 Contents 8

Deploying an OVF template on ESXi/vSphere .............................. 40

Using an OS restore CD on your ESXi Server to boot your virtual
computer ........................................................................ 41
Using an ISO image on your datastore to boot your ESXi Server
virtual computer ............................................................... 42
Using an OS ISO image on your local computer to boot your ESXi
Server virtual computer ...................................................... 42
Installing Symantec Messaging Gateway on Hyper-V ........................... 43
System requirements for virtual deployment on Microsoft
Hyper-V .......................................................................... 43
Installing from an ISO image or OS restore CD onto a virtual
machine on your Microsoft Hyper-V server ............................ 45
Using an OS restore CD on your Microsoft Hyper-V Server to boot
your virtual computer ......................................................... 46
Using an OS ISO image on your Hyper-V server to boot your
Microsoft Hyper-V Server virtual computer ............................ 47
 Chapter 1
Introducing Symantec
Messaging Gateway
This chapter includes the following topics:

■ About Symantec Messaging Gateway

■ Where to get more information

■ About basic deployment

About Symantec Messaging Gateway

Symantec Messaging Gateway offers enterprises a comprehensive gateway-based
message-security solution. Symantec Messaging Gateway delivers inbound and
outbound messaging security, real-time antispam and antivirus protection, advanced
content filtering, and data loss prevention in a single platform.
Symantec Messaging Gateway does the following to protect your environment:
■ Detects spam, denial-of-service attacks, and other inbound email threats.
■ Uses Symantec Disarm technology to detect and remove potentially malicious
content from many common email attachments, including Microsoft Office
documents and Adobe PDFs. Potentially malicious content types include macros,
scripts, Flash movies, and other exploitable content. Disarm deconstructs the
attachment, strips the exploitable content, and reconstructs the document,
preserving its visual fidelity. You can choose the types of documents and types
of potentially malicious content to Disarm. You can also choose whether to
archive the original unaltered documents in case administrators or end users
need access to them
■ Provides outbound sender throttling to protect against outbound spam attacks
from compromised internal users.
 Introducing Symantec Messaging Gateway 10
Where to get more information

■ Leverages a global sender reputation and local sender reputation analysis,

including expanded URL reputation-based filtering, to block spam, malware and
phishing message and to reduce email infrastructure costs by restricting
unwanted connections.
■ Filters email by policies to remove unwanted content, demonstrate regulatory
compliance, and protect against intellectual property and data loss over email.
■ Gives you the option to enforce TLS encryption on inbound messages from
specific domains, to allow more secure communication with trusted partners
and senders.
■ Offers TLS-encrypted delivery to Symantec Data Loss Prevention, to improve
security for customers who have integrated Symantec Data Loss Prevention
with Symantec Messaging Gateway.
■ Provides granular policies and verdicts for mail that cannot be scanned, so you
can take different actions depending on the reasons why a message is
unscannable. Reports that focus on unscannable messages allow you to isolate
and interpret statistical information about unscannable mail and attachments.
■ Provides visibility into messaging trends and events with minimal administrative
burden.
See “Where to get more information” on page 10.

Where to get more information

The following resources provide more information about your product.

Documentation
The Symantec Messaging Gateway documentation set consists of the following
manuals:
■ Symantec™ Messaging Gateway 10.6 Administration Guide
■ Symantec™ Messaging Gateway 10.6 Installation Guide
■ Symantec™ Messaging Gateway 10.6 Getting Started Guide
■ Symantec™ Messaging Gateway 10.6 Command Line Reference Guide
■ Symantec™ Messaging Gateway 10.6 Release Notes
■ Symantec™ Messaging Gateway 10.6 Software Update Notes
For the most current English versions of Symantec Messaging Gateway documents,
click the following URL and then click a Documentation link:
https://support.symantec.com/en_US/article.DOC9096.html
 Introducing Symantec Messaging Gateway 11
About basic deployment

The site provides best practices, troubleshooting information, and other resources
for Symantec Messaging Gateway.

Product Help system

Symantec Messaging Gateway includes a comprehensive Help system that contains
conceptual and procedural information.

Symantec Web site

Visit the Symantec Web site for more information about your product as follows:
■ https://support.symantec.com/en_US/defaultProductLanding.53991.html
Provides access to the technical support knowledge base, newsgroups, contact
information, downloads, and mailing list subscriptions
■ https://licensing.symantec.com/acctmgmt/index.jsp
Provides information about registration, frequently asked questions, how to
respond to error messages, and how to contact Symantec License Administration
■ www.symantec.com/business/index.jsp
Provides product news and updates
■ www.symantec.com/business/security_response/index.jsp
Provides you access to the virus encyclopedia, which contains information about
all known threats; information about hoaxes; and access to white papers about
threats

About basic deployment

You can use each appliance to perform a variety of functions. During the initial
setup, the installation wizard prompts you to choose the function that each appliance
will perform. Before you install the product, decide which functions to assign your
appliance. Contact a sales representative for additional help with performance
sizing.
The available functions are as follows:
 Introducing Symantec Messaging Gateway 12
About basic deployment

Control Center A Control Center lets you configure and manage all of the following
from a Web-based interface:

■ Email filtering
■ SMTP routing
■ System settings
■ Spam Quarantine
■ Suspect Virus Quarantine
■ Content filtering incident folders
■ All other functions

The Control Center provides information on the status of all of the

Symantec Messaging Gateway hosts in your environment, including
logs and reports.

You must configure one Control Center for your site. One Control
Center controls one or more Scanners.

Scanner Scanners can perform all of the following tasks:

■ Perform filtering based on IP connections, such as Connection

Classification, Fastpass, and various sender groups
■ Filter email for viruses, spam, and noncompliant messages

You can configure multiple Scanners.

Control Center and Performs both functions. This configuration is suitable for smaller
Scanner installations.

Note: This documentation assumes that you will configure a single appliance as
both a Control Center and a Scanner, and that your Scanner will perform inbound
and outbound mail filtering. If your filtering requirements exceed this basic scenario,
refer to the Symantec™ Messaging Gateway 10.6 Installation Guide.
 Chapter 2
Installing your appliance
This chapter includes the following topics:

■ About installation configurations

■ Installation checklist

■ System requirements

■ Setting up the appliance hardware

■ Starting the appliance software set up

■ Specifying Ethernet interfaces

■ Specifying a static IP address for routing

■ Specifying gateway and DNS IP addresses

■ Specifying the role for the appliance

■ Registering your license

■ Updating to the latest software during initial setup

■ Configuring the Control Center

■ Adding a Scanner through the Control Center

■ Configuring the Scanner for inbound and outbound mail filtering

About installation configurations

You can install and run Symantec Messaging Gateway in several ways:
 Installing your appliance 14
Installation checklist

Symantec Messaging Install and run a physical, Symantec-supplied appliance.

Gateway appliance

Symantec Messaging Install and run a virtual appliance, using your choice of
Gateway Virtual Edition hardware.

See “About Symantec Messaging Gateway Virtual Edition”

on page 33.

Mixed-mode Install and run a combination of physical and virtual

components.

Installation checklist
Table 2-1 describes the information to have on hand and the hardware to have in
place before you install Symantec Messaging Gateway.

Table 2-1 Installation checklist

Item Description

Console access to Keyboard and VGA monitor or through another computer through
appliance for initial setup a serial port. After initial setup, you can log into an appliance's
command line interface using SSH.

Valid license file The same license file can be used to license multiple appliances.

Hostname The URL you use to access the appliance's Control Center Web
interface.

A static IP addresses ■ A routable static IP address assigned to eth0 for inbound email,
and one or two netmask and one of the following for outbound email:
and gateway IP ■ Routable static IP address assigned to eth1 (recommended)
addresses ■ Routable static virtual IP address
■ Separate port that shares the one routable static IP address
assigned to eth0

IP addresses assigned to eth0 or eth1 require a netmask IP

address and a gateway IP address. Refer to the Scanner scenarios
to determine IP address requirements.

Domain Name Servers DNS is required to route email. You can use the Internet root DNS
(DNS) servers or specify internal DNS servers.

NTP servers (optional) Internet or internal.

 Installing your appliance 15
System requirements

Table 2-1 Installation checklist (continued)

Item Description

Hostname, port, user Instead of using a direct connection, you can optionally specify a
name, and password for proxy for registration, filters, and retrieval of virus definitions using
proxy (optional) LiveUpdate.

IP addresses from which If there are MTAs configured between your Scanners and the
to permit traffic Internet, on the Inbound Mail Filtering - Connections wizard page,
configure the Scanners to only accept email from the upstream
MTAs. If there is a firewall between any of your appliances and
the Internet, the firewall must be configured to permit network
traffic through certain ports.

System requirements
Table 2-2 lists the minimum web browser and LDAP system requirements.
See “System requirements for virtual deployment on Microsoft Hyper-V” on page 43.

Table 2-2 System requirements

Item Requirement

Web browsers The Control Center supports the following browsers:

■ Microsoft Internet Explorer 9 or later

■ Mozilla Firefox 28 or later
■ Chrome 34 or later
 Installing your appliance 16
Setting up the appliance hardware

Table 2-2 System requirements (continued)

Item Requirement

LDAP Symantec Messaging Gateway supports the following LDAP directory

types:

■ Windows® 2012 Active Directory® (both LDAP and Global Catalog)

■ Windows 2008 Active Directory (both LDAP and Global Catalog)
■ Oracle® Directory Server Enterprise Edition 11.1.1.7
■ Oracle Directory Server Enterprise Edition 11.1.1.6.0
■ Oracle Directory Server Enterprise Edition 11.1.1.5.0
■ Sun™ Directory Server 7.0
■ IBM® Domino® (formerly Lotus Domino) LDAP Server 8.5.3
■ IBM LDAP Server 8.5.2
■ IBM Domino LDAP Server 8.5
■ IBM Domino LDAP Server 8.0
■ IBM Domino LDAP Server 7.0
■ OpenLDAP 2.4
■ OpenLDAP 2.3

Symantec Messaging Gateway is LDAP v.3 compliant and can be

configured to work with other directory server types.

Setting up the appliance hardware

Before you can install and configure the appliance, you must first set up the
hardware.
To set up the appliance hardware
1 Unpack the appliance and either rack mount it or place it on a level surface.
2 Plug in AC power.
3 Plug in an Ethernet Cable to iDRAC port and enable DRAC. For more
information on iDRAC, see Dell Support.
4 Connect the appliance with one of the following methods:
■ Connect a keyboard and VGA monitor to the appliance.
■ Connect another computer to the appliance with the serial port.
Use a null modem cable with a DB9 connector and settings of 9600 bps,
8/N/1.
 Installing your appliance 17
Starting the appliance software set up

■ Connect to appliance through iDRAC console from a remote computer.

5 Connect an Ethernet cable to the Ethernet jack that is labeled 1 on the back
panel of the appliance, which corresponds to eth0.
To use the second Ethernet port for outbound traffic, connect a second cable
to the Ethernet jack that is labeled 2 on the back of the appliance and
corresponds to eth1.
See “Starting the appliance software set up” on page 17.

Starting the appliance software set up

To start the appliance software set up
1 Turn on the power.
2 Log on with the logon name admin and the password symantec.
3 When you are prompted, type your new password twice.
4 When you are prompted, type a fully qualified domain name for this host.
To avoid problems with message routing, this host name should not be your
mail domain, such as symantecexample.com.
For example, the name should be similar in form to:

host6.symantecexample.com

5 When you are prompted, type the correct time zone.

Type ? to see a list of time zones.
Press the space bar to scroll through the list or type Q to exit the list.
6 To continue installation, next you specify Ethernet interfaces.
See “Specifying Ethernet interfaces” on page 18.
 Installing your appliance 18
Specifying Ethernet interfaces

To start up Symantec Messaging Gateway Virtual Edition using VMware vSphere

Client
1 Access the VMware ESXi server through the VMware vSphere client. You can
download this software from VMware Web site or directly from your appliance
if your VMware ESXi server is configured for https access. Go to https://<IP
of ESXi Server>. Select link Download vSphere Client and install the
VMware vSphere Client software. Log into your VMware ESXi server through
VMware vSphere Client.
2 In VMware vSphere Client, right-click on Symantec Messaging Gateway
virtual machine and select Power on from the right-click menu.
3 In VMware vSphere Client, select the Symantec Messaging Gateway virtual
machine and then click on the console tab.
To start up Symantec Messaging Gateway Virtual Edition on Microsoft Hyper-V
Hypervisor
1 Access the Microsoft Hyper-V Server through the Microsoft Hyper-V Microsoft
Management Console. You can download this software from the Microsoft
Web site.
2 In Microsoft Hyper-V Microsoft Management Console, right-click on Symantec
Messaging Gateway virtual machine and select Start from the right-click menu.
3 In Microsoft Hyper-V Microsoft Management Console, select the Symantec
Messaging Gateway virtual machine and then right-click and select Connect.
After you set up the appliance hardware, begin the software set up process.
See “Setting up the appliance hardware” on page 16.

Specifying Ethernet interfaces

After you perform the initial steps of starting the appliance setup, the next step is
to configure the Ethernet interfaces.
See “Starting the appliance software set up” on page 17.
 Installing your appliance 19
Specifying a static IP address for routing

To specify Ethernet interfaces

1 When you are prompted, type the IP address for the Ethernet interface that is
labeled 1 on the back of the appliance.
For example:

192.168.0.1

2 When you are prompted, type the subnet mask for Ethernet interface 1.
For example:

255.255.255.0

3 When you are prompted if you want to use the second Ethernet interface,
interface 2, type one of the following responses:

YES You want to use interface 2.

NO You do not want to use interface 2.

Skip to the next procedure.

See “Specifying a static IP address for routing”

on page 19.

4 When you are prompted, type the IP address for Ethernet interface 2.
For example:

192.168.12.3

5 When you are prompted, type the subnet mask for Ethernet interface 2.
For example:

255.255.255.0

6 To continue installation, next you specify a static IP address for routing.

See “Specifying a static IP address for routing” on page 19.

Specifying a static IP address for routing

After you set up the Ethernet interfaces, the next step in setting up your appliance
is to set up a static IP address for routing. You can set up multiple static IP addresses
or none at all.
 Installing your appliance 20
Specifying gateway and DNS IP addresses

See “Specifying Ethernet interfaces” on page 18.

To specify a static IP address static for routing
1 When you are prompted whether you want to add a static IP address for routing,
type one of the following responses:

YES You want to add a static IP address for routing.

NO You do not want to add a static IP address for routing.

Skip to the next procedure.

See “Specifying gateway and DNS IP addresses”

on page 20.

2 When you are prompted, specify the IP address or CIDR block of the destination
host or network.
3 If you configure multiple Ethernet interfaces, you are prompted to specify the
Ethernet Interface number (either 1 or 2, the default is 1).
This setting is to force the route to be associated with the specified device.
4 When you are prompted whether you want to add another static IP address,
type one of the following responses:

YES You want to add another static IP address.

Repeat steps 2 through 3 to add another static IP

address.

NO You do not want to add another static IP address.

Skip to the next procedure.

See “Specifying gateway and DNS IP addresses”

on page 20.

5 To continue installation, next you specify gateway and DNS IP addresses.

See “Specifying gateway and DNS IP addresses” on page 20.

Specifying gateway and DNS IP addresses

After you configure the static IP address, specify the default gateway IP address
and the IP address of your DNS server. You can add up to three DNS server IP
addresses.
See “Specifying a static IP address for routing” on page 19.
 Installing your appliance 21
Specifying the role for the appliance

To specify gateway and DNS settings

1 When you are prompted, type the IP address of the default gateway (default
router).
2 When you are prompted, type the IP address of the DNS server.
3 When you are prompted if you want to enter another DNS server, type one of
the following responses:

YES You want to add an additional DNS server.

Type the IP address.

You can add up to three addresses.

NO You do not want to an additional DNS server.

Skip to the next procedure.

See “Specifying the role for the appliance” on page 21.

4 To continue installation, next you specify the role for the appliance.
See “Specifying the role for the appliance” on page 21.

Specifying the role for the appliance

After you have specified IP addresses for your default gateway and DNS servers,
specify the role for the appliance.
See “Specifying gateway and DNS IP addresses” on page 20.
The roles that you can choose are as follows:
■ Scanner only
■ Control Center only
■ Scanner and Control Center
To set the role for the appliance
1 When you are prompted, choose one of the following roles for this appliance:
■ Scanner only
■ Control Center only
 Installing your appliance 22
Registering your license

■ Scanner and Control Center

2 For Scanner only, when prompted, type the IP address of the Control Center
that you intend to use to manage this Scanner.
3 When you are prompted, type one of the following responses:

YES The summary information is correct.

Product setup is complete and the appliance restarts.

After the appliance restarts, you can register your
appliance.

See “Registering your license” on page 22.

NO The summary information is not correct.

You return to the beginning of the process to make your

changes.

See “Starting the appliance software set up” on page 17.

Registering your license

To register your license, you need the license file that Symantec provides you.
Place this file on the computer from which you access the Control Center. Each
time you add a Scanner, you must confirm your licenses or register again. However,
you can use the same license file for each Scanner.

Note: For your Scanners, ensure that your network is configured to permit outbound
connections to Symantec on port 443. Symantec Messaging Gateway communicates
with Symantec Security Response over a secure connection for product registration
and ongoing operations.

If you are performing the initial setup of your appliance, these steps appear in the
setup wizard after the appliance restarts.
See “Specifying the role for the appliance” on page 21.
 Installing your appliance 23
Registering your license

To register your license

1 From a computer that can access your appliance, locate the appliance in a
browser.
The default logon address is as follows:
https://<hostname>
where <hostname> is the host name that you designate for your appliance
during setup or the IP address.
To use HTTP, you must enable HTTP through the command line interface and
specify port 41080.
2 When the security alert message appears, accept the self-signed certificate to
continue.
3 On the Control Center logon page, log on as user admin and use the password
that you specified set during initial setup.
4 On the End-User License Agreement page, click I accept the terms of the
license agreement and click Next.
5 On the License Information Registration page, click Browse to locate your
license file.
6 Select your license file and click Open to return to the License Registration
page.
7 If your Scanner uses a proxy server for communications with Symantec, click
Proxy Server.
8 To specify a proxy server, check Use HTTP Proxy and type the server host
name and port. If required, type the user name and password.
9 Click Register License.
If registration was successful, the License Registration Information page
returns.
See “Troubleshooting license file registration” on page 24.
Registration may fail because of an inaccessible proxy, closed port 443, or an
expired, missing, or corrupt license file.
 Installing your appliance 24
Updating to the latest software during initial setup

10 If you have another license file for a different feature, repeat the process for
registering each license.
11 When all of the license files are successfully registered, click Next.
If your software is up-to-date, the setup wizard appears. Continue with the
installation process.
See “Configuring the Control Center” on page 25.
If a software update is available, the Software Update page appears.
See “Updating to the latest software during initial setup” on page 24.

Troubleshooting license file registration

If you have difficulty installing a license during installation, the installation wizard
lets you troubleshoot the issue with the Traceroute utility or the Ping utility.
Troubleshooting license file registration
1 On the License Information Registration page, click Utilities.
2 In the Utility field, click the drop-down menu and select whether to use
Traceroute or Ping, and then in the Host name or IP address field, type the
host name or IP address.
Make sure you can connect to https://register.brightmail.com.
3 Click Run.
The results appear in the Results text box.
4 Click Register License.
5 Complete registration.
See “Registering your license” on page 22.

Updating to the latest software during initial setup

Symantec recommends that you apply the current software update after you register
the product, if one is available.
See “Registering your license” on page 22.
 Installing your appliance 25
Configuring the Control Center

Updating to the latest software during initial setup

1 On the Software Update page, select any of the following options:

Skip Lets you update your software later.

Update Updates your software now.

After the update, the setup wizard appears to help you

configure your appliance.

See “Configuring the Control Center” on page 25.

Cancel Returns you to the License Registration page.

Back See “Registering your license” on page 22.

2 When the software update finishes, do one of the following tasks:

■ Refresh your browser.
■ Close and re-open your browser to ensure that the cached versions of
graphics redisplay correctly.

3 To continue installation, next you configure the Host.

See “Configuring the Control Center” on page 25.
See the Symantec™ Messaging Gateway 10.6 Administration Guide for details
on Configuring Scanners.

Configuring the Control Center

After you register your license or after you complete the software update, the
Administrator Settings page appears in the setup wizard.
See “Registering your license” on page 22.
See “Updating to the latest software during initial setup” on page 24.
Configure the Control Center before you configure any Scanners. If you specified
that this appliance is a Control Center and a Scanner, the wizard continues with
the Scanner setup after the Control Center setup finishes.
 Installing your appliance 26
Configuring the Control Center

To configure the Control Center

1 On the Administrator Settings page, type an email address for the
administrator.
2 Check Receive Alert Notifications to have Symantec Messaging Gateway
send alert notifications to this address.
You can set up alert notifications for outbreaks, spam and virus filters, message
queues, disk space, SMTP authentication, directories, licenses, software
updates, and events. Events include scheduled task, service, hardware, swap
space, and UPS issues.
You can add additional administrators or modify this administrator's settings
in the Control Center later.
3 Click Next.
4 On the Time Settings page, to verify that the date that appears in the Current
Appliance Time area is correct, select one of the following options:

Do not change the time The time is correct and you do not want to make
changes. This option is the default setting.

Set time manually You want to manually change the time. Type the proper
values in the Date and Set Time fields.

Use NTP servers You want to use NTP servers to manage time. Type the
IP address for up to three NTP servers.

5 Click Next.
6 On the System Locale page, specify the locale that the appliance should use
for formatting numbers, dates, and times. This setting is the language and
regional formatting Symantec Messaging Gateway uses for messages.
7 Select a Quarantine fallback encoding format.
Fallback encoding is the formatting that the product uses for quarantined
messages if the formatting that you specified in the System Locale field fails.
 Installing your appliance 27
Adding a Scanner through the Control Center

8 Click Next.
If your appliance has been set up as a Control Center and a Scanner, the
Scanner Role page appears, and you must define your Scanner role as
described in the following topics:
See “Configuring the Scanner for inbound and outbound mail filtering”
on page 29.
If you set up your appliance as a Control Center only, the Setup Summary
page lists your selected configuration options.
9 On the Setup Summary page, select any of the following options:

Finish You are satisfied with the settings and do not want to
make changes. This option is the default setting.

Back You want to modify your settings.

Cancel You want to end the setup without saving your changes.
You cannot use the appliance until you complete the
setup.

10 If your Scanner is not on the Control Center, set up a Scanner on a separate

appliance. You can do this task through the Control Center.
See “Adding a Scanner through the Control Center” on page 27.

Adding a Scanner through the Control Center

You must have Full Administration rights or Manage Settings modify rights to add
a Scanner.

Note: None of the settings that you specify throughout the wizard are final until you
click Finish at the end of the wizard.

To add a Scanner through the Control Center

1 On the Control Center, click Administration > Hosts > Configuration.
2 If this Scanner is the first Scanner that you add, the Add Scanner wizard
appears. Otherwise, on the Host Configuration page under Reconfigure a
Scanner or Control Center host, click Add.
3 On the Add Scanner Wizard page, click Next.
4 On the Scanner Host Settings page, do all of the following:
 Installing your appliance 28
Adding a Scanner through the Control Center

■ In the Host description box, type a description for the new Scanner.
■ In the Host name or IP address box, type the host name or IP address
for the new Scanner.

5 Click Next.
6 On the License Registration page, click Browse to locate your license file.
7 Select your license file and click Open to return to the License Registration
page.
8 If your Scanner uses a proxy server for communications with Symantec, click
Proxy Server.
9 To specify a proxy server, check Use HTTP Proxy and type the server host
name and port.
10 Click Register License.
If registration was successful, the License Registration page returns.
If the license registration fails, perform troubleshooting steps.
See “Troubleshooting license file registration” on page 24.
11 If you have another license file for a different feature, repeat the process for
registering each license.
12 When all the license files are successfully registered, click Next.
If your software needs to be updated, the Software Update page appears. If
not, proceed to step 14.
13 On the Software Update page, select any of the following options:

Skip Lets you update your software later.

Update Updates your software now. After the update, the setup
wizard returns you to the Time Settings page.

Cancel Returns you to the License Registration page.

See “Registering your license” on page 22.

 Installing your appliance 29
Configuring the Scanner for inbound and outbound mail filtering

14 On the Time Settings page, verify whether the date in the Current Appliance
Time area is correct. Select one of the following options:

Do not change the time The time is correct and you do not want to make
changes. This option is the default setting.

Set time manually You want to manually change the time. Type the proper
values in the Date and Set Time fields.

Use NTP servers You want to use NTP servers to manage time. Click and
provide the IP address for up to three NTP servers.

15 To complete the Add Scanner wizard, you must now configure the Scanner
based on its function.
See “Configuring the Scanner for inbound and outbound mail filtering”
on page 29.

Configuring the Scanner for inbound and outbound

mail filtering
You can configure the Scanner to perform both inbound mail filtering and outbound
mail filtering. You can use the same Ethernet interface for both inbound mail filtering
and outbound mail filtering. Or you can create a virtual IP address to use for either
inbound or outbound mail filtering.
To configure the Scanner for inbound and outbound mail filtering
1 On the Scanner Role page, click Inbound and Outbound mail filtering then
click Next.
2 On the Create Optional Virtual IP Address page, select one of the following
options:

Yes You want to create a Virtual IP address.

No You do not want to create a Virtual IP address. Proceed

to step 6.

3 Click Next.
 Installing your appliance 30
Configuring the Scanner for inbound and outbound mail filtering

4 On the Create Virtual IP Address page, do all of the following tasks:

Ethernet Click to select the Ethernet interface.

IP address Type the IP address for the virtual server.

Subnet mask Type the subnet mask IP address.

Network Type the network IP address.

Broadcast Type the broadcast IP address

5 Click Next.
6 On the Inbound Mail Filtering page, click Inbound mail IP address to select
the IP address to use for inbound mail filtering.
7 In the Inbound mail SMTP port field, type the port, and then click Next.
8 On the Inbound Mail Filtering - Accepted Hosts page, to specify the IP
addresses of the mail servers from which this Scanner should accept inbound
mail, select one of the following options:

All IP addresses You want your Scanner to accept mail from all sources
or the Scanner is deployed at the gateway. For a
Scanner deployed at the Internet gateway, Symantec
recommends that you select this option to accept mail
from any MTA on the Internet.

Specific IP Addresses You want to restrict the domains from which your
Scanner accepts mail. Type IP addresses, CIDR ranges,
or domains. If the Scanner is deployed behind upstream
mail servers, specify the upstream mail servers.

9 Click Next.
 Installing your appliance 31
Configuring the Scanner for inbound and outbound mail filtering

10 On the Local Domains page, check the addresses that you want to accept
inbound mail for in the Local Domains list.
To modify the list, do any of the following tasks:

To add an address Type the address into the Domain or email address
field for which to accept inbound mail field, and click
Add.

For each domain address or email address that you

add, you can also specify whether messages should be
routed through a specific host and port. Add that
information to the Optionally route to the following
destination host and Port fields.

To delete an address Check the address to remove and click Delete.

To import a list of addresses Click Import, and then navigate to an existing file.

To route messages according Check Enable MX Lookup. If you enable MX lookup,

to the MX record for the you must specify a host name, not an IP address.
specified host name
For example, enable MX lookup if you configure multiple
downstream mail servers and use MX records for email
load balancing.

11 Click Next.
12 On the Outbound Mail Filtering page, click the drop-down list to select the
IP address to use for outbound mail filtering.
13 In the Outbound mail SMTP port field, type the port, and click Next.
14 On the Outbound Mail Filtering - Accepted Hosts page, do one of the
following tasks:
■ Specify the internal host to which this Scanner should relay local domain
mail after filtering is complete. This server is typically a downstream mail
server, such as your corporate mail server.
■ Check Enable MX Lookup for this host. If you enable MX lookup, specify
a host name instead of an IP address.

15 Click Next.
16 On the Mail Filtering - Mail Delivery page, type a host name or IP address
and port to specify how you want to relay local domain filtered mail.
17 Optionally, check Enable MX lookup for this host.
 Installing your appliance 32
Configuring the Scanner for inbound and outbound mail filtering

18 On the Mail Filtering - Non-local Mail Delivery page, select one of the
following options to specify how you want to relay filtered mail:

Use default MX Lookup You want to use MX Lookup to return the

hosts for any domain.

Define new host You want to specify a new host. Type a

host name or IP address and port.
Symantec recommends that you check
Enable MX lookup for this host if you
position the Scanner at the gateway. If you
choose this option, specify a host name
(not an IP address).

Use an existing host You want to use an existing host. Select a

host from the drop-down list. If there is a
separate gateway MTA between the
Scanner and the Internet, provide that
MTA's host name or IP address and port.

19 Click Next.
20 On the Setup Summary page, review your settings and select one of the
following options:

Finish You are satisfied with the settings and want to save
them.

Back You want to modify your settings. Go back and revise

your settings.

Cancel You want to cancel your changes without saving them.

 Chapter 3
Deploying Symantec
Messaging Gateway as a
Virtual Machine
This chapter includes the following topics:

■ About Symantec Messaging Gateway Virtual Edition

■ Installing Symantec Messaging Gateway on VMware

■ Installing Symantec Messaging Gateway on Hyper-V

About Symantec Messaging Gateway Virtual Edition

Use Symantec Messaging Gateway Virtual Edition with VMware to create a
simulated computer environment (a virtual computer) on which to run Symantec
Messaging Gateway. The guest software is a complete operating system that
contains the Symantec Messaging Gateway Virtual Edition software. It runs in a
similar manner to the application as installed on a standalone hardware platform.
You can deploy the Symantec Messaging Gateway as a virtual appliance on your
existing VMware infrastructure in one of the following ways:
■ As an ISO or OS restore CD
See “Installing from an ISO image or OS restore CD onto a virtual machine on
your ESXi Server” on page 38.
See “Installing from an ISO image or OS restore CD onto a virtual machine on
your Microsoft Hyper-V server” on page 45.
■ As an OVF on ESXi/vSphere for demonstration or testing purposes
 Deploying Symantec Messaging Gateway as a Virtual Machine 34
About Symantec Messaging Gateway Virtual Edition

Symantec does not recommend deploying an OVF on ESXi/vSphere in a

production environment.
See “Deploying an OVF template on ESXi/vSphere” on page 40.

Note: Symantec Messaging Gateway does not support a VHD for Microsoft
Hyper-V.

The resources that are allocated to Symantec Messaging Gateway Virtual Edition
must meet the minimum requirements.
See “System requirements for virtual deployment on VMware” on page 37.
See “System requirements for virtual deployment on Microsoft Hyper-V” on page 43.
This documentation assumes the following:
■ Your environment has an existing VMware ESXi or Hyper-V Server deployment
that is capable of deploying a 64-bit architecture.
■ You are familiar with administering virtual computers.
■ Your environment meets all prerequisite system requirements, including 64-bit
virtualization enabled in the BIOS of the host server.
For more information about VMware, and to download trialware and prerequisite
applications, see the VMware Web site at www.vmware.com.
For more information about Microsoft Hyper-V, see the Microsoft Web site at
www.microsoft.com.
See “Virtual software terminology” on page 34.

Virtual software terminology

Key terminology relating to virtual software is as follows:

Virtual computer A virtual computer is the software that insulates the

application stack from the physical hardware.

Intel Virtualization Technology Also known as Intel-VT. When enabled in the BIOS, it allows
the CPU to support multiple operating systems including
64-bit architecture. On many Intel processors this setting may
be disabled in the BIOS and must be enabled prior to
installing Symantec Messaging Gateway.
Note: AMD processors that support 64-bit architecture usually
have this setting enabled by default.
 Deploying Symantec Messaging Gateway as a Virtual Machine 35
About Symantec Messaging Gateway Virtual Edition

Host computer OS The host computer or operating system (OS) is the physical
hardware and primary OS upon which the guest computer/OS
run.

Guest computer OS The OS installed on the virtual computer. Symantec

Messaging Gateway Virtual Edition is the guest computer
and OS.

VMware ESXi Server VMware ESXi is an enterprise-quality virtual machine

platform.

Microsoft Hyper-V Server A native hypervisor distributed by Microsoft that enables

platform virtualization on x86-64 systems.

Virtual computer Image A set of files in a VMware-specific format that contains an

image of a preconfigured virtual computer and Symantec
Messaging Gateway Virtual Edition. This image can be used
to install a virtual computer on a host computer that runs the
VMware ESXi Server.

ISO image or OS restore CD An image that lets you install Symantec Messaging Gateway
onto a computer that runs the VMware ESXi Server.

OVF template A virtual machine that includes a set of software. For example,
an OVF template can include the Symantec Messaging
Gateway software.

VHD template A virtual machine for Microsoft Hyper-V that includes a set
of software.
Note: Symantec Messaging Gateway software is not
available as a VHD template.

vSphere client A desktop virtual machine platform that connects to a VMware

ESXi server.

Microsoft Management An extended Windows console from which an administrator

Console can manage a Hyper-V server.

See “About Symantec Messaging Gateway Virtual Edition” on page 33.

Symantec Messaging Gateway support for VMware Tools

Symantec Messaging Gateway virtual appliances provide support for a limited set
of VMware Tools.
Only the following tools are supported:
 Deploying Symantec Messaging Gateway as a Virtual Machine 36
Installing Symantec Messaging Gateway on VMware

Second-generation This tool loads automatically at virtual appliance boot time. No action
vmxnet Virtual NIC is required to activate this support.
driver
Currently supports vmxnet 1 and 2.

vmtoolsd daemon This tool starts automatically during virtual appliance boot time. No
action is required to activate this support. The vmtoolsd daemon
supports automatic turn off of the virtual appliance from the vSphere4
Client dashboard. The vmtoolsd daemon also supports the Guest
Information Service.

vmmemctl This tool enables transparent page sharing and reclaims unused
memory from the guest OS. It also enables memory swapping of the
virtual machines.

No other VMware Tools functionality is supported.

See “About Symantec Messaging Gateway Virtual Edition” on page 33.

Symantec Messaging Gateway Support for Hyper-V Tools

Symantec Messaging Gateway virtual appliances provide support for a limited set
of Hyper-V Tools.
Only the following tools are supported:

hv_netvsc This tool provides support for the Hyper-V-specific (or "synthetic")
network adapter.

hv_storvsc This tool provides support for all storage devices.

hv_vmbus This tool is the fast communication channel between the server
running Hyper-V and the virtual machine.

hv_utils This tool provides integrated shutdown, key-value pair data exchange,
and heartbeat.

See “About Symantec Messaging Gateway Virtual Edition” on page 33.

Installing Symantec Messaging Gateway on VMware

Use Symantec Messaging Gateway Virtual Edition with VMware to create a
simulated computer environment on which to run Symantec Messaging Gateway.
 Deploying Symantec Messaging Gateway as a Virtual Machine 37
Installing Symantec Messaging Gateway on VMware

System requirements for virtual deployment on VMware

Table 3-1 lists the system requirements to deploy Symantec Messaging Gateway
as a guest on VMware ESXi Server. You must install and configure one of these
servers before you install Symantec Messaging Gateway Virtual Edition.

Note: Symantec Messaging Gateway does not provide any version of BusLogic
Controller.

For requirements specific to VMware ESXi Server, refer to your VMware

documentation.

Table 3-1 Supported Configurations for Symantec Messaging Gateway Virtual

Edition on VMware

Description Recommended Minimum Notes

VMware ESXi ESXi Version 5.5 Version 5.0 Supported versions are
Server or later ESXi/vSphere 5.0/5.1/5.5/6.0
server.

Processor on the host must

support VT and have this setting
enabled in the BIOS prior to
installation to support the 64-bit
kernel that is required by
Symantec Messaging Gateway.

Disk type Fixed disk ---- Symantec Messaging Gateway

installed on a flexible disk on a
virtual machine is not supported.

Disk space For more 120 GB For Scanner-only virtual

information, machines.
consult the
Symantec 120 GB For Control Center–only virtual
Knowledge Base machines.
article, Disk
120 GB For combined Scanner and
Space
Control Center virtual machines.
Recommendations
for Symantec
Messaging
Gateway Virtual
Edition.
 Deploying Symantec Messaging Gateway as a Virtual Machine 38
Installing Symantec Messaging Gateway on VMware

Table 3-1 Supported Configurations for Symantec Messaging Gateway Virtual

Edition on VMware (continued)

Description Recommended Minimum Notes

Memory 16 GB 8 GB A minimum of 8 GB is necessary

to run Symantec Messaging
Gateway and the virtual
machine.

CPUs 8 4 Symantec recommends

allocating eight or more CPUs,
based on workload demands and
hardware configuration.
Note: Your environment must
support 64-bit applications.

NICs 2 1 Only one network interface card

is required per virtual machine.
Note: The maximum number of
NICs that are supported is 2.

See “About Symantec Messaging Gateway Virtual Edition” on page 33.

Installing from an ISO image or OS restore CD onto a virtual machine

on your ESXi Server
You can configure a virtual machine and deploy an instance of Symantec Messaging
Gateway from an OS restore CD or an ISO image. You can perform this task on a
computer that runs VMware ESXi/vSphere 5.0/5.1/5.5/6.0, but you must install the
server first.
Use only ASCII characters in the entry fields when you create a virtual computer
with the management interface. The virtual computer's display name and path
cannot contain non-ASCII characters. Do not use spaces when you create file
names and directories for virtual computers.
You may want to ensure that your guest computer is configured to restart when the
host computer restarts. Consult your VMware documentation for more information.

Note: By default, ESXi uses DHCP and does not use a root password. Symantec
recommends that you modify the ESXi settings to create a root password and assign
a static IP address before installation.
See “Specifying a static IP address for routing” on page 19.
 Deploying Symantec Messaging Gateway as a Virtual Machine 39
Installing Symantec Messaging Gateway on VMware

To install from an ISO image or OS restore CD onto a virtual machine on your ESXi
Server
1 Click the ESXi Server on which you want to place your virtual machine.
2 On the File menu, click New, then click Virtual Machine.
3 Select the Typical option and click Next.
4 Type a descriptive name for the virtual computer and click Next.
5 Select a data store option. This setting is where your virtual computer is located
on the physical disk. Make this selection based on your particular storage
configuration. Options can vary. Click Next.
6 Select the virtual machine version.
7 For the OS, click Linux as the guest operating system and CentOS 4/5/6/7
(64-bit) as the version, then click Next.
8 Reserve the necessary quantity of disk space, and then click Next.
See “System requirements for virtual deployment on VMware” on page 37.
More disk space may be required based on your deployment.
After you reserve disk space and complete deployment, any changes to disk
space require that you repeat the OS restore process.
9 Select the LSI SAS SCSI device.
10 On the Ready to Complete page, check Edit the virtual machine settings
before submitting and click Continue.
11 Click Memory at the left. Reserve the system memory based on your
deployment needs, and then click Next.
See “System requirements for virtual deployment on VMware” on page 37.
12 Click CPU at the left. Select the number of virtual CPUs, and then click Next.
13 If you want a second network interface, click the Add button at the top, choose
the Ethernet Adapter, click Next, click Next again, and click Finish.
14 Click Finish.
15 Continue the deployment to bootstrap your virtual appliance.
See “Using an OS restore CD on your ESXi Server to boot your virtual
computer” on page 41.
See “Using an ISO image on your datastore to boot your ESXi Server virtual
computer” on page 42.
See “Using an OS ISO image on your local computer to boot your ESXi Server
virtual computer” on page 42.
 Deploying Symantec Messaging Gateway as a Virtual Machine 40
Installing Symantec Messaging Gateway on VMware

Deploying an OVF template on ESXi/vSphere

Symantec provides an OVF template for demonstration or testing purposes. Do not
use the following procedure to deploy the OVF template in a production environment
unless you are explicitly told to do so by a Symantec representative. For any
production environment, Symantec recommends that you install from an ISO image
or OS restore CD to deploy Symantec Messaging Gateway as a virtual machine.
See “Installing from an ISO image or OS restore CD onto a virtual machine on your
ESXi Server” on page 38.
An OVF template is a virtual machine that includes the software that you plan to
run on the machine. You can deploy an OVF template that contains Symantec
Messaging Gateway Virtual Edition on a VMware ESXi/vSphere 5.0/5.1/5.5/6.0
server. To deploy the OVF template, use a vSphere or vCenter client on a different
computer than the computer that hosts your ESXi Server.
You may want to ensure that your guest computer is configured to restart when the
host computer restarts. Consult your VMware documentation for more information.

Note: If you cannot successfully complete this procedure, you can instead use an
OS restore disk.
See “Installing from an ISO image or OS restore CD onto a virtual machine on your
ESXi Server” on page 38.

To deploy the OVF template

1 Insert the DVD that contains the OVF template or locate the OVF template
online.
The OVF template file name is as follows:
Symantec_Messaging_Gateway_10.6.*.ovf
If you accessed the file online, proceed to step 2. If you inserted the DVD,
proceed to step 3.
2 If you access the file online, unzip the file.
3 In the File menu, click Deploy OVF template.
4 On the Source page, click Deploy from file.
5 Select the file. If necessary, click Browse to find the file.
6 Click Next.
7 On the OVF Template Details page, click Next.
 Deploying Symantec Messaging Gateway as a Virtual Machine 41
Installing Symantec Messaging Gateway on VMware

8 On the Name and Location page, enter the name for your deployment and
click Next.
9 On the Ready to Complete page, click Finish.
Deploying the OVF may take a few minutes.
When complete, the new computer appears in your inventory.
10 After deployment is complete, access the new virtual computer from your client.
The standard Symantec Messaging Gateway boot sequence begins.

Using an OS restore CD on your ESXi Server to boot your virtual

computer
After you configure a virtual computer on an ESXi Server, you can use an OS restore
CD or ISO image as your bootstrap media.
See “Installing from an ISO image or OS restore CD onto a virtual machine on your
ESXi Server” on page 38.
To use an OS restore CD on your ESXi Server to boot your virtual computer
1 Insert the OS restore disk into your ESXi Server's CD drive.
2 Click Edit virtual machine settings.
3 On the Hardware tab, select CD/DVD Drive 1.
4 Choose Host Device and choose CD.
5 Check Connect at power on and click OK.
6 Click the power on virtual machine icon.
The virtual machine now reboots from the CD drive.
7 Click the Disconnect CD/DVD button and remove the disk from your drive to
prevent the system from performing another OS restore.
Symantec recommends that you disconnect your boot media immediately after
the initial boot process to avoid a future accidental OS restore.
8 Once the installation process is complete, turn off the computer through the
client and edit your computer settings.
9 On the Hardware tab, select CD/DVD Drive 1.
10 Uncheck Connect at power on and click OK.
11 Restart your computer to begin the Symantec Messaging Gateway boot
sequence.
 Deploying Symantec Messaging Gateway as a Virtual Machine 42
Installing Symantec Messaging Gateway on VMware

Using an ISO image on your datastore to boot your ESXi Server

virtual computer
After you configure a virtual computer on an ESXi Server, you can use an ISO
image on your datastore as your bootstrap media.
See “Installing from an ISO image or OS restore CD onto a virtual machine on your
ESXi Server” on page 38.
To use an ISO image on your datastore to boot your virtual computer
1 On the Hardware tab, select New CD/DVD and check Datastore ISO file as
the Device Type.
2 Click Browse and select the ISO file on your datastore. If you have not already
added the ISO image to your datastore, refer to your VMware documentation
for the procedure.
3 Check Connect at Power on, then click Finish. The new virtual computer
appears in the inventory.
4 Turn on your new computer and access your console. The boot process begins.
5 If the console prompts you to partition your SDA device, click your mouse on
the console window, and then press the Enter key for Yes.
6 Once the installation process is complete, turn off the computer through the
client and edit your computer settings.
7 On the Hardware tab, select CD/DVD Drive 1.
8 Uncheck Connect at power on and click OK.
9 Restart your computer to begin the Symantec Messaging Gateway boot
sequence.

Using an OS ISO image on your local computer to boot your ESXi

Server virtual computer
After you configure a virtual computer on an ESXi Server, use an OS ISO image
on your local computer as your bootstrap media.
See “Installing from an ISO image or OS restore CD onto a virtual machine on your
ESXi Server” on page 38.
To use an OS ISO image on your local computer to boot your virtual computer
1 Copy the ISO image onto your local hard drive.
2 Click Edit virtual machine settings.
 Deploying Symantec Messaging Gateway as a Virtual Machine 43
Installing Symantec Messaging Gateway on Hyper-V

3 On the Hardware tab, select New CD/DVD and make sure Client Device is
selected as the Device Type.
4 On the Options tab, select Boot Options and set the Force BIOS Setup.
5 Click OK. The new virtual computer appears in the inventory.
6 Click on the new virtual computer in the inventory, then click the console icon.
7 Click the power on virtual machine icon.
8 If you are using in ISO image. click Connect CD/DVD > Use ISO image, and
browse to your ISO image. If you are using an OS restore CD, choose the letter
of your computer's CD/DVD drive.
The boot process begins.
9 Once the installation process is complete, the Symantec Messaging Gateway
boot sequence begins.
If the Symantec Messaging Gateway boot sequence does not begin, turn off
the computer through the client, click Disconnect CD/DVD device to disconnect
your ISO image, and then restart your computer.

Installing Symantec Messaging Gateway on Hyper-V

Use Symantec Messaging Gateway Virtual Edition with Hyper-V to create a
simulated computer environment on which to run Symantec Messaging Gateway.

System requirements for virtual deployment on Microsoft Hyper-V

Table 3-2 lists the system requirements to deploy Symantec Messaging Gateway
as a guest on Microsoft Hyper-V server. You must install and configure one of these
servers before you install Symantec Messaging Gateway Virtual Edition.
For requirements specific to Microsoft Hyper-V Server, refer to your Microsoft
Hyper-V documentation.

Table 3-2 Supported Configurations for Symantec Messaging Gateway Virtual

Edition on Hyper-V

Description Recommended Minimum Notes

Microsoft Hyper-V Windows 2012 Windows 2008 Processor on host must support
Datacenter Standalone VT and have this setting enabled
Edition in the BIOS prior to installation
to support the 64-bit kernel.
 Deploying Symantec Messaging Gateway as a Virtual Machine 44
Installing Symantec Messaging Gateway on Hyper-V

Table 3-2 Supported Configurations for Symantec Messaging Gateway Virtual

Edition on Hyper-V (continued)

Description Recommended Minimum Notes

Disk type Fixed disk ---- Symantec Messaging Gateway

does not support installation on
a virtual machine with a dynamic
disk.

Disk space For more 120 GB For Scanner-only virtual

information, machines.
consult the
Symantec 120 GB For Control Center–only virtual
Knowledge Base machines.
article, Disk
120 GB For combined Scanner and
Space
Control Center virtual machines.
Recommendations
for Symantec
Messaging
Gateway Virtual
Edition.

Memory 16 GB 8 GB A minimum of 8 GB is necessary

to run Symantec Messaging
Gateway and the virtual
machine.

CPUs 8 4 Symantec recommends

allocating four or more CPUs,
based on workload demands and
hardware configuration.
Note: Your environment must
support 64-bit applications.

NICs 2 1 Only one network interface card

is required per virtual machine.
Symantec Messaging Gateway
supports the use of synthetic
NICs only.
Note: The maximum number of
NICs that are supported is 2.

See “About Symantec Messaging Gateway Virtual Edition” on page 33.

 Deploying Symantec Messaging Gateway as a Virtual Machine 45
Installing Symantec Messaging Gateway on Hyper-V

Installing from an ISO image or OS restore CD onto a virtual machine

on your Microsoft Hyper-V server
You can configure a virtual machine and deploy an instance of Symantec Messaging
Gateway from an OS restore CD or an ISO image. You can perform this task on a
computer that runs Standalone or Datacenter Hyper-V on a supported Windows
Server, but you must install the Hyper-V server first.
Use only ASCII characters in the entry fields when you create a virtual computer
with the management interface. The virtual computer's display name and path
cannot contain non-ASCII characters. Do not use spaces when you create file
names and directories for virtual computers.
You may want to ensure that your guest computer is configured to restart when the
host computer restarts. Consult your Microsoft documentation for more information.

Note: Dynamic disk in a virtual deployment is not supported on Microsoft Hyper-V.

Please review settings for the Hyper-V guest and set the disk to fixed.

To install from an ISO image or OS restore CD onto a virtual machine on your Hyper-V
Server
1 Click on the Microsoft Hyper-V Server on which you want to place your virtual
machine.
2 On the Action menu, click New, then click Virtual Machine.
3 Click Next to create a virtual machine with a custom configuration.
4 Type a descriptive name for the virtual machine, select a storage folder that
pertains to your environment and click Next.
5 Specify the amount of system memory based on your deployment needs, and
then click Next.
See “System requirements for virtual deployment on Microsoft Hyper-V”
on page 43.
6 Select a virtual switch for your network adapter and then click Next. If you
require additional network adapters, these may be added after the New Virtual
Machine Wizard has completed by editing the virtual machine settings.
7 Select Attach a virtual hard disk later and then click Next. This will allow you
to add a fixed hard disk to your virtual machine.
8 Click Finish.
9 Right-click on new virtual machine and select Settings.
 Deploying Symantec Messaging Gateway as a Virtual Machine 46
Installing Symantec Messaging Gateway on Hyper-V

10 Highlight IDE Controller 0 and click Add to add a new hard drive to your virtual
machine.
11 Click New to create a new hard drive and then click Next.
12 Select Fixed and click Next.
13 Specify Name and Location for the new hard drive and then click Next.
14 Reserve the necessary quantity of disk space, and then click Next.
See “System requirements for virtual deployment on Microsoft Hyper-V”
on page 43.
More disk space may be required based on your deployment. After you reserve
disk space and complete deployment, any changes to disk space require that
you repeat the OS restore process.
15 Click Finish, and then click OK.
16 Continue the deployment to bootstrap your virtual appliance.
See “Using an OS restore CD on your Microsoft Hyper-V Server to boot your
virtual computer” on page 46.
See “Using an OS ISO image on your Hyper-V server to boot your Microsoft
Hyper-V Server virtual computer ” on page 47.

Using an OS restore CD on your Microsoft Hyper-V Server to boot

your virtual computer
After you configure a virtual computer on a supported Microsoft Windows Hyper-V
Server, you can use an OS restore CD or ISO image as your bootstrap media.
See “Installing from an ISO image or OS restore CD onto a virtual machine on your
Microsoft Hyper-V server” on page 45.
To use an OS restore CD on your Microsoft Hyper-V Server to boot your virtual
computer
1 Insert the OS restore disk into your Hyper-V Server's CD/DVD drive.
2 Right-click on new Microsoft Hyper-V virtual machine and select Connect.
3 Select Media menu.
4 Select DVD Drive > Insert Disk....
5 Select Symantec Messaging Gateway install disk in your CD/DVD drive and
click Open.
6 Start your virtual machine to begin the Symantec Messaging Gateway boot
sequence.
 Deploying Symantec Messaging Gateway as a Virtual Machine 47
Installing Symantec Messaging Gateway on Hyper-V

Using an OS ISO image on your Hyper-V server to boot your

Microsoft Hyper-V Server virtual computer
After you configure a virtual computer on a Microsoft Hyper-V Server, you can use
an OS ISO image on your Hyper-V server as your bootstrap media.
See “Installing from an ISO image or OS restore CD onto a virtual machine on your
Microsoft Hyper-V server” on page 45.
To use an OS ISO image on your Hyper-V server to boot your virtual computer
1 Copy Symantec Messaging Gateway install ISO to your Hyper-V server.
2 Right-click on new Microsoft Hyper-V virtual machine and select Connect.
3 Select Media menu.
4 Select DVD Drive > Insert Disk....
5 Select the Symantec Messaging Gateway install ISO and then click Open.
6 Start your virtual machine to begin the Symantec Messaging Gateway boot
sequence.