Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Defender WebMail Installation and Configuration Guide

Defender WebMail
Installation and Configuration Guide
Version 5.6
November 2010
Defender WebMail
©2010 Quest Software, Inc. ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is
furnished under a software license or nondisclosure agreement. This software may be used or copied only in
accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted
in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose
other than the purchaser's personal use without the written permission of Quest Software, Inc.
If you have any questions regarding your potential use of this material, contact:
Quest Software World Headquarters
LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656 USA
www.quest.com
email: legal@quest.com
Refer to our Web site for regional and international office information.
TRADEMARKS
Quest, Quest Software, the Quest Software logo and iToken are trademarks and registered trademarks of Quest
Software, Inc. in the United States of America and other countries. Other trademarks and registered
trademarks are property of their respective owners.
Disclaimer
The information in this document is provided in connection with Quest products. No license, express or implied,
by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the
sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE
LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY
EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL,
PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO
USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest
makes no representations or warranties with respect to the accuracy or completeness of the contents of this
document and reserves the right to make changes to specifications and product descriptions at any time without
notice. Quest does not make any commitment to update the information contained in this document.
Defender WebMail Installation and Configuration Guide
Updated – November 2010
Software Version - 5.6
Defender WebMail Installation and Configuration Guide
Page 2
Defender WebMail
Contents
Contents ................................................................................................................................................ 3
What is Defender WebMail? ................................................................................................................. 4
E-mail Access Protocol ...................................................................................................................... 4
Before Installing Defender WebMail...................................................................................................... 5
Upgrading Defender WebMail .............................................................................................................13
Installing a Certificate ..........................................................................................................................17
Adding a Trusted CA Certificate ......................................................................................................17
How to create a PKCS#7 formatted certificate file ..........................................................................17
Using Defender WebMail ....................................................................................................................17
Changing the Defender WebMail Configuration .................................................................................18
Defender WebMail Pre-installation Checklist ......................................................................................19
Defender WebMail Installation and Configuration Guide
Page 3
Defender WebMail
What is Defender WebMail?
Defender WebMail allows remote users to securely access their corporate e-mail over the web. It
provides a link between remote users on the Internet, a corporate e-mail system and a Defender
system. Quest recommends that the WebMail Relay Server component is installed in your corporate
DMZ. Remote users will communicate through the WebMail Relay Server to access their e-mail.
The WebMail Relay Server will accept access requests from remote users over the web and forward
them to the Defender system for authentication. If authentication is successful, the WebMail Relay
Server will securely pass the information to the internal e-mail web server.
Remote
Users
Internet
WebMail
Relay
Server
Defender
Management
Console
E-mail
System
(eg. Exchange)
DMZ
Defender
Security
Server(s)
E-mail
Web
Server
E-mail Access Protocol
During the installation procedure, you can configure the WebMail Relay Server (WebRelay) to use
SSL (https) for added security. If you choose to use SSL, WebMail automatically runs a re-direct
service on http to ensure that all requests entered by the user are re-directed to https, even if the user
types http.
Defender WebMail Installation and Configuration Guide
Page 4
Defender WebMail
Before Installing Defender WebMail
This section describes the information you need to gather and the actions to perform before you
install Defender WebMail. All of the items described below are summarized in a checklist at the end of
this document. Print a copy of the checklist to fill in as you work through the following steps. When
you have completed the checklist, the installation procedure will be very easy.
1. E-mail Access Protocol (checklist item 1)
Do you want your end-users to establish an SSL connection over the Internet to connect to the
WebMail Relay Server and collect their e-mail?
Quest recommends that you use an SSL connection as this adds security to the system. If SSL is
employed, you must install a server certificate on your WebMail Relay Server. The installation
procedure will help you generate the certificate request (see 3 below). SSL uses the HTTPS
protocol. If SSL is not employed, the HTTP protocol is used.
Note: If possible, ask your certificate provider to supply your certificate in PKCS#7 format. If your
certificate is supplied in X.509 format, refer to How to create a PKCS#7 formatted certificate
file on page 17.
SSL
Internet
SSL
WebMail
Relay
Server
2. Name of the WebMail Relay Server (checklist item 2)
You need to know the fully qualified domain name (public address) of the WebMail Relay Server
located in the DMZ.
Internet
WebMail
Relay
Server
webmail.mydomain.com
webmail.mydomain.com
3. Certificate Information (checklist items 3 and 7)
If you chose to use SSL in step 1, you will be prompted to enter the following information during
the WebMail installation procedure. If you are not using SSL, go to step 4.
Organization
Organizational Unit
Locality
State or Province
Country
your company name
your department name
town or city where your company is located
state, province or county where you are located
your two character country code as defined in ISO 3166-1 (see
http://www.iso.org/iso/country_codes/iso_1366_code_lists/english_
country_names_and_code_elements.htm)
Defender WebMail Installation and Configuration Guide
Page 5
Defender WebMail
4. URL of E-Mail Web Server (checklist items 8 through 10)
You need to know the following information about your internal web server:
access protocol (SSL or non-SSL)
IP address or DNS name
port number.
Ask your e-mail administrator for this information.
5. Defender Security Server (checklist items 12, 13 and 14)
You need to know the following information about your Defender Security Server (DSS):
IP address or DNS name of the primary DSS
port number of the primary DSS
Shared Secret for the access node to be used by the primary DSS.
Ask your Defender administrator for this information.
6. Secondary Defender Security Server (checklist items 15, 16 and 17)
If you are using a secondary Defender Security Server, you need to know the following
information:
IP address or DNS name of the secondary DSS
port number of the secondary DSS
Shared Secret for the access node to be used by the secondary DSS.
Ask your Defender administrator for this information.
7. Defender (checklist 19)
The following information must be defined at the primary DSS and secondary DSS:
Defender 5
create a new access node to allow access from WebMail.
Ask your Defender administrator to do this.
Defender WebMail Installation and Configuration Guide
Page 6
Defender WebMail
8. Firewall Configuration (checklist 20)
Configure access paths through your firewall(s) to:
enable outside users to access the WebMail Relay Server
allow the WebMail Relay Server to communicate with the internal e-mail web server and
Defender.
9. User ID Set-up (checklist 21)
The user ID entered by a user to access e-mail via Defender WebMail must be defined to and be
the same on both the Defender system and the e-mail server.
Defender WebMail Installation and Configuration Guide
Page 7
Defender WebMail
Installation Pre-requisites
Ensure that Java JDK 1.4 or higher (Windows x86 version) is installed on the machine where you will
install Defender WebMail. This is required for 32 bit (x86) and 64 bit(x64) systems.
Java JDK 1.4 or higher (Windows x86 version) is available from:
http://java.sun.com/javase/downloads/index.jsp.
The following dialog is displayed when you start the Defender WebMail installation.
Installing Defender WebMail
Defender WebMail is installed on the machine designated as the WebMail Relay Server in your DMZ.
1. To start the installation procedure, run DefenderWebMail.msi on the WebMail Relay Server.
2. Click Next to continue.
Defender WebMail Installation and Configuration Guide
Page 8
Defender WebMail
3. Accept the License Agreement and click Next to continue.
4. Click Next to accept the default destination folder. To select a different destination folder, click
Browse, locate the required destination folder, then click Next to continue.
1
2
Defender WebMail Installation and Configuration Guide
Page 9
Defender WebMail
5. Click on the arrow in the Protocol field to display a list of available access protocols. Select the
access protocol required for your WebMail Server (checklist item 1).
6. Type the fully qualified domain name for your WebMail Server in the Domain name field
(checklist item 2). Click Next to continue.
3
4
5
6
7
7. If you selected the HTTPS access protocol, you will be prompted for the information required to
generate a certificate request. Complete the fields on this dialog using items 3 through 7 on the
checklist.
When the Defender WebMail installation is complete, you can use the automatically generated
request to obtain a certificate from your Certificate Authority.
Click Next to continue.
8
9
10
8. In the Protocol field, enter the communication protocol for Outlook Web Access application that
you want to protect (checklist item 8).
9. In the Server (IP/DNS) field, enter the name for the Outlook Web Access application (checklist
item 9).
10. In the Port field, enter the port number of the Outlook Web Access application (checklist item 10).
Defender WebMail Installation and Configuration Guide
Page 10
Defender WebMail
11. If you are using Exchange 2007, check the box. For any other version of Exchange, uncheck the
box. (checklist item 11)
12. Click Next to continue.
12
13
14
13. In the Server (IP/DNS) field, enter the name of the primary DSS (checklist item 12).
14. In the Port field, enter the port number of the primary DSS (checklist item 13).
15. In the Access Node Shared Secret field, enter the shared secret used for the Access Node and
Primary DSS (checklist item 14). Click Next to continue.
15
16
17
16. If you are using a secondary DSS, complete the fields as described in steps 18 through 20.
17. If you do not have a secondary DSS, uncheck the Define secondary DSS checkbox and click
Next to continue.
18. In the Server (IP/DNS) field, enter the name of the secondary DSS (checklist item 15).
19. In the Port field, enter the port number of the secondary DSS (checklist item 16).
20. In the Access Node Shared Secret field, enter the enter the shared secret used for the Access
Node and Secondary DSS (checklist item 17).
21. Click Next to continue.
Defender WebMail Installation and Configuration Guide
Page 11
Defender WebMail
22. You can review the selections made during the installation by scrolling this screen. To go back
and make changes to the installation, click Back. When you have finished configuring Defender
WebMail, click Next. After a few moments, the Setup Status screen is displayed.
23. The required files are copied to the WebMail Server.
If you selected HTTPS as your access protocol for the WebMail Relay Server, a certificate
request is automatically generated.
Note: Defender WebMail configuration is not complete until the server certificate has been issued by
a Certificate Authority and correctly installed. Refer to Installing a Certificate for further information.
24. When you have copied the certificate CSR request, click OK. The InstallShield Wizard
Complete screen is displayed.
25. Click Finish to complete the WebMail installation.
Defender WebMail Installation and Configuration Guide
Page 12
Defender WebMail
After Installation
Perform the following steps in your Defender installation:
1. Define a new access node for WebMail.
2. Create a security policy.
3. Assign the security policy to the access node you have created for the WebMail Agent, using the
access node Policy tab.
For full information, refer to the Defender Installation Guide.
Upgrading Defender WebMail
To upgrade WebMail to the latest version, perform the following steps.
Defender WebMail is installed on the machine designated as the WebMail Relay Server in your DMZ.
1. To start the upgrade procedure, run DefenderWebMail.msi on the WebMail Relay Server.
2. Click Next to continue.
Defender WebMail Installation and Configuration Guide
Page 13
Defender WebMail
3. Accept the License Agreement and click Next to continue.
4. Click Next to accept the default destination folder. To select a different destination folder, click
Browse, locate the required destination folder, then click Next to continue.
Defender WebMail Installation and Configuration Guide
Page 14
Defender WebMail
5. An existing version of WebMail has been found on you system. The WebMail installer will copy
your existing configuration and use this information to configure the new version. The original
version of WebMail will then be automatically removed from your system.
Click Next to continue with the upgrade procedure.
6. The installer is now ready to perform the upgrade. Click Install to continue.
7. On completion of the upgrade, you will be asked to confirm removal of the old version of Webmail.
Click OK to continue.
8. On completion of the upgrade procedure, the Maintenance Complete dialog is displayed. Click
Finish.
Defender WebMail Installation and Configuration Guide
Page 15
Defender WebMail
9. To close the Defender WebMail Setup Wizard, click Finish.
The latest version of Defender WebMail is now installed and configured with your original
configuration information.
For further configuration information refer to Changing the Webmail Configuration on page 18.
Defender WebMail Installation and Configuration Guide
Page 16
Defender WebMail
Installing a Certificate
To install a certificate obtained using a Defender WebMail generated request, select the Install
Certificate option from the Defender WebMail menu on the Start button. Paste the certificate details
into the Install Client Certificate window.
Adding a Trusted CA Certificate
If you use HTTPS to communicate with your e-mail web server and it uses a certificate issued by a
VeriSign or Thawte Certificate Authority, Defender WebMail will automatically trust it. If you are using
a certificate issued by any other Certificate Authority, then you will need to add this Certificate
Authority to the list of Trusted Certificate Authorities.
To add a Trusted CA Certificate, select the Certificate configuration option from the Defender
WebMail menu on the Start button. Then select Install Trusted CA Certificate. Import the file that
contains the certificate information and enter an alias for the certificate.
Restart the Defender WebMail service.
How to create a PKCS#7 formatted certificate file
To convert a certificate from X.509 format to PKCS#7 format you must have access to a Windows
machine running a recent version of Internet Explorer. Follow the steps below:
1. Copy the certificate response to the Windows machine and name the file sslcert.cer.
2. Double-click on sslcert.cer. The certificate details are displayed in a new window.
3. Click Install Certificate. Accept the default values in the Certificate Install wizard windows.
Close the certificate details window.
4. Open an Internet Explorer window (note that these instructions are based on IE6 and may differ
for other versions).
5. From the Tools menu, select Internet Options.
6. On the Content tab, click Certificates.
7. Locate and highlight the imported certificate. It may be located in the Other People tab.
8. Click Export.
9. Export the certificate as a PKCS#7 formatted certificate and include all certificates in the
certification path.
10. Save the certificate as a p7b file and close Internet Explorer.
11. Provide the PKCS#7 certificate as the response in the WebMail certificate configuration window.
Using Defender WebMail
Enter the URL used to access the Defender WebMail Server, see checklist item 2. You will be
prompted to enter your:
User ID
Web e-mail password
Defender authentication credentials as appropriate.
Defender WebMail Installation and Configuration Guide
Page 17
Defender WebMail
Changing the Defender WebMail Configuration
To change your configuration details after installation, select the Configure Defender WebMail option
from the Defender WebMail menu on the Start button. The options are described below:
Please enter the URL of the Defender WebMail server < >
Type the URL that users will use to access the Defender WebMail server.
Add another Defender WebMail URL <Yes or No>
If you enter Yes, you are prompted to enter the URL of the WebMail Server.
Which port do you want the Defender WebMail servers to use?<8080>
Please enter the URL of the Outlook Web Access (OWA) server < >
Type the URL that will be used to access the Outlook Web Access server.
Please enter the DNS/IP Address of your primary Defender Security Server < >
Type the full distinguished name or IP address of the machine where your primary Defender Security
Server is installed.
Please enter the port number of your primary Defender Security Server<1812>
Type the port number that will be used by your primary Defender Security Server. The default is 1812.
Please enter the Access Node shared secret on your primary Defender Security Server <>
Type the shared secret used by the Access Node and the primary Defender Security Server. This is the
shared secret that you specified when you first set up the Access Node.
Please enter the DNS/IP Address of your secondary Defender Security Server
Type the full distinguished name or IP address of the machine where your secondary Defender Security
Server is installed.
Please enter the port number of your secondary Defender Security Server<1812>
Type the port number that will be used by your secondary Defender Security Server. The default is 1812.
Please enter the Access Node shared secret on your secondary Defender Security Server <>
Type the shared secret used by the Access Node and the secondary Defender Security Server. This is
the shared secret that you specified when you first set up the Access Node.
User inactivity timeout in seconds?<600>
Type the amount of time (in seconds) that you want to allow a session to be idle. After this interval of
inactivity, the user will need to log in again and re-authenticate. The default is 10 minutes. The inactivity
timeout value must be less than the session timeout value.
Session timeout in seconds?<7200>
Type the amount of time (in seconds) that you want a session to be valid. After this time elapses, users
will need to log in again and re-authenticate. The default is 7200 seconds (two hours). The session
timeout value must be greater than the inactivity timeout value (see below).
Level of client IP address verification <0=Off, 1=Medium or 2=High>
Type either 0, 1 or 2 to specify the level of client IP address verification required during authentication.
0 = client IP address is not verified
1 = only the network section of the IP address is verified
2 = the entire IP address is verified against the original client IP address expected by Defender WebMail.
Exchange 2007? <yes/no>
Enter Yes is you are using Exchange 2007. For any other version of Exchange, enter No.
Defender WebMail Installation and Configuration Guide
Page 18
Defender WebMail
Defender WebMail Pre-installation Checklist
1.
Access protocol of the WebMail Server
HTTP ( )
2.
Fully qualified domain name of WebMail Server
___________________
3.
Organization (your company name)
___________________
4.
Organizational Unit (your department name)
___________________
5.
Locality (town or city)
___________________
6.
State or Province
___________________
7.
Country (limited to two characters)
__
8.
Access protocol of the Outlook Web Access application
HTTP ( )
9.
IP address / DNS name of the Outlook Web Access
application
___________________
10.
Port number of the Outlook Web Access application
___________________
11.
Exchange 2007
___________________
12.
IP address / DNS name of the Primary DSS
___________________
13.
Port number of the Primary DSS
___________________
14.
Shared Secret for the Primary DSS
___________________
15.
IP address / DNS name of Secondary DSS
___________________
16.
Port number of Secondary DSS
___________________
17.
Shared Secret for the Secondary DSS
___________________
18.
Firewall configured to allow WebMail traffic?
Tick when done ( )
19.
Same user ID defined on both Defender and the email system?
Tick when done ( )
Defender WebMail Installation and Configuration Guide
HTTPS ( )
HTTPS ( )
Page 19
Related documents
Cost of Reproduction
Cost of Reproduction
ngapa joussif
ngapa joussif
Instructions for Students
Instructions for Students
To log in to Exchange via Texas A&M Exchange Email (Webmail): 1
To log in to Exchange via Texas A&M Exchange Email (Webmail): 1
Foundation Degree Early Childhood Education and Care
Foundation Degree Early Childhood Education and Care
dbyte info systems services pvt. ltd.
dbyte info systems services pvt. ltd.
Physics of Martial Arts .
Physics of Martial Arts .
Download