Networking Worksheet
Technical Support:
Cisco IronPort Email Security Appliance
1-877-641-4766
System Settings Default System Hostname:
Email System Alerts To:
Deliver Scheduled Reports To:
QUICKSTART GUIDE
Time Zone Information:
NTP Server:
Admin Password:
SenderBase Network Participation
AutoSupport
Enable
Enable
Disable
Disable
Network Integration
Gateway DNS
Default Gateway (router) IP address:
Use the Internet’s root DNS Servers:
Use these DNS Servers:
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
IP address:
Network mask: Fully Qualified Host name: Accept Incoming Mail Domain: Accept Incoming Mail Destination: Relay Outgoing Mail:
............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
Interfaces
Data 1 Port
C is
0
t C37
nPor pliance
y Ap
co Iro
curit
Email
Data 2 Port
IP address:
Network mask: Fully Qualified Host name: Accept Incoming Mail Domain: Accept Incoming Mail Destination: Relay Outgoing Mail:
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
Management Port
IP address:
Network mask: Fully Qualified Host name: Accept Incoming Mail Domain: Accept Incoming Mail Destination: Relay Outgoing Mail:
............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
. ............................................................................................................................
Message Security
SenderBase Reputation Filtering
IronPort Anti-Spam Sanning Engine
McAfee Anti-Virus Scanning Engine
Sophos Anti-Virus Scanning Engine Virus Outbreak Filters
Enable
Enable
Enable
Enable
Enable
Disable
Disable
Disable
Disable
Disable
© 2010 Cisco Systems, Inc. All rights reserved. Cisco, the Cisco logo, Cisco Systems, Cisco IronPort, IronPort, SenderBase and AsyncOS are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States
and certain other countries. All other trademarks mentioned in the document or website are the property of their respective owners. The use of the word partner does not imply a partnership between Cisco and any other company. (0903R)
P/N 421-0545
Se
Cisco IronPort X1070
2
Cisco IronPort X1070
These simple-to-follow steps will allow you to install,
configure, and start using your Cisco IronPort Email Security
Appliance right away.
3
I N S TA L L
•• Plug the female end of each straight power cable into the redundant
power supplies on the back panel of the appliance.
Plan the installation within your network
Data
Your Cisco IronPort Appliance is designed to serve as your SMTP
email gateway at your network perimeter – that is, the first machine
with an IP address that is directly accessible to the Internet for sending
and receiving email. Many of the features (including Email Security
Monitor, Reputation Filtering, Spam Detection, Virus Protection, and
Encryption) require you to install the Cisco IronPort appliance into your
existing network infrastructure in the following way.
The Cisco IronPort Appliance requires at least one IP address to send
and receive email. Ideally, two IP addresses should be used:
Before you start, be sure you have the following:
•• Rack cabinet enclosure
•• 10/100/Gigabit BaseT TCP/IP local area network (LAN)
•• Connect the Data 2 network port to your private network
Alternately, you can receive and deliver email from a single connection
to either network port, if your network topology dictates it. Multiple IP
addresses can be configured on one network interface.
SERIAL
Firewall
Email Security appliances that include a FIPS-compliant Hardware
Security Module card have an additional serial port on the card. Cisco
IronPort’s implementation of FIPS does not use this serial port.
1
3
2
4
Groupware Server
(Microsoft Exchange™, Lotus
Notes™, SunONE Messaging™)
UNPACK
Clients
Check to make sure the following items are present in the Cisco
IronPort Evvmail Security appliance system box:
DATA 4
SERIAL
2
3
SERIAL
MGMT DATA 1
Dual-Head
Power Cable
4
•• Null modem serial cable
Public
Network
•• Cisco IronPort X1070 Quickstart Guide (this guide)
SMTP and DNS services must have access to the Internet. For
other system functions, the following services may be required:
•• Cisco IronPort AsyncOS for Email Configuration Guide
•• SMTP: port 25 •• DNS: port 53
•• Cisco IronPort AsyncOS Documentation CD
•• HTTP: port 80 •• HTTPS: port 443
•• Safety and Compliance Guide
•• SSH: port 22 •• Telnet: port 23
Note:
•• NTP: port 123
•• LDAP: port 389 or 3268
The Cisco IronPort AsyncOS for Email Configuration Guide does not
ship with Email Security appliances that include a FIPS-compliant
Hardware Security Module card.
You can download the AsyncOS Release Notes from the Cisco IronPort
Customer Support Portal located at www.cisco.com/web/ironport.
2
or
Straight
Power Cables
PO W ER-UP
3
2
MGMT DATA 1
or
Private
Network
2
Public and Private
Networks
Wait 5
minutes
Setup and Management
•• For access by Ethernet™, connect to the Management Network
Port. Use a browser to access the web-based interface on the
default IP address 192.168.42.42. You can also access the
command line interface by SSH or terminal emulation software on
the same IP address. (The netmask is /24.)
•• LDAP over SSL: port 636
•• O
r, for Serial access, connect to the Serial Port. Access the command line interface by a terminal emulator using 9600 bits, 8 bits, no parity,
1 stop bit (9600, 8, N, 1), flowcontrol = Hardware.
•• LDAP with SSL for Global Catalog queries: port 3269
•• FTP: port 21, data port TCP 1024 and higher
See the appendix “Firewall Information” in the Cisco IronPort AsyncOS
for Email Configuration Guide for more information.
1
3
2
4
SERIAL
Ci sc
70
t C3
nce
nPor
o Iro ity Applia
Email
SERIAL
Serial via Terminal
(9600, 8, N, 1)
Serial
Documentation
CD
Safety and
Compliance Guide
Cis
co Iron
Por
t C37
0
C
F
35
95
10
50
5
C O NF I G URE
•• Fill out the Networking Worksheet on the back of this
Quickstart Guide. Contact your network administrator if
you need assistance.
•• Use a browser to connect to the following URL:
http://192.168.42.42
DATA 4
DATA 5
MGMT DATA 1
2
Username: admin
Password: ironport
•• Log in as: 3
Install in Rack
Se cur
Install the Cisco IronPort Appliance into your rack cabinet. Ensure the
ambient temperature around the system is within the specified limits.
Ensure there is sufficient airflow around the unit.
•• The System Setup Wizard begins and the end user license
agreement is displayed. Please read and accept the license
agreement to continue.
SERIAL
MGMT DATA 1
or
Ethernet via SSH or HTTP
(on 192.168.42.42)
•• U
se the information from the Networking Worksheet to complete
the System Setup Wizard.
(Or, you may connect using SSH or terminal emulation software. Initiate
a session to the IP address 192.168.42.42. Log in as admin with the
password ironport and, at the prompt, run the systemsetup
command.)
Technical�Support:
1-877-641-IRON�(4766
IronPort�Messaging�Gateway�Networking
�Worksheet
��
Admin�
Choose�a�new�Password:�*
�
�
Fully-Qualified�Hostname�of�IronPort�Messaging�Gateway�appliance:�*
�
�Choose�an�Interface�Name�(e.g.�ÒPrivateNetÓ):�
�*
�Data�1����
(2)
3
Depending on your network configuration, your firewall may need
to be configured to allow access on the following ports.
•• Straight power cables (2)
(1)
2
Turn on the system power by pressing the On/Off switch on the front
panel of the the appliance. You must wait five minutes for the system to
initialize the very first time you power up before moving on to Step 5.
DATA 5
MGMT DATA 1
MGMT DATA 1
Power
MGMT DATA 1
•• Cisco IronPort X1070 Email Security Appliance
Power
3
4
Cisco IronPort Email
Security appliance
Cisco IronPort C370
•• Dual-head power cable
3
4
Internet
•• Web browser software (or SSH and terminal software)
•• Network cable(s) for connecting to your network
•• Connect the Data 1 network port to your public network
•• O
r, plug the female ends of the dual-head power cable into the
redundant power supplies on the back panel of the appliance.
Note: Some Cisco IronPort X1070 appliances contain fiber optic
interfaces installed as the Data 4 and Data 5 network ports. You can also
use these fiber optic interfaces if your network topology dictates it.
•• Appropriate rails and adaptor kits
1
Power
C O NNECT
(1)
�
IP�Address:�*�
�
Netmask:�*�
Broadcast�Address:�*�
Choose�an�
Interface�Name�(e.g.�ÒPublicNetÓ)
�:
�
IP�Address:�
�
Netmask:�
�
Broadcast�
Address:
Gateway�
Default�Router�(gateway)�I
P�
Address:�*�
���DNS
�
Primary�DNS�Server�Hostname:
�
�
�
Temperature Limits
Documentation
CD
Quickstart
Guide
��
�
��Data�
2�
� Mail��
Injector
�
Primary�DNS�Server�I
P�
Address:�
Secondary�DNS�Server�Hostname:
�
Secondary�DNS�Server�I
P�
Address:
Choose�an�
Injector�Name�(e.g.�ÒOutboundMailÓ):�*
�
�
IP�Interface�Name�(from�above,�e.g.�ÒPrivateNetÓ):�
*
��
�NTP�
NTP�Server�(I
P�address�or�hostname)
:�
*�Indicates�required�informatio
n
�
)
Record critical information
from the Networking Worksheet to assist in completing
the System Setup Wizard.