8 Replies Latest reply on Dec 27, 2010 9:41 AM by ron.sokol

    IronMail Integration with ePO 4.5

    runcmd

      Has anyone configured their IronMail appliance to communicate with their ePO server?  I'm wondering what the benefits are and if it is worth pursuing--especially if you only have one IronMail appliance.  It looks like the primary benefit is being able to consolidate logs of events from multiple appliances and generate reports based on that data.

       

      Additionally, how much bloat does this add to your ePO database?  The "McAfee Email Gateway Administration Guide version 6.7.2" lists several information types that are transferred from MEG/IronMail appliances to the ePO, but it would appear that it is "all or nothing"--unless you can be selective about which events are pulled using ePO's Event Filtering after the extension is added.

       

      Thanks for any & all responses.

        • 1. Re: IronMail Integration with ePO 4.5
          gulaner

          Hi,

           

          You are correct in your description of the IronMail (McAfee Email Gateway) integration with ePO 4.5 - you can consolidate information from all the MEG appliances in your network, reporting the results as if they were produced by one appliance. From the ePO server, you can drill down to find information about individual appliances. You also have the ability to open a browser window directly from ePO to the Administration GUI of each appliance.

           

          Considering you only have a single IronMail appliance it probably would not provide you the benefit that you would have it you had multiple MEG appliances.  However, if ePO is used to manage other McAfee network security products then it could make sense in being able to manage multiple products from a single management console.

           

          Thanks,

           

          Gary Ulaner

          Product Management - McAfee

          • 2. Re: IronMail Integration with ePO 4.5
            runcmd

            Thanks for the feedback, Gary...  I was under the impression that the MEG extensions for the ePO primarily just introduced reporting capabilities.  Can you actually perform management of a MEG from the ePO at this time?  I remember my local sales guy hinting that was the direction McAfee wanted to go, back when McAfee first bought IronMail.  If so, I can see how centralized management could be an added benefit--or does it just spin you off into the MEG administrative interface without the need for re-authentication?  If the former, does McAfee offer any on-line demos or videos of what this looks like once integrated into the ePO?  Thanks again!

            • 3. Re: IronMail Integration with ePO 4.5
              ron.sokol

              Agreed, it would be nice if we could centrally configure these devices.  Especially since they don't support a shared config between nodes.  Hey, CMD, what ports did you have to allow for communication to ePO server?  Standard ePO agent ports?  Tks, -R

              • 4. Re: IronMail Integration with ePO 4.5
                runcmd

                Sorry I'm not going to be much help...  Because we only have one MEG appliance and you really only gain report consolidation, I didn't see that great of a benefit to justify pursuing it.  You do have a good point though...  I don't see anything in the IronMail/MEG v6.7.2 manual about what ports it uses to communicate with the ePO.  Without that information, firewall configuration becomes trial & error.

                • 5. Re: IronMail Integration with ePO 4.5
                  ron.sokol

                  Yeah, we're doing it for consistency of reporting. It should be in the guides (and isn't) but I may have figured it out though.  So I add it here for anyone else wondering the same.

                   

                  Once I actually try to add the appliance to ePO 4.5, in Menu, Configuration, Registered Servers, when you add a new, after selecting type 'McAfee Email Gateway 6.7.2', name it and click next, it autofills the port to 10443, (which is also the admin port in the normal browser - so I hope that means our existing firewall rules will cover the connection as well.)

                   

                  These steps assume the extension is already checked in to ePO for the Email Gateway.

                  1 of 1 people found this helpful
                  • 6. Re: IronMail Integration with ePO 4.5
                    gulaner

                    Hi,

                     

                    Thanks for the response.  ePO does not actually perform configuration/policy management to the IronMail appliance.  As I a mentioned previously it can do consolidated reporting.  You are correct in that through the ePO UI you can attach to the IronMail admin GUI and manage remotely.

                     

                    Thanks,

                     

                    Gary

                    • 7. Re: IronMail Integration with ePO 4.5

                      Consolidate reporting would be nice. What is the additional load to epo?

                      • 8. Re: IronMail Integration with ePO 4.5
                        ron.sokol

                        I'm not sure of the best way to measure the load on the server (most likely a hit to the db server) but if it's anything like the Quarantine Manager, it's not much of a reporting load.  I did note that when I installed the extension for Email and Web Security to ePO, an automated server task appeared which purges EWS events daily.

                         

                        Notes on configuring ePO integration for EWS (or in our case McAfee Email Gateway.  I'm not sure if these terms are interhangeable): The ePO server has to be in the allowed IP list in the EWS (if that 'firewall' functionality is being used).  The communications port is 10443 from ePO to EWS.  The credential in ePO HAS to be the default ePO account name in EWS (Or at least on my McAfee Email Gateway) called 'ePO'.  We reset the password, set it to match in the registered server user and password for the EWS, and ta-da!