Symantec™ Messaging

Gateway 10.0 Getting Started

Guide

powered by Brightmail™
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.

Documentation version: 10.0

PN: 21257306

Legal Notice
Copyright © 2012 Symantec Corporation. All rights reserved.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec
Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks
of their respective owners.

This Symantec product may contain third party software for which Symantec is required
to provide attribution to the third party (“Third Party Programs”). Some of the Third Party
Programs are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under
those open source or free software licenses. Please see the Third Party Legal Notice Appendix
to this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

http://www.symantec.com

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1
Technical Support
Symantec Technical Support maintains support centers globally. Technical
Support’s primary role is to respond to specific queries about product features
and functionality. The Technical Support group also creates content for our online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. For example, the Technical Support group works with Product Engineering
and Symantec Security Response to provide alerting services and virus definition
updates.
Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right
amount of service for any size organization
■ Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
■ Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our Web site
at the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
■ Product release level
 ■ Hardware information
■ Available memory, disk space, and NIC information
■ Operating system
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Symantec
■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:
www.symantec.com/business/support/

Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs, DVDs, or manuals
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:

Asia-Pacific and Japan [email protected]

Europe, Middle-East, and Africa [email protected]

North America and Latin America [email protected]

 Contents

Technical Support ............................................................................................... 4

Chapter 1 Introducing Symantec Messaging Gateway .................... 9
About Symantec Messaging Gateway ................................................. 9
What's new in Symantec Messaging Gateway .................................... 10
Where to get more information ....................................................... 14
About basic deployment ................................................................ 15

Chapter 2 Installing your appliance ................................................... 17

About installation configurations .................................................... 17
Installation checklist .................................................................... 18
System requirements .................................................................... 19
Setting up the appliance hardware .................................................. 20
Starting the appliance software set up ............................................. 20
Specifying Ethernet interfaces ........................................................ 21
Specifying a static IP address for routing .......................................... 22
Specifying gateway and DNS IP addresses ........................................ 23
Specifying the role for the appliance ................................................ 24
Registering your license ................................................................ 25
Troubleshooting license file registration .................................... 27
Updating to the latest software during initial setup ............................ 27
Configuring the Control Center ....................................................... 28
Adding a Scanner through the Control Center ................................... 30
Configuring the Scanner for inbound and outbound mail
filtering ................................................................................ 32

Chapter 3 Deploying Symantec Messaging Gateway as a

Virtual Machine ............................................................. 37
About Symantec Messaging Gateway Virtual Edition .......................... 37
System requirements for virtual deployment .................................... 38
Deploying an OVF template on an ESX 4.x or ESXi 5/4.x Server ............ 39
Installing from an ISO image or OS restore CD onto a virtual machine
on your ESX or ESXi Server ...................................................... 41
8 Contents

Using an OS restore CD on your ESX or ESXi Server to boot your

virtual computer .................................................................... 42
Using an ISO image on your datastore to boot your virtual
computer .............................................................................. 43
Using an OS restore CD or ISO image on your local computer to boot
your virtual computer ............................................................. 44
 Chapter 1
Introducing Symantec
Messaging Gateway
This chapter includes the following topics:

■ About Symantec Messaging Gateway

■ What's new in Symantec Messaging Gateway

■ Where to get more information

■ About basic deployment

About Symantec Messaging Gateway

Symantec Messaging Gateway offers enterprises a comprehensive gateway-based
message-security solution. Symantec Messaging Gateway delivers inbound and
outbound messaging security, real-time antispam and antivirus protection,
advanced content filtering, and data loss prevention in a single platform.
Symantec Messaging Gateway does the following to protect your environment:
■ Detects spam, denial-of-service attacks, and other inbound email threats
■ Leverages a global sender reputation and local sender reputation analysis to
reduce email infrastructure costs by restricting unwanted connections
■ Filters email to remove unwanted content, demonstrate regulatory compliance,
and protect against intellectual property and data loss over email
■ Obtains visibility into messaging trends and events with minimal administrative
burden
See “Where to get more information” on page 14.
10 Introducing Symantec Messaging Gateway
What's new in Symantec Messaging Gateway

What's new in Symantec Messaging Gateway

Table 1-1 lists Symantec Messaging Gateway's new features and enhanced features.

Table 1-1 Symantec Messaging Gateway new features and enhanced features

New feature or Description

enhancement

Creation of custom spam You can obtain custom spam rules specifically for your
rules organization based on the missed spam messages and false
positive messages that administrators and end users submit.
This feature provides the following benefits:

■ It improves Symantec Messaging Gateway's ability to detect

spam and helps administrators control false positive
incidents.
■ It makes it easier to submit missed spam messages or false
positive messages to Symantec for analysis and rule creation.
■ It provides visibility into the submission status and rule
creation.

When you configure this feature, administrators and end users

can submit email messages to Symantec as missed spam or false
positives. Within minutes, Symantec creates custom rules. The
conduit obtains these rules which are then applied to each
configured Scanner.

Integration with Enforce The Enforce Server provides a centralized Web-based

Server management console and incident repository.

This integration lets you remediate quarantined messages from

either Symantec Messaging Gateway Control Center or from
the Enforce Server administration console. If remediation occurs
from Enforce Server, it writes the status to Symantec Messaging
Gateway so the incident status stays synchronized. You can also
synchronize status updates from Symantec Messaging Gateway
to Enforce Server.
 Introducing Symantec Messaging Gateway 11
What's new in Symantec Messaging Gateway

Table 1-1 Symantec Messaging Gateway new features and enhanced features
(continued)

New feature or Description

enhancement

IPv6 addresses are Symantec Messaging Gateway lets any host in a deployment be
supported provisioned with IPv6 addresses.

First configure your Scanners with at least one primary IPv4

address that Symantec Messaging Gateway can use for
communication between the Control Center and Scanner. You
configure this primary IPv4 address when you initially install
the appliance. Once the initial setup is complete and a Scanner,
Control Center, or both have been configured, you can
implement IPv6 addresses as needed.

IPv6 addresses are only supported for certain features.

Ability to bypass You can conserve scanning resources when you select the
scanning content malware policy action to bypass the scanning of content filtering
filtering policies when policies. Symantec Messaging Gateway takes the actions that
Symantec Messaging you specify for that malware policy but does not scan the
Gateway detects malware message for content filtering policies. When you select this
action, you can bypass the scanning of specific content filtering
policies or of all content filtering policies.

Improvements to spam You can now send spam or suspected messages to content
filtering incident folders. This feature lets you categorize spam and
suspected spam messages into content incident folders so that
you can analyze them and fine-tune your spam policies.

When you create or modify a spam policy, you now have the
option to Create an informational incident or Create a
quarantine incident for a policy action. Then you specify the
informational incident or quarantine incident folder that you
want to use (you must have previously created these folders).
You can also select these options when you configure sender
authentication failure.
12 Introducing Symantec Messaging Gateway
What's new in Symantec Messaging Gateway

Table 1-1 Symantec Messaging Gateway new features and enhanced features
(continued)

New feature or Description

enhancement

Additional information The message queue now provides details about how many times
about messages in the the MTA attempted to deliver a message and when the next
message queue and delivery attempt is scheduled.
message audit log
The message audit log also includes details about the message
delivery attempts and contains the logical IP address as well.
The logical IP address is derived from the “Received:” headers
of the message content. Symantec Messaging Gateway uses this
IP address for filtering purposes. Based on your deployment,
this address may be identical to the “Accepted from” IP address.

Greater flexibility to Symantec Messaging Gateway now lets you customize your
customize your backups backups. In addition to a full backup, you can back up all
configuration data (which includes policies), plus one or more
of the following: log data, reports, and messages in content
incident folders.

For example, assume that you want to back up and maintain

messages in incident folders for compliance requirements but
do not have enough storage space. You can back up policies plus
content incidents exclude logs and reports and store the backup
off-box. Another example is that you may have a situation where
you want to copy the policies that you have on one Control
Center to another. You can back up the policies and restore them
on the other Control Center.

You can create custom backups through the Control Center or

at the command line.

Additional negative Negative rules are rules in which a condition must not be present
content filtering policy to trigger a violation. An example of a negative rule is: does not
conditions contain Subject.

Ability to scan HTML Previously, Symantec Messaging Gateway only scanned the
tags in the message body HTML body. Now you can scan HTML tags in the body of the
message.
 Introducing Symantec Messaging Gateway 13
What's new in Symantec Messaging Gateway

Table 1-1 Symantec Messaging Gateway new features and enhanced features
(continued)

New feature or Description

enhancement

Specify subsequent You can now define how you want Symantec Messaging Gateway
content filtering policy to address subsequent content filtering policies. When a policy
actions is triggered, you may still want to have Symantec Messaging
Gateway perform any non-conflicting actions for the next policy
that it evaluates. Or you can specify that for the next policy
evaluated, to only create incidents in an incident folder or send
a notification if those actions are specified. Another option
would be that once a message triggers a content filtering policy,
no subsequent content filtering policies are evaluated. This
option conserves scanning resources.

All predefined All of the predefined attachment lists that Symantec provides
attachment lists are now in Symantec Messaging Gateway are now premium attachment
premium attachment lists. These premium attachment lists cannot be modified nor
lists deleted. But you can copy any of these lists and modify the
copies. You can also delete custom lists when they are no longer
needed.

If you upgrade from a previous version, predefined, customizable

attachment lists are retained, as well as any modifications that
you made to those lists. Any content filtering policy that uses
these customized attachment lists as a condition continues to
work as you defined it in your policy.

Upon upgrade, new versions of the default, predefined custom

attachment lists appear in the Attachment List table. These
new lists are premium attachment lists. For example, if you
upgrade from version 9.5x, two versions of Archive Files appear
in the Attachment List table: one is the previous custom list;
the other is the new premium list.

Content filtering templates use premium attachment lists. If

you want to use a custom attachment list, modify the content
filtering policy and specify the custom attachment list that you
want to use.

New content filtering These new variables provide links to the Control Center pages
incident notification where users can view or remediate incidents. The new variables
message variables also let you specify whether users can auto-authenticate or if
they must type their credentials to access the Control Center.
14 Introducing Symantec Messaging Gateway
Where to get more information

Table 1-1 Symantec Messaging Gateway new features and enhanced features
(continued)

New feature or Description

enhancement

New custom policy In addition to the ability to approve incidents or reject incidents
actions in quarantine incident folders, you can also create a custom
action. You define the custom action when you configure policy
actions.

Where to get more information

The following resources provide more information about your product:

Documentation The Symantec Messaging Gateway documentation set

consists of the following manuals:

■ Symantec Messaging Gateway Administration Guide

■ Symantec Messaging Gateway Installation Guide
■ Symantec Messaging Gateway Getting Started Guide
■ Symantec Messaging Gateway Command Line Reference
Guide
■ Symantec Messaging Gateway Release Notes
■ Symantec Messaging Gateway Software Update Notes

www.symantec.com/business/support/
documentation.jsp?language=englishview=
manualspid=53991

Product Help system Symantec Messaging Gateway includes a comprehensive

Help system that contains conceptual and procedural
information.
 Introducing Symantec Messaging Gateway 15
About basic deployment

Symantec Web site Visit the Symantec Web site for more information about
your product as follows:

■ www.symantec.com/enterprise/support
Provides access to the technical support knowledge base,
newsgroups, contact information, downloads, and
mailing list subscriptions
■ https://licensing.symantec.com/acctmgmt/index.jsp
Provides information about registration, frequently
asked questions, how to respond to error messages, and
how to contact Symantec License Administration
■ www.symantec.com/business/index.jsp
Provides product news and updates
■ www.symantec.com/business/security_response/index.jsp
Provides you access to the virus encyclopedia, which
contains information about all known threats;
information about hoaxes; and access to white papers
about threats

About basic deployment

You can use each appliance to perform a variety of functions. During the initial
setup, the installation wizard prompts you to choose the function that each
appliance will perform. Before you install the product, decide which functions to
assign your appliance. Contact a sales representative for additional help with
performance sizing.
The available functions are as follows:
16 Introducing Symantec Messaging Gateway
About basic deployment

Control Center A Control Center lets you configure and manage all of the following
from a Web-based interface:

■ Email filtering
■ SMTP routing
■ System settings
■ Spam Quarantine
■ Suspect Virus Quarantine
■ Content filtering incident folders
■ All other functions

The Control Center provides information on the status of all of

the Symantec Messaging Gateway hosts in your environment,
including logs and reports.

You must configure one Control Center for your site. One Control
Center controls one or more Scanners.

Scanner Scanners can perform all of the following tasks:

■ Perform filtering based on IP connections, such as Connection

Classification, Fastpass, and various sender groups
■ Filter email for viruses, spam, and noncompliant messages

You can configure multiple Scanners.

Control Center and Performs both functions. This configuration is suitable for smaller
Scanner installations.

Note: This documentation assumes that you will configure a single appliance as
both a Control Center and a Scanner, and that your Scanner will perform inbound
and outbound mail filtering. If your filtering requirements exceed this basic
scenario, refer to the Symantec Messaging Gateway Installation Guide.
 Chapter 2
Installing your appliance
This chapter includes the following topics:

■ About installation configurations

■ Installation checklist

■ System requirements

■ Setting up the appliance hardware

■ Starting the appliance software set up

■ Specifying Ethernet interfaces

■ Specifying a static IP address for routing

■ Specifying gateway and DNS IP addresses

■ Specifying the role for the appliance

■ Registering your license

■ Updating to the latest software during initial setup

■ Configuring the Control Center

■ Adding a Scanner through the Control Center

■ Configuring the Scanner for inbound and outbound mail filtering

About installation configurations

You can install and run Symantec Messaging Gateway in several ways:
18 Installing your appliance
Installation checklist

Symantec Messaging Install and run a physical, Symantec-supplied appliance.

Gateway appliance

Symantec Messaging Install and run a virtual appliance, using your choice of
Gateway Virtual Edition hardware.

See “About Symantec Messaging Gateway Virtual Edition”

on page 37.

Mixed-mode Install and run a combination of physical and virtual

components.

Installation checklist
Table 2-1 describes the information to have on hand and the hardware to have in
before you install Symantec Messaging Gateway.

Table 2-1 Installation checklist

Item Description

Console access to Keyboard and VGA monitor or through another computer through
appliance for initial a serial port. After initial setup, you can log into an appliance's
setup command line interface using SSH.

Valid license file The same license file can be used to license multiple appliances.

Hostname The URL you use to access the appliance's Control Center Web
interface.

A static IP addresses ■ A routable static IP address assigned to eth0 for inbound

and one or two netmask email, and one of the following for outbound email:
and gateway IP ■ Routable static IP address assigned to eth1 (recommended)
addresses ■ Routable static virtual IP address
■ Separate port that shares the one routable static IP address
assigned to eth0

IP addresses assigned to eth0 or eth1 require a netmask IP

address and a gateway IP address. Refer to the Scanner scenarios
to determine IP address requirements.

Domain Name Servers DNS is required to route email. You can use the Internet root
(DNS) DNS servers or specify internal DNS servers.

NTP servers (optional) Internet or internal.

 Installing your appliance 19
System requirements

Table 2-1 Installation checklist (continued)

Item Description

Hostname, port, user Instead of using a direct connection, you can optionally specify
name, and password for a proxy for registration, filters, and retrieval of virus definitions
proxy (optional) using LiveUpdate.

IP addresses from If there are MTAs configured between your Scanners and the
which to permit traffic Internet, on the Inbound Mail Filtering - Connections wizard
page, configure the Scanners to only accept email from the
upstream MTAs. If there is a firewall between any of your
appliances and the Internet, the firewall must be configured to
permit network traffic through certain ports.

System requirements
Table 2-2 lists the minimal system requirements.

Table 2-2 System requirements

Item Requirement

Web browsers The Control Center supports the following browsers:

■ Microsoft Internet Explorer 9/8

■ Mozilla Firefox 13 or later
■ Chrome 19 or later

LDAP Symantec Messaging Gateway supports the following LDAP directory

types:

■ Windows 2008 Active Directory (both LDAP and Global Catalog)

■ Windows 2003 Active Directory (both LDAP and Global Catalog)
■ Sun Directory Server 7.0
■ Sun Directory Server 6.3
■ Sun Directory Server 6.0
■ Lotus Domino LDAP Server 8.5
■ Lotus Domino LDAP Server 8.0
■ Lotus Domino LDAP Server 7.0
■ OpenLDAP 2.4
■ OpenLDAP 2.3

Symantec Messaging Gateway is LDAP v.3 compliant and can be

configured to work with other directory server types.
20 Installing your appliance
Setting up the appliance hardware

Setting up the appliance hardware

Before you can install and configure the appliance, you must first set up the
hardware.
To set up the appliance hardware
1 Unpack the appliance and either rack mount it or place it on a level surface.
2 Plug in AC power.
3 Plug in an Ethernet Cable to DRAC port and enable DRAC. For more
information on DRAC, see Dell Support.
4 Connect the appliance with one of the following methods:
■ Connect a keyboard and VGA monitor to the appliance.
■ Connect another computer to the appliance with the serial port.
Use a null modem cable with a DB9 connector and settings of 9600 bps,
8/N/1.
■ Connect to appliance through DRAC console from a remote computer.

5 Connect an Ethernet cable to the Ethernet jack that is labeled 1 on the back
panel of the appliance, which corresponds to eth0.
To use the second Ethernet port for outbound traffic, connect a second cable
to the Ethernet jack that is labeled 2 on the back of the appliance and
corresponds to eth1.
See “Starting the appliance software set up” on page 20.

Starting the appliance software set up

After you set up the appliance hardware, begin the software set up process.
See “Setting up the appliance hardware” on page 20.
To start the appliance software set up
1 Turn on the power.
2 Log on with the logon name admin and the password symantec.
3 When you are prompted, type your new password twice.
 Installing your appliance 21
Specifying Ethernet interfaces

4 When you are prompted, type a fully qualified domain name for this host.
To avoid problems with message routing, this host name should not be your
mail domain, such as symantecexample.com.
For example, the name should be similar in form to:

host6.symantecexample.com

5 When you are prompted, type the correct time zone.

Type ? to see a list of time zones.
Press the space bar to scroll through the list or type Q to exit the list.
6 To continue installation, next you specify Ethernet interfaces.
See “Specifying Ethernet interfaces” on page 21.

Specifying Ethernet interfaces

After you perform the initial steps of starting the appliance setup, the next step
is to configure the Ethernet interfaces.
See “Starting the appliance software set up” on page 20.
To specify Ethernet interfaces
1 When you are prompted, type the IP address for the Ethernet interface that
is labeled 1 on the back of the appliance.
For example:

192.168.0.1

2 When you are prompted, type the subnet mask for Ethernet interface 1.
For example:

255.255.255.0
22 Installing your appliance
Specifying a static IP address for routing

3 When you are prompted if you want to use the second Ethernet interface,
interface 2, type one of the following responses:

YES You want to use interface 2.

NO You do not want to use interface 2.

Skip to the next procedure.

See “Specifying a static IP address for routing”

on page 22.

4 When you are prompted, type the IP address for Ethernet interface 2.
For example:

192.168.12.3

5 When you are prompted, type the subnet mask for Ethernet interface 2.
For example:

255.255.255.0

6 To continue installation, next you specify a static IP address for routing.

See “Specifying a static IP address for routing” on page 22.

Specifying a static IP address for routing

After you set up the Ethernet interfaces, the next step in setting up your appliance
is to set up a static IP address for routing. You can set up multiple static IP
addresses or none at all.
See “Specifying Ethernet interfaces” on page 21.
 Installing your appliance 23
Specifying gateway and DNS IP addresses

To specify a static IP address static for routing

1 When you are prompted whether you want to add a static IP address for
routing, type one of the following responses:

YES You want to add a static IP address for routing.

NO You do not want to add a static IP address for routing.

Skip to the next procedure.

See “Specifying gateway and DNS IP addresses”

on page 23.

2 When you are prompted, specify the IP address or CIDR block of the
destination host or network.
3 If you configure multiple Ethernet interfaces, you are prompted to specify
the Ethernet Interface number (either 1 or 2, the default is 1).
This setting is to force the route to be associated with the specified device.
4 When you are prompted whether you want to add another static IP address,
type one of the following responses:

YES You want to add another static IP address.

Repeat steps 2 through 3 to add another static IP

address.

NO You do not want to add another static IP address.

Skip to the next procedure.

See “Specifying gateway and DNS IP addresses”

on page 23.

5 To continue installation, next you specify gateway and DNS IP addresses.

See “Specifying gateway and DNS IP addresses” on page 23.

Specifying gateway and DNS IP addresses

After you configure the static IP address, specify the default gateway IP address
and the IP address of your DNS server. You can add up to three DNS server IP
addresses.
See “Specifying a static IP address for routing” on page 22.
24 Installing your appliance
Specifying the role for the appliance

To specify gateway and DNS settings

1 When you are prompted, type the IP address of the default gateway (default
router).
2 When you are prompted, type the IP address of the DNS server.
3 When you are prompted if you want to enter another DNS server, type one
of the following responses:

YES You want to add an additional DNS server.

Type the IP address.

You can add up to three addresses.

NO You do not want to an additional DNS server.

Skip to the next procedure.

See “Specifying the role for the appliance” on page 24.

4 To continue installation, next you specify the role for the appliance.
See “Specifying the role for the appliance” on page 24.

Specifying the role for the appliance

After you have specified IP addresses for your default gateway and DNS servers,
specify the role for the appliance.
See “Specifying gateway and DNS IP addresses” on page 23.
The roles that you can choose are as follows:
■ Scanner only
■ Control Center only
■ Scanner and Control Center
To set the role for the appliance
1 When you are prompted, choose one of the following roles for this appliance:
■ Scanner only
■ Control Center only
 Installing your appliance 25
Registering your license

■ Scanner and Control Center

2 For Scanner only, when prompted, type the IP address of the Control Center
that you intend to use to manage this Scanner.
3 When you are prompted, type one of the following responses:

YES The summary information is correct.

Product setup is complete and the appliance restarts.

After the appliance restarts, you can register your
appliance.

See “Registering your license” on page 25.

NO The summary information is not correct.

You return to the beginning of the process to make

your changes.

See “Starting the appliance software set up”

on page 20.

Registering your license

To register your license, you need the license file that Symantec provides you.
Place this file on the computer from which you access the Control Center. Each
time you add a Scanner, you must confirm your licenses or register again. However,
you can use the same license file for each Scanner.

Note: For your Scanners, ensure that your network is configured to permit
outbound connections to Symantec on port 443. Symantec Messaging Gateway
communicates with Symantec Security Response over a secure connection for
product registration and ongoing operations.

If you are performing the initial setup of your appliance, these steps appear in
the setup wizard after the appliance restarts.
See “Specifying the role for the appliance” on page 24.
26 Installing your appliance
Registering your license

To register your license

1 From a computer that can access your appliance, locate the appliance in a
browser.
The default logon address is as follows:
https://<hostname>
where <hostname> is the host name that you designate for your appliance
during setup or the IP address.
To use HTTP, you must enable HTTP through the command line interface
and specify port 41080.
2 When the security alert message appears, accept the self-signed certificate
to continue.
3 On the Control Center logon page, log on as user admin and use the password
that you specified set during initial setup.
4 On the End-User License Agreement page, click I accept the terms of the
license agreement and click Next.
5 On the License Information Registration page, click Browse to locate your
license file.
6 Select your license file and click Open to return to the License Registration
page.
7 If your Scanner uses a proxy server for communications with Symantec, click
Proxy Server.
8 To specify a proxy server, check Use HTTP Proxy and type the server host
name and port. If required, type the user name and password.
9 Click Register License.
If registration was successful, the License Registration Information page
returns.
See “Troubleshooting license file registration” on page 27.
Registration may fail because of an inaccessible proxy, closed port 443, or an
expired, missing, or corrupt license file.
 Installing your appliance 27
Updating to the latest software during initial setup

10 If you have another license file for a different feature, repeat the process for
registering each license.
11 When all of the license files are successfully registered, click Next.
If your software is up-to-date, the setup wizard appears. Continue with the
installation process.
See “Configuring the Control Center” on page 28.
If a software update is available, the Software Update page appears.
See “Updating to the latest software during initial setup” on page 27.

Troubleshooting license file registration

If you have difficulty installing a license during installation, the installation wizard
lets you troubleshoot the issue with the Traceroute utility or the Ping utility.
Troubleshooting license file registration
1 On the License Information Registration page, click Utilities.
2 In the Utility field, click the drop-down menu and select whether to use
Traceroute or Ping, and then in the Host name or IP address field, type the
host name or IP address.
Make sure you can connect to https://register.brightmail.com.
3 Click Run.
The results appear in the Results text box.
4 Click Register License.
5 Complete registration.
See “Registering your license” on page 25.

Updating to the latest software during initial setup

Symantec recommends that you apply the current software update after you
register the product, if one is available.
See “Registering your license” on page 25.
28 Installing your appliance
Configuring the Control Center

Updating to the latest software during initial setup

1 On the Software Update page, select any of the following options:

Skip Lets you update your software later.

Update Updates your software now.

After the update, the setup wizard appears to help you

configure your appliance.

See “Configuring the Control Center” on page 28.

Cancel Returns you to the License Registration page.

Back See “Registering your license” on page 25.

2 When the software update finishes, do one of the following tasks:

■ Refresh your browser.
■ Close and re-open your browser to ensure that the cached versions of
graphics redisplay correctly.

3 To continue installation, next you configure the Host.

See “Configuring the Control Center” on page 28.
See the Symantec Messaging Gateway Administration Guide for details on
Configuring Scanners.

Configuring the Control Center

After you register your license or after you complete the software update, the
Administrator Settings page appears in the setup wizard.
See “Registering your license” on page 25.
See “Updating to the latest software during initial setup” on page 27.
Configure the Control Center before you configure any Scanners. If you specified
that this appliance is a Control Center and a Scanner, the wizard continues with
the Scanner set up after the Control Center set up finishes.
 Installing your appliance 29
Configuring the Control Center

To configure the Control Center

1 On the Administrator Settings page, type an email address for the
administrator.
2 Check Receive Alert Notifications to have Symantec Messaging Gateway
send alert notifications to this address.
You can set up alert notifications for outbreaks, spam and virus filters,
message queues, disk space, SMTP authentication, directories, licenses,
software updates, and events. Events include scheduled task, service,
hardware, swap space, and UPS issues.
You can add additional administrators or modify this administrator's settings
in the Control Center later.
3 Click Next.
4 On the Time Settings page, to verify that the date that appears in the Current
Appliance Time area is correct, select one of the following options:

Do not change the time The time is correct and you do not want to make
changes. This option is the default setting.

Set time manually You want to manually change the time. Type the proper
values in the Date and Set Time fields.

Use NTP servers You want to use NTP servers to manage time. Type the
IP address for up to three NTP servers.

5 Click Next.
6 On the System Locale page, specify the locale that the appliance should use
for formatting numbers, dates, and times. This setting is the language and
regional formatting Symantec Messaging Gateway uses for messages.
7 Select a Quarantine fallback encoding format.
Fallback encoding is the formatting that the product uses for quarantined
messages if the formatting that you specified in the System Locale field fails.
30 Installing your appliance
Adding a Scanner through the Control Center

8 Click Next.
If your appliance has been set up as a Control Center and a Scanner, the
Scanner Role page appears, and you must define your Scanner role as
described in the following topics:
See “Configuring the Scanner for inbound and outbound mail filtering”
on page 32.
If you set up your appliance as a Control Center only, the Setup Summary
page lists your selected configuration options.
9 On the Setup Summary page, select any of the following options:

Finish You are satisfied with the settings and do not want to
make changes. This option is the default setting.

Back You want to modify your settings.

Cancel You want to end the setup without saving your changes.
You cannot use the appliance until you complete the
setup.

10 If your Scanner is not on the Control Center, set up a Scanner on a separate

appliance. You can do this task through the Control Center.
See “Adding a Scanner through the Control Center” on page 30.

Adding a Scanner through the Control Center

You must have Full Administration rights or Manage Settings modify rights to
add a Scanner.

Note: None of the settings that you specify throughout the wizard are final until
you click Finish at the end of the wizard.

To add a Scanner through the Control Center

1 On the Control Center, click Administration > Hosts > Configuration.
2 If this Scanner is the first Scanner that you add, the Add Scanner wizard
appears. Otherwise, on the Host Configuration page under Reconfigure a
Scanner or Control Center host, click Add.
3 On the Add Scanner Wizard page, click Next.
4 On the Scanner Host Settings page, do all of the following:
 Installing your appliance 31
Adding a Scanner through the Control Center

■ In the Host description box, type a description for the new Scanner.
■ In the Host name or IP address box, type the host name or IP address for
the new Scanner.

5 Click Next.
6 On the License Registration page, click Browse to locate your license file.
7 Select your license file and click Open to return to the License Registration
page.
8 If your Scanner uses a proxy server for communications with Symantec, click
Proxy Server.
9 To specify a proxy server, check Use HTTP Proxy and type the server host
name and port.
10 Click Register License.
If registration was successful, the License Registration page returns.
If the license registration fails, perform troubleshooting steps.
See “Troubleshooting license file registration” on page 27.
11 If you have another license file for a different feature, repeat the process for
registering each license.
12 When all the license files are successfully registered, click Next.
If your software needs to be updated, the Software Update page appears. If
not, proceed to step 14.
13 On the Software Update page, select any of the following options:

Skip Lets you update your software later.

Update Updates your software now. After the update, the setup
wizard returns you to the Time Settings page.

Cancel Returns you to the License Registration page.

See “Registering your license” on page 25.

32 Installing your appliance
Configuring the Scanner for inbound and outbound mail filtering

14 On the Time Settings page, verify whether the date in the Current Appliance
Time area is correct. Select one of the following options:

Do not change the time The time is correct and you do not want to make
changes. This option is the default setting.

Set time manually You want to manually change the time. Type the proper
values in the Date and Set Time fields.

Use NTP servers You want to use NTP servers to manage time. Click and
provide the IP address for up to three NTP servers.

15 To complete the Add Scanner wizard, you must now configure the Scanner
based on its function.
See “Configuring the Scanner for inbound and outbound mail filtering”
on page 32.
To configure the Scanner for inbound or outbound filtering only, see the
Symantec Messaging Gateway Installation Guide.

Configuring the Scanner for inbound and outbound

mail filtering
You can configure the Scanner to perform both inbound mail filtering and
outbound mail filtering. You can use the same Ethernet interface for both inbound
mail filtering and outbound mail filtering. Or you can create a virtual IP address
to use for either inbound or outbound mail filtering.
To configure the Scanner for inbound and outbound mail filtering
1 On the Scanner Role page, click Inbound and Outbound mail filtering then
click Next.
2 On the Create Optional Virtual IP Address page, select one of the following
options:

Yes You want to create a Virtual IP address.

No You do not want to create a Virtual IP address. Proceed

to step 6.

3 Click Next.
 Installing your appliance 33
Configuring the Scanner for inbound and outbound mail filtering

4 On the Create Virtual IP Address page, do all of the following tasks:

Ethernet Click to select the Ethernet interface.

IP address Type the IP address for the virtual server.

Subnet mask Type the subnet mask IP address.

Network Type the network IP address.

Broadcast Type the broadcast IP address

5 Click Next.
6 On the Inbound Mail Filtering page, click Inbound mail IP address to select
the IP address to use for inbound mail filtering.
7 In the Inbound mail SMTP port field, type the port, and then click Next.
8 On the Inbound Mail Filtering - Accepted Hosts page, to specify the IP
addresses of the mail servers from which this Scanner should accept inbound
mail, select one of the following options:

All IP addresses You want your Scanner to accept mail from all sources
or the Scanner is deployed at the gateway. For a
Scanner deployed at the Internet gateway, Symantec
recommends that you select this option to accept mail
from any MTA on the Internet.

Specific IP Addresses You want to restrict the domains from which your
Scanner accepts mail. Type IP addresses, CIDR ranges,
or domains. If the Scanner is deployed behind upstream
mail servers, specify the upstream mail servers.

9 Click Next.
34 Installing your appliance
Configuring the Scanner for inbound and outbound mail filtering

10 On the Local Domains page, check the addresses that you want to accept
inbound mail for in the Local Domains list.
To modify the list, do any of the following tasks:

To add an address Type the address into the Domain or email address
field for which to accept inbound mail field, and click
Add.

For each domain address or email address that you

add, you can also specify whether messages should be
routed through a specific host and port. Add that
information to the Optionally route to the following
destination host and Port fields.

To delete an address Check the address to remove and click Delete.

To import a list of addresses Click Import, and then navigate to an existing file.

To route messages according Check Enable MX Lookup. If you enable MX lookup,

to the MX record for the you must specify a host name, not an IP address.
specified host name
For example, enable MX lookup if you configure
multiple downstream mail servers and use MX records
for email load balancing.

11 Click Next.
12 On the Outbound Mail Filtering page, click the drop-down list to select the
IP address to use for outbound mail filtering.
13 In the Outbound mail SMTP port field, type the port, and click Next.
14 On the Outbound Mail Filtering - Accepted Hosts page, do one of the
following tasks:
■ Specify the internal host to which this Scanner should relay local domain
mail after filtering is complete. This server is typically a downstream mail
server, such as your corporate mail server.
■ Check Enable MX Lookup for this host. If you enable MX lookup, specify
a host name instead of an IP address.

15 Click Next.
16 On the Mail Filtering - Mail Delivery page, type a host name or IP address
and port to specify how you want to relay local domain filtered mail.
17 Optionally, check Enable MX lookup for this host.
 Installing your appliance 35
Configuring the Scanner for inbound and outbound mail filtering

18 On the Mail Filtering - Non-local Mail Delivery page, select one of the
following options to specify how you want to relay filtered mail:

Use default MX Lookup You want to use MX Lookup to return the

hosts for any domain.

Define new host You want to specify a new host. Type a

host name or IP address and port.
Symantec recommends that you check
Enable MX lookup for this host if you
position the Scanner at the gateway. If
you choose this option, specify a host
name (not an IP address).

Use an existing host You want to use an existing host. Select a

host from the drop-down list. If there is a
separate gateway MTA between the
Scanner and the Internet, provide that
MTA's host name or IP address and port.

19 Click Next.
20 On the Setup Summary page, review your settings and select one of the
following options:

Finish You are satisfied with the settings and want to save
them.

Back You want to modify your settings. Go back and revise

your settings.

Cancel You want to cancel your changes without saving them.

36 Installing your appliance
Configuring the Scanner for inbound and outbound mail filtering
 Chapter 3
Deploying Symantec
Messaging Gateway as a
Virtual Machine
This chapter includes the following topics:

■ About Symantec Messaging Gateway Virtual Edition

■ System requirements for virtual deployment

■ Deploying an OVF template on an ESX 4.x or ESXi 5/4.x Server

■ Installing from an ISO image or OS restore CD onto a virtual machine on your

ESX or ESXi Server

■ Using an OS restore CD on your ESX or ESXi Server to boot your virtual

computer

■ Using an ISO image on your datastore to boot your virtual computer

■ Using an OS restore CD or ISO image on your local computer to boot your

virtual computer

About Symantec Messaging Gateway Virtual Edition

Use Symantec Messaging Gateway Virtual Edition with VMware to create a
simulated computer environment (a virtual computer) on which to run Symantec
Messaging Gateway. The guest software is a complete operating system that
contains the Symantec Messaging Gateway Virtual Edition software. It runs in a
similar manner to the application as installed on a standalone hardware platform.
38 Deploying Symantec Messaging Gateway as a Virtual Machine
System requirements for virtual deployment

You can deploy the Symantec Messaging Gateway as a virtual appliance on your
existing VMware infrastructure in one of the following ways:
■ As an OVF on ESX 4.x and ESXi 5/4.x
See “Deploying an OVF template on an ESX 4.x or ESXi 5/4.x Server”
on page 39.
■ As an ISO or OSrestore CD
See “Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Server” on page 41.
The resources that are allocated to Symantec Messaging Gateway Virtual Edition
must meet the minimum requirements.
See “System requirements for virtual deployment” on page 38.
This documentation assumes the following:
■ Your environment has an existing VMware ESX or ESXi Server deployment.
■ You are familiar with administering virtual computers.
■ Your environment meets all pre-requisite system requirements.
For more information about VMware and to download trialware and prerequisite
applications, see the VMware Web site at www.vmware.com.

System requirements for virtual deployment

Table 3-1 lists the system requirements to deploy Symantec Messaging Gateway
as a guest on VMware ESX Server and VMware ESXi Server. You must install and
configure one of these servers before you install Symantec Messaging Gateway
Virtual Edition.

Note: Symantec Messaging Gateway does not support any version of BusLogic
Controller.

For requirements specific to VMware ESX Server and VMware ESXi Server, refer
to your VMware documentation.

Table 3-1 Supported Configurations for Symantec Messaging Gateway Virtual

Edition

Description Recommended Minimum Notes

VMware ESX Version 4.1 Version 4.x —

Server
 Deploying Symantec Messaging Gateway as a Virtual Machine 39
Deploying an OVF template on an ESX 4.x or ESXi 5/4.x Server

Table 3-1 Supported Configurations for Symantec Messaging Gateway Virtual

Edition (continued)

Description Recommended Minimum Notes

VMware ESXi Version 4.1 Version 5.0/4.x ESXi 5 update 1 is also

Server version supported.

Disk space For more 90 GB For Scanner-only virtual

information, machines.
consult the
Symantec 90 GB For Control Center–only virtual
Knowledge Base machines.
article, Disk
90 GB For combined Scanner and
Space
Control Center virtual machines.
Recommendations
for Symantec
Messaging
Gateway Virtual
Edition.

Memory 8 GB 4 GB A minimum of 4 GB is necessary

to run Symantec Messaging
Gateway and the virtual
machine.

CPUs 4 2 ESX 4.x and ESXi 5/4.x are

limited to two virtual CPUs per
virtual machine. Symantec
recommends allocating up to
four, based on workload
demands and hardware
configuration.

NICs 2 1 Only one network interface card

is required per virtual machine.

See “About Symantec Messaging Gateway Virtual Edition” on page 37.

Deploying an OVF template on an ESX 4.x or ESXi 5/4.x

Server
An OVF template is a virtual machine that includes the software you plan to run
on the machine. You can deploy an OVF template that contains Symantec
Messaging Gateway Virtual Edition on a VMware ESX Server 4.x or VMware ESXi
40 Deploying Symantec Messaging Gateway as a Virtual Machine
Deploying an OVF template on an ESX 4.x or ESXi 5/4.x Server

Server 4.x. To deploy the OVF template, use a vSphere or vCenter client on a
different computer than the computer hosting your ESX or ESXi Server.
You may want to ensure that your guest computer is configured to restart when
the host computer restarts. Consult your VMware documentation for more
information.

Note: If you cannot successfully complete this procedure, you can instead use an
OS restore disk.
See “Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Server” on page 41.

To deploy an OVF template on an ESX 4.x or ESXi 5/4.x Server

1 Insert the DVD that contains the OVF template or locate the OVF template
online.
The OVF template file name is as follows:
Symantec_Messaging_Gateway_10.0.*.ovf
If you accessed the file online, proceed to step 2. If you inserted the DVD,
proceed to step 3.
2 If you access the file online, unzip the file.
The OVF template file name is as follows:
Symantec_Messaging_Gateway_10.0.ovf
3 In the File menu, click Deploy OVF template.
4 On the Source page, click Deploy from file.
5 Select the file. If necessary, click Browse to find the file.
6 Click Next.
7 On the OVF Template Details page, click Next.
8 On the Name and Location page, enter the name for your deployment and
click Next.
9 On the Ready to Complete page, click Finish.
Deploying the OVF may take a few minutes.
When complete, the new computer appears in your inventory.
10 After deployment is complete, access the new virtual computer from your
client. The standard Symantec Messaging Gateway boot sequence begins.
 Deploying Symantec Messaging Gateway as a Virtual Machine 41
Installing from an ISO image or OS restore CD onto a virtual machine on your ESX or ESXi Server

Installing from an ISO image or OS restore CD onto a

virtual machine on your ESX or ESXi Server
You can configure a virtual machine and deploy an instance of Symantec Messaging
Gateway from an OS restore CD or an ISO image. You can perform this task on a
computer that runs ESX 4.x or ESXi 5/4.x, but you must install either server first.
Use only ASCII characters in the entry fields when you create a virtual computer
with the management interface. The virtual computer's display name and path
cannot contain non-ASCII characters. Do not use spaces when you create file
names and directories for virtual computers.
You may want to ensure that your guest computer is configured to restart when
the host computer restarts. Consult your VMware documentation for more
information.

Note: By default, ESXi uses DHCP and does not use a root password. If you use
ESXi, Symantec recommends that you modify the ESXi settings to create a root
password and assign a static IP address before installation.
See “Specifying a static IP address for routing” on page 22.

To install from an ISO image or OS restore CD onto a virtual machine on your ESX
4.x or ESXi 5/4.x Server
1 Click on the ESX or ESXi Server on which you want to place your virtual
machine.
2 On the File menu, click New, then click Virtual Machine.
3 Select the Typical option and click Next.
4 Type a descriptive name for the virtual computer and click Next.
5 Select a data store option. This setting is where your virtual computer is
located on the physical disk. Make this selection based on your particular
storage configuration. Options can vary. Click Next.
6 Select the virtual machine version.
If you use ESX 4.x, select Virtual Machine version 7.
7 For the OS, click Linux as the guest operating system and Red Hat Enterprise
Linux 5 (32-bit) as the version, and then click Next.
42 Deploying Symantec Messaging Gateway as a Virtual Machine
Using an OS restore CD on your ESX or ESXi Server to boot your virtual computer

8 Reserve the necessary quantity of disk space, and then click Next.
See “System requirements for virtual deployment” on page 38.
More disk space may be required based on your deployment.
After you reserve disk space and complete deployment, any changes to disk
space require that you repeat the OS restore process.
9 Select the LSI SAS SCSI device.
10 On the Ready to Complete page, check Edit the virtual machine settings
before submitting and click Continue.
11 Click Memory at the left. Reserve the system memory based on your
deployment needs, and then click Next.
A minimum of 4 GB is necessary to run Symantec Messaging Gateway Virtual
Edition and the virtual computer. Symantec recommends that you use at least
8 GB.
12 Click CPU at the left. Select the number of virtual CPUs, and then click Next.
ESX 4.x and ESXi 4.x are limited to two virtual CPUs per virtual computer.
Symantec recommends allocating a minimum of two virtual processors.
13 If you want a second network interface, click the Add button at the top, choose
the Ethernet Adapter, click Next, click Next again, and click Finish.
14 Click Finish.
15 Continue the deployment to bootstrap your virtual appliance.
See “Using an OS restore CD on your ESX or ESXi Server to boot your virtual
computer” on page 42.
See “Using an ISO image on your datastore to boot your virtual computer”
on page 43.
See “Using an OS restore CD or ISO image on your local computer to boot
your virtual computer” on page 44.

Using an OS restore CD on your ESX or ESXi Server to

boot your virtual computer
After you configure a virtual computer on ESX Server or ESXi Server, you can use
an OS restore CD or ISO image as your bootstrap media.
See “Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Server” on page 41.
 Deploying Symantec Messaging Gateway as a Virtual Machine 43
Using an ISO image on your datastore to boot your virtual computer

To use an OS restore CD on your ESX or ESXi Server to boot your virtual computer
1 Insert the OS restore disk into your ESX or ESXi Server's CD drive.
2 Click Edit virtual machine settings.
3 On the Hardware tab, select CD/DVD Drive 1.
4 Choose Host Device and choose CD.
5 Check Connect at power on and click OK.
6 Click the power on virtual machine icon.
The virtual machine now reboots from the CD drive.
7 Click the Disconnect CD/DVD button and remove the disk from your drive
to prevent the system from performing another OS restore.
Symantec recommends that you disconnect your boot media immediately
after the initial boot process to avoid a future accidental OS restore.
8 Once the installation process is complete, turn off the computer through the
client and edit your computer settings.
9 On the Hardware tab, select CD/DVD Drive 1.
10 Uncheck Connect at power on and click OK.
11 Restart your computer to begin the Symantec Messaging Gateway boot
sequence.

Using an ISO image on your datastore to boot your

virtual computer
After you configure a virtual computer on ESX Server or ESXi Server, you can use
an ISO image on your datastore as your bootstrap media.
See “Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Server” on page 41.
To use an ISO image on your datastore to boot your virtual computer
1 On the Hardware tab, select New CD/DVD and check Datastore ISO file as
the Device Type.
2 Click Browse and select the ISO file on your datastore. If you have not already
added the ISO image to your datastore, refer to your VMware documentation
for the procedure.
3 Check Connect at Power on, then click Finish. The new virtual computer
appears in the inventory.
44 Deploying Symantec Messaging Gateway as a Virtual Machine
Using an OS restore CD or ISO image on your local computer to boot your virtual computer

4 Turn on your new computer and access your console. The boot process begins.
5 If the console prompts you to partition your SDA device, click your mouse
on the console window, and then press the Enter key for Yes.
6 Once the installation process is complete, turn off the computer through the
client and edit your computer settings.
7 On the Hardware tab, select CD/DVD Drive 1.
8 Uncheck Connect at power on and click OK.
9 Restart your computer to begin the Symantec Messaging Gateway boot
sequence.

Using an OS restore CD or ISO image on your local

computer to boot your virtual computer
After you configure a virtual computer on an ESX Server or ESXi Server, use an
OS restore CD or ISO image on your local computer as your bootstrap media.
See “Installing from an ISO image or OS restore CD onto a virtual machine on
your ESX or ESXi Server” on page 41.
To use an OS restore CD or ISO image on your local computer to boot your virtual
computer
1 Insert the OS restore CD into the drive on your local computer, or copy the
ISO image onto your local hard drive.
2 Click Edit virtual machine settings.
3 On the Hardware tab, select New CD/DVD and make sure Client Device is
selected as the Device Type.
4 On the Options tab, select Boot Options and set the Force BIOS Setup.
5 Click OK. The new virtual computer appears in the inventory.
6 Click on the new virtual computer in the inventory, then click the console
icon.
7 Click the power on virtual machine icon.
 Deploying Symantec Messaging Gateway as a Virtual Machine 45
Using an OS restore CD or ISO image on your local computer to boot your virtual computer

8 If you are using in ISO image. click Connect CD/DVD > Use ISO image, and
browse to your ISO image. If you are using an OS restore CD, choose the letter
of your computer's CD/DVD drive.
The boot process begins.
9 Once the installation process is complete, the Symantec Messaging Gateway
boot sequence begins.
If the Symantec Messaging Gateway boot sequence does not begin, turn off
the computer through the client, click Disconnect CD/DVD device to
disconnect your ISO image, then restart your computer.
46 Deploying Symantec Messaging Gateway as a Virtual Machine
Using an OS restore CD or ISO image on your local computer to boot your virtual computer