Configuring SMS Appliance 8360

Please need your suggestions.. Thank you..

Hi Ian, thanks for the reply.

1&2
Since I didnt create any group, and the default group is named "Default". Even if the policy is enabled, 1 or 0 means if it applied to a group, right? so 0 means no group is using the policy. Is this correct?

3. Can I change the IP via ssh, if yes, how? to suggestions will be.
    a. Connect to the production network, connect via cross cable then change IP
    b. after configuring, change the IP as the last step.
 is this correct?

1&2: Correct.

3: the easiest way to do this is via the management console; go to administration -> configuration -> click on your host, go to ethernet and change ip, then move to production environment. After deploying, telnet on port 25 to the appliance and check that you can send an email with this command:
helo test
mail from: test email adress
rcpt to:<your email adress>
data
Subject: test
test
.
quit

You can also change the ip by connecting to the appliance on ssh and use ifconfig. ->  http://linux.die.net/man/8/ifconfig

Hey Guys,

If you change the IP via using ssh or the command line I'm pretty sure the changes won't persist through a reboot, so to make the change permanent I think you will need to do it via the interface.  After making the changes through the interface I'd always suggest doing a reboot as well which should help to make sure all components are aware to use the new IP(s).

Kevin

KevK76, do you mean to say that we have to connect a Keyboard and Monitor to the server? If we did that, what am I expecting to see on connection of the monitor?
I'm trying to coordinate this with the office in the other side of the world and all I can do is either walk him through phone or send an email.

@mon_raralio

If you connect a KVM to the appliance, you'll just see the linux CLI.  You should use the web UI to change the password.

Hey Guys,

Sorry just wanted to clarify, when I suggested changing the IP via the interface I meant the GUI or Control Center, so not using command line.  If you are changing the IP of the Control Center appliance itself, and if after doing it from the GUI you can't connecto to the new IP, you may need to connect via ssh and force a reboot.  I think this may have happened to me in the past...

Kevin

I guess after changing the IP via Control Center, we should change also the ip of the computer that will be used to remote the appliance, with the same IP segment.

Kev,

Can we change the ip via CL just like with linux? ifconfig command? This is if we are using the KVM. I remember with linux we just need to re-run the conf file which has the ip. where is it located on the appliance? can we change this to executable just like in linux? chmod?

Hi Paul,

When you change the IP(s) of the SBG from the Control Center, not only is the IP changed in the OS, but it's also changed in multiple config files and it's for this reason that you really need to make the change via the Control Center so that the changes will persist and the different components and config files are aware of the change and any other appliances in the environment are also aware of the change.

Cheers,

Kevin 

Ok. Let me get this straight...

Log on to the GUI or web page of the appliance. This is a web application and the appliance is probably a LAMP server or at least close to that. And the GUI has scripts that can automatically edit the settings on the OS. So just by editing the OS would actually change the IP addresses for both ports. And when the configuration is complete also will restart the service for the ethernet ports of the appliance. All of these is being done using the login ID we used which has access to the root account or have similar priveledges.

Did I get it right? :D

Yep, that's pretty much it.

Hi Kev,

one last question, we've configured the 1st appliance, can we use the same license file for the second appliance?

Yes of course you can.  You've purchased your licenses based on the number of users in your organization, you can run as many physical or virtual appliances as you want.

Kevin

What if we have 2 license files and we used only one for 2 appliances?

Not sure I'm understanding the question, just getting back to how the produdct is licensed, you purchase your subscription based on the number of users you will protect, you get the serial number needed to get your slf file from your license certificate, and once you get the slf file you can install it on all of your appliances.  Are you saying you actual have multiple license files?  I can't see why you would...

Kevin

Hi mon, Kev is correct, the I have registered the file on the 2nd appliance with no problems. I also asked Symantec US, and they told me its ok to use it.

In any case, can I re-register a different license file on the appliance?

Yes for instance, after the current subscription and license file expires most customers would renew their subscription, get a new slf file and install that which would allow you to use the product until that license then expired.

Cheers,

Kevin

KevK76 - yes, we have 2 license files. If that's the case - maybe some customers receive 2 just to prevent the confusion in the future dealings.
Maybe just for the sake of argument - they get 2 appliances and 2 license files so they won't call back asking for explanations on why they only have 1 license file when they bought 2 appliances. And sometimes there are arguments you just can't win. :-)

Here's a quote from Symantec:

“Yes, the customer can use this same SLF file on the second appliance. The files are no longer tied to a specific appliance, it is just a matter of staying with compliance of their licensed quantities.”

Does anyone know any useful links, pdfs or man pages on rbash? I'm trying to configure the appliance via the CLI - just because. This isn't the usual Ubuntu or RedHat/CentOS terminal I'm used to.

Hi,

The available CLI commands are detailed in the Administration guide.

HTH,

//ian

Hi, one of our engineers configure 1 appliance with one of our customers, here's his setup

created virtual IP, and monitor/scan incoming here
set the ip of the appiiance eth0 ip to monitor/scan outgoing

my question is using the web interface,

can I delete the virtual ip, then add a role to scan incoming via eth0's IP?

we will not monitor outgoing.

Hi Paul,

If you have new questions it's probably more useful to open a new thread so please do that next time.  I think it's pretty easy to do what you are describing above, just edit your Scanner, click the SMTP tab, under Mail Filtering select 'The Scanner will be used for: Inbound mail filtering only', you might need to save the page at this point, then come back in Ethernet 0 as the inbound mail IP address.  Save it again and at this stage you should be able to delete the VIP.  Probably doesn't matter if you delete it or not as it's not doing anything anyway.

Cheers,

Kevin

Thanks Kev, I already created a different discussion for my other threads.