Messaging Gateway

Hey guys, I just inherited 2 SMG 8360 devices and a server running SCC.  It's is badly configured (bad policies, basic settings not applied, etc...).  While I'm waiting to hear back from a Regional Product Manager, I'm looking around trying to familiarize myself with how Symantec runs their gateway appliances.  (So for it doesn't seem very straight forward like past appliances I've used and I have quite a learning curve to learn Symantec terminology.)

One of the first things I've noticed is that we are on firmware 7.6.1-7 and 8.0.1-7 is available.  Are there any compelling reasons to upgrade or not to upgrade?  Are there any gotchas I should be aware of?  What order do I need to upgrade my devices?  I was thinking 1) SCC 2) Backup scanner 3) Primary scanner????

I'm currently reading through the documentation, but need to get moving on this quick as SPAM is currently an issue due to bad management by former admins.  I am under some pressure to relieve the SPAM flow ASAP.  Any advice is greatly appreciated.

You are correct sir, 8.0.1-7 is the latest.

Here's a link on the release notes:

ftp://ftp.entsupport.symantec.com/pub/support/documentation/sbg_release_notes.pdf

Software update notes:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009012917112054

We also just had an 8360 also, but this is from scratch but we upgraded to 8.0.1-7 right away with no problems. But before we configured the SBG we made a little checklist (hope this applies for you to.)

a. Network Diagram (placement of the sbg devices on the corporate network) - I belive there are 3 proposed.
    1. network/ports/sites - (required to run the sbg for updates, access, etc..)
    2. eth - activation are going to activate both eth's?
                  a. if both ( eth0 and eth1 for scanning incoming and outgoing)
                  b. if only eth0 - incoming only
                  c. if only eth0 - incoming and outgoing and creating a virtual ip for scanning outgoing
b. License Files - (please be ready with this)
c. Software upgrade - (current version is 8.0.1-7)
d. administrator settings - (administrator email)
e. NTP, Time Server
f. local domain for to accept incoming mails
h. system locale
i.  scanner roles.
    a. local and non local domain email relays/routing
j. spam settings
k. virus settings
l. compliance settings (premium/basic)
m. IM scanning settings if you want it to be enabled.
o. SMTP traffic shaping
p. Sender Authentication configuration
q. Liveupdate configuration
r. Reporting
s. Message Auditing
t. Backup/Restoration Best Practice

Also here's a link we have collected for the Best Practices:

1. Symantec Brightmail Gateway appliances - Best Practices

http://service1.symantec.com/support/ent-gate.nsf/854fa02b4f5013678825731a007d06af/0807afc69e27c5bd802574880041b717?OpenDocument

2. Symantec Brightmail Gateway Effectiveness User’s Guide

http://service1.symantec.com/support/ent-gate.nsf/docid/2008100710321454

3. Symantec Mail Security Appliances - Best Practices: Spam Control

http://service1.symantec.com/support/ent-gate.nsf/854fa02b4f5013678825731a007d06af/4f9a58bddb664cc88025749d003d7d0a?OpenDocument

4. Best Practices for the Control Center settings and Control Center SMTP host

http://service1.symantec.com/support/ent-gate.nsf/854fa02b4f5013678825731a007d06af/b8441b89388bae228825734c00828ed3?OpenDocument

5. How to block messages coming from your own domain (spoofed)

http://service1.symantec.com/support/ent-gate.nsf/854fa02b4f5013678825731a007d06af/742035c3ff90c70e802575040051de75?OpenDocument

6. Best practices when using Microsoft Active Directory as an LDAP source

http://service1.symantec.com/support/ent-gate.nsf/854fa02b4f5013678825731a007d06af/71c87a72a47fc4968825734c00828f41?OpenDocument

7. SBG Guides

http://www.symantec.com/business/support/documentation.jsp?language=english&view=manuals&pid=53991

Hi,

You'll definitely see an increase in catch rate and effectiveness between 7.6 and 8.0, how much of an increase you see really depends on your sites mail profile.
If it's really badly configured and none of the config has been documented, it might be worthwhile starting from scratch and instead of upgrading just do an OS Restore and start a fresh - at least you will know what you have got in place then.  Plus you'll have the benefit of using our default setup which is optimum for 99% of customers.

 >>While I'm waiting to hear back from a Regional Product Manager

Not clear why you'd be waiting for one of the RPM's to contact you (it's usually the other way around) but feel free to email me if you have specific questions that I can assist with -> ian_mcshane@symantec.com

hth

//ian