POLICY PATROL MFT. Manual

Manual

POLICY PATROL MFT

M A N U A L

Policy Patrol MFT

Version 1

This manual, and the software described in this manual, are copyrighted. No part of this manual or the described software may be copied, reproduced, translated or reduced to any electronic medium or machine-readable form without the prior written consent of Red Earth Software except that you may make one copy of the program solely for back-up purposes.

Policy Patrol^® is a registered trademark of Red Earth Software^®. All product names referenced in this documentation belong to the respective companies.

Copyright © 2001-2014 by Red Earth Software. All rights reserved.

Contents at a Glance

1

Introduction ... 5

2

Installation ... 8

3

File Transfers ... 25

4

Contacts ... 35

5

Users ... 43

6

Exchange Agents & Rules ... 47

7

Settings ... 60

8

Troubleshooting ... 81

Table of Contents

1  Introduction ... 5 

1.1  Why do you need Managed File Transfer? ... 5 

1.2  Policy Patrol highlights ... 6 

1.3  Why Policy Patrol? ... 6 

1.4  Conventions ... 6 

2  Installation ... 8 

2.1  Introduction ... 8 

2.2  Microsoft SQL Server or MySQL ... 8 

2.2.1  If you are using Microsoft SQL Server .... 9 

2.2.2  If you are using MySQL ... 9 

2.3  Installing the MFT Server ... 9 

2.3.1  Prerequisites ... 10 

2.3.2  Installation ... 10 

2.4  Installing the Exchange Server Agent ... 14 

2.4.1  Prerequisites ... 14 

2.4.2  Installation ... 14 

2.5  Completing Setup ... 16 

2.6  Adding Users to Policy Patrol MFT ... 20 

2.6.1  Synchronizing users from Active Directory21  2.6.2  Inviting users to Policy Patrol MFT ... 22 

2.7  Policy Patrol user groups ... 24 

2.7.1  Group permissions ... 24 

2.8  Uninstalling Policy Patrol ... 24 

3  File Transfers ... 25 

3.1  New Transfer ... 25 

3.1.1  Authentication Options ... 27 

3.1.2  Expiration options ... 28 

3.1.3  Notification options ... 29 

3.1.3.1  Upload notifications ... 29 

3.1.3.2  Download notifications ... 29 

3.2  Inbox ... 29 

3.3  Outbox ... 30 

3.4  Drafts ... 31 

3.5  Deleted ... 32 

3.6  Search File Transfers ... 33 

4  Contacts ... 35 

4.1  Manage contacts ... 35 

4.2  Invite Contacts ... 36 

4.3  Setting up a New Account ... 37 

4.4  Downloading Files ... 40 

4.5  Inbox ... 41 

4.6  Outbox ... 41 

4.7  Drafts ... 42 

4.8  New Transfer ... 42 

4.9  Changing Account Information ... 42 

5  Users ... 43 

5.1  Manage users ... 43 

5.2  Invite users ... 44 

5.3  Changing Account Information ... 44 

6  Exchange Agents & Rules ... 47 

6.1  Agent Management ... 47 

6.2  Agent Rules ... 48 

6.2.1  General ... 48 

6.2.2  Rule Users ... 49 

6.2.3  Rule Direction ... 50 

6.2.4  Rule Conditions ... 51 

6.2.5  Rule Exceptions ... 54 

6.2.6  Rule Actions ... 55 

6.2.7  Editing a Rule ... 57 

6.2.8  Ordering rules ... 58 

7  Settings ... 60 

7.1  SMTP Settings ... 60 

7.2  Send Test Email ... 61 

7.3  Active Directory ... 61 

7.4  Updates ... 62 

7.5  Licenses ... 62 

7.6  Widgets ... 62 

7.7  Email Templates ... 67 

7.8  Email Image Replacement ... 70 

7.9  Default Transfer Settings ... 71 

7.10  Retention Policy ... 72 

7.11  Branding ... 73 

7.11.1  Uploading Your Logo ... 73 

7.11.2  Customizing the Portal Theme ... 75 

7.12  Anti-Malware ... 76 

7.12.1  Install Metascan ... 77 

7.12.2  Enable Metascan in Policy Patrol ... 79 

8  Troubleshooting ... 81 

8.1  Knowledge Base ... 81 

8.1.1  How can I permanently delete a file? ... 81 

8.1.2  How can I change my password or security question? ... 81 

8.1.3  How can I change the expiration date of a File Transfer? ... 81 

8.2  Contacting Red Earth Software ... 82 

Introduction

olicy Patrol MFT allows users to exchange files securely inside and outside the organization, without requiring the user to change the way they work. By making use of email rules, Policy Patrol can ensure that files are automatically exchanged according to company policy.

1.1 Why do you need Managed File Transfer?

All companies have a need to exchange files with external contacts. The most common way of exchanging files is by attaching them to an email. Although this is an easy and fast way of exchanging files, there are a number of disadvantages to this method:

1. Large attachments might not get through since most mail servers impose limits on the size of email attachments.

2. Email can be intercepted and confidential attachments can be exposed.

3. You cannot be sure that the intended recipient has received and downloaded your files.

Another solution is to use FTP to send and receive files. The problem with FTP is that it is usually not secure and it involves the Administrator setting up FTP accounts and maintaining these accounts and permissions which can be time intensive and pose delays for the user trying to send the files.

The other solution is to burn files on a CD or DVD and send them via courier. Needless to say this method is far from ideal; there is a high cost involved and it delays delivery.

Companies require a solution that allows their users to send and receive large and confidential files securely and instantly. A Managed File Transfer solution allows files to be uploaded to a secure server, from where the (if applicable authenticated) recipient can download the files and the sender receives confirmation that the files have been downloaded.

Chapter

1

P

1.2 Policy Patrol highlights

Policy Patrol offers the following capabilities:

• Send and receive files securely with external contacts.

• Send and receive files securely inside the organization.

• Standard Authentication for one-off contacts.

• Advanced Authentication for regular contacts and increased security.

• Automatically send email attachments securely without requiring user input.

• Specify conditions that must be met in order to send email attachments securely.

• Overcome email attachment size limits.

• Manage the life cycle of files.

• Central visibility into the files that are being exchanged by your company.

• Role based access

• Audit trail for each individual file, including who uploaded and downloaded the file and when.

• If download/upload is interrupted the process can be started from where it failed, instead of having to start from scratch again.

• Receive upload and download notifications.

1.3 Why Policy Patrol?

Policy Patrol integrates into your current email environment and lets you set company-wide rules for sending email attachments securely. The advantage of this is two-fold; Thanks to the Exchange Server integration the process is completely transparent to the user, and does not require the user to change the way they currently work. In addition, thanks to the comprehensive rules, companies no longer need to leave it up to the user to decide when to send files securely. Instead, the company can define rules and policies that will govern the sending of email attachments and rest assured that files are exchanged securely when necessary. Since the integration is at Exchange Server level, there is no client installation necessary. Users can also send file transfers via your company portal, and your customers and suppliers can send files to you via your website.

1.4 Conventions

Conventions used in this manual:

ƒ Bold text is used to signify a selection or button, for instance the Deliver button, or the option Move to Folder.

ƒ Courier font is used to signify text that must be entered in the program, for instance enter pricelist and click Submit to search for the term.

ƒ Paragraph and chapter names are listed in between parentheses, for instance for instructions on how to install Policy Patrol, consult chapter 2 ‘Installation’.

1 I N T R O D U C T I O N

ƒ Keys are displayed in capitals and in between brackets, such as [CAPS], [TAB] or [DELETE].

ƒ Throughout the manual there are Tips, Info and Notes that contain useful information:

Note type: Contains:

Tip Useful information to get the best out of Policy Patrol Info More in-depth, background information

Note Important notes that you should be aware of

Installation

his chapter describes the steps for installing the different Policy Patrol MFT components and their system requirements.

2.1 Introduction

The Policy Patrol MFT program consists of the following components:

1. Policy Patrol MFT Server

2. Policy Patrol MFT Agent (for Exchange)

The components must be installed in the order listed above.

 Note

The Policy Patrol MFT Agent is the only component that must be installed on an Exchange

Server machine. The Policy Patrol MFT Server can be installed on the same machine as the

Policy Patrol MFT Agent or on a different machine, depending on your preference.

2.2 Microsoft SQL Server or MySQL

Before installing the Policy Patrol MFT Server, Microsoft SQL Server or MySQL needs to be installed. For more information see the respective paragraph below.

2

T

2 I N S T A L L A T I O N

2.2.1 If you are using Microsoft SQL Server

Policy Patrol MFT supports Microsoft SQL Server 2008 R2 or 2012. Microsoft SQL Server must be installed before the Policy Patrol MFT Server is installed. Policy Patrol MFT can be installed on the same machine as Microsoft SQL Server, but it can also be installed on a different machine.

Note that if Microsoft SQL Server is installed on another machine, you must make sure that in Server Properties > Connections, the ‘Allow remote connections to this server’ checkbox is checked. Also, the SQL Database user (entered during the Policy Patrol MFT Server installation) needs to use SQL Server authentication, not Windows authentication.

2.2.2 If you are using MySQL

MySQL 5.1.37 or higher needs to be installed before installing the Policy Patrol MFT Server. For instructions on how to install MySQL, consult the following web page:

http://dev.mysql.com/doc/refman/5.5/en/installing.html. MySQL can be installed on the same machine as any of the Policy Patrol MFT components, but it can also be installed on a different machine.

Important: If MySQL is installed on a different machine follow the next steps before installing Policy Patrol MFT Server:

1. Open a DOS command prompt on the server that has MySQL installed. (e.g.: cd C:\Program Files\MySQL\MySQL Server 5.5\bin);

2. Run the following command from the mysql\bin directory: mysql -uroot -ppassword (in this case, password is your root password created when installing MySQL);

3. A mysql> prompt should be displayed.

4. To grant remote connection privileges, run the following commands:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'PASSWORD';

(where PASSWORD is the password used to connect to MySQL remotely from now on;

and root is the user you created and used for the Policy Patrol MFT instance) mysql> FLUSH PRIVILEGES;

mysql> exit;

2.3 Installing the MFT Server

The MFT Server is the component that securely stores the files on the file server. The MFT Server must be installed before the Policy Patrol MFT Agent can be installed.

2.3.1 Prerequisites

To install the Policy Patrol MFT Server, the following needs to be installed on the machine:

5 Windows Server 2012, 2008/2008 R2 or Windows SBS 2011 5 Microsoft Internet Information Services (IIS) 7

5 Microsoft .NET Framework 4.0 (if you do not have this installed, the Policy Patrol installation program will download and install it for you)

 Note

Before installing the Policy Patrol MFT Server, Microsoft SQL Server or MySQL needs to

be installed. For more information see the respective paragraph above.

We recommend using a machine that meets the Microsoft .NET Framework 4.0 system

requirements: Minimum 1Ghz processor, 512 MB RAM, and 60 MB free disk space for the Policy Patrol components. Note however that if you do not yet have Microsoft .NET 4.0 Framework installed this will require another 600 MB – 2 GB of disk space, depending on your operating system: http://msdn.microsoft.com/en-us/library/8z6watww.aspx.

2.3.2 Installation

To install Policy Patrol MFT Server follow the next steps:

1. Double-click on ppmftserver.exe. The Install Program will start up. If you do not have Microsoft .NET Framework installed, the Policy Patrol installation program will install it for you.

2. In the Welcome screen, click Next.

2 I N S T A L L A T I O N

4. In ‘Install Policy Patrol MFT Server to’ select the destination folder for the Policy Patrol installation. By default the program will be installed in C:\Program Files (x86)\Red Earth Software\Policy Patrol MFT\Server. If you wish to change the location, click Change and select another folder.

The ‘Temporary Storage Location’ is used for any temporary files that need to be stored by the MFT Server. By default this location is or C:\Program Files (x86)\Red Earth Software\Policy Patrol MFT\Server\Data\. If you need to change the location, click Change.

The ‘File Storage Location’ is used to store permanent files. Files that are sent and received by Policy Patrol MFT will be stored in this location until they expire or are removed. By default this location is C:\Program Files (x86)\Red Earth

Software\Policy Patrol MFT\Web\Storage\. If you want to change the file storage to another location on the current machine, click Change. If you want to use a network path, click Next and follow the instructions after installation in the Policy Patrol MFT Web Setup Wizard to change the location to a network path (see paragraph 2.5).

When you are ready, click Next.

5. In ‘Policy Patrol MFT Server IP (local IP address)’, your local IP address will be entered.

You only need to change this if your machine has multiple IP addresses. If you have multiple addresses, you must enter the IP address that the Policy Patrol MFT Server is being installed on.

In ‘Port’ enter the port to be used for communicating with the Policy Patrol MFT Agent. By default this is port 8000. If you want to use a different port, remember that you will need to enter the same port number when installing the Policy Patrol MFT Agent (point 6 in paragraph 2.4.2), since the Policy Patrol MFT Server and Agent ports must match.

It is recommended to leave the checkbox Add Port To Firewall ticked to ensure that your Windows Firewall is not blocking the communication between the Policy Patrol MFT components.

6. Enter the MySQL or MSSQL Server settings. Enter the IP Address or server name of the MySQL or MSSQL server to be used. If you are using MSSQL Express, you must use the full MSSQL server instance name, for example: SERVERNAME\SQLEXPRESS. Enter a Database user name and password. The Database user must have permissions to create a new database. Enter the database name that will be created, for instance ppmft_codata. Click Test Connection to verify that the settings were entered correctly.

Click Next to continue.

7. Create a Policy Patrol MFT Instance. In Site URL enter the subdomain and domain that will be used in your URL. For instance if you enter ‘upload’ as the subdomain, and

‘yourdomain.com’ as the domain, your Policy Patrol MFT URL will be as follows:

http://upload.yourdomain.com. Note that the subdomain should not include spaces and cannot be more than 100 characters. Make a note of the subdomain (in this example upload) since this is the name of the Policy Patrol MFT Server instance and needs to be entered during the Policy Patrol MFT Agent installation.

2 I N S T A L L A T I O N

8. Enter the Administrator account details. This account can be used to login to the Policy Patrol MFT Portal. Enter the Administrator’s First Name and Last Name. Enter the User Name to be used when logging onto the Policy Patrol MFT Portal. Enter the password and enter it again to confirm. Enter the Administrator’s email address. Enter the email address again to confirm.

9. Click Install to confirm the installation. If you want to review or change your installation settings, click Back.

10. In the Installation wizard complete dialog, click Finish.

2.4 Installing the Exchange Server Agent

This component processes and applies Exchange Rules. The Exchange Server Agent must be installed on the Exchange Server machine.

2.4.1 Prerequisites

The following programs need to be installed on the same machine:

5 Windows Server 2012, 2008/2008 R2 or Windows SBS 2011 5 Microsoft Exchange Server 2007, 2010 or 2013

5 Microsoft .NET Framework 4.0 (if you do not have this installed, the Policy Patrol installation program will download and install it for you)

 Note

The Policy Patrol MFT Agent must be installed on the Exchange Server machine. If you

have multiple Exchange Servers you must install Policy Patrol on the Exchange Server(s)

with the Hub Transport Role.

2.4.2 Installation

To install the Policy Patrol MFT Agent follow the next steps:

1. Double-click on ppmftagent.exe. The Install Program will start up. If you do not have Microsoft .NET Framework 4.0 installed, the Policy Patrol installation program will download it for you.

2. In the Welcome screen, click Next.

2 I N S T A L L A T I O N

3. Read the License Agreement and select I accept the terms in the license agreement to accept the agreement.

4. Select the destination folder for the Policy Patrol installation. By default the program will be installed in C:\Program Files\Red Earth Software\Policy Patrol MFT\Agent (32-bit) or C:\Program Files (x86)\Red Earth Software\Policy Patrol MFT\Agent (64-bit). If you wish to change the location, click Change and select another folder. When you are ready, click Next.

5. Enter the Policy Patrol MFT Agent Settings. In MFT Agent Name, enter the name for the agent. This name will be shown in the Agent list in the Policy Patrol MFT Portal. In MFT Instance Name, enter the MFT Instance Name (subdomain) you entered during the Policy Patrol MFT Server, in our example upload (See paragraph 2.3.2 point 7).

6. Enter the Policy Patrol MFT Agent IP Address and Port Settings. In Agent IP (Local IP Address), enter the IP address of the local machine.

In ‘MFT Server IP Address’, enter the IP address of the Policy Patrol MFT Server.

In ‘Port for communicating with the server’, enter the port to be used by the Policy Patrol MFT Agent to communicate with the Policy Patrol MFT Server. By default this is port 8000. If you changed the port during the Policy Patrol MFT Server installation (see point 5 in paragraph 2.3.2), you must enter the same port in this dialog (the Policy Patrol MFT Server and Agent ports must match).

Select the checkbox Add Firewall Rule For This Port if you want the installer to automatically insert an exception for the port in the Windows Firewall (recommended if you have Windows Firewall enabled).

7. Click Install to confirm the installation. If you want to review or change your installation settings, click Back.

8. In the Installation wizard complete dialog, click Finish.

2.5 Completing Setup

Now you must login to the Policy Patrol MFT Portal to complete the Setup.

2 I N S T A L L A T I O N

1. Login to the Policy Patrol MFT portal, in our example http://upload.yourdomain.com. Enter the credentials that you entered during the Policy Patrol MFT Server installation.

2. Click Next in the Web Setup Wizard screen.

3. Select whether you wish to store files on a local drive on the Policy Patrol MFT Server (Local Drive), or to a network path (Network Share). If you select Local Drive, the storage folder that was entered during installation will be used (see point 4 in paragraph 2.3.2).

If you select Network Share, you will be asked to enter the network path details:

In UNC Path To Remote Folder, enter the network path to the shared folder, for example

\\HostName\SharedFolder. Enter user credentials with access to the UNC path (note that the

2 I N S T A L L A T I O N

4. In SMTP Host, enter the IP address of the SMTP host. In SMTP Port, leave 25 entered, unless you know it uses a different port.

Click on Advanced Settings to see advanced options. Select Enable SSL to specify whether SSL is used to access the configured SMTP host. Select Ignore Certificate if you wish any SSL certificate warnings to be ignored. If the SMTP host requires SMTP authentication you must enter your Domain, i.e. YOURDOMAIN, user name and password.

When you are ready, click Next to continue.

5. In the My Account dialog, enter the account information for the Administrator.

Click Next. You have now completed the set up for Policy Patrol MFT. Click Finish to enter the Portal. You must now add users to Policy Patrol MFT as described in paragraph 2.6.

2.6 Adding Users to Policy Patrol MFT

You can add Policy Patrol MFT users by synchronizing with the Active Directory and adding members to the Policy Patrol MFT Active Directory Groups. Alternatively you can invite users by going to Users > Invite User in the Policy Patrol MFT Portal.

2 I N S T A L L A T I O N

2.6.1 Synchronizing users from Active Directory

If you wish to automatically add Policy Patrol MFT users by applying group memberships in Active Directory, you must follow the next steps in the Policy Patrol MFT Portal:

1. Go to Settings > Active Directory.

2. In ‘Server Address’ enter the IP address of your Domain Controller. Enter the

Administrator username (DOMAIN\Username) and password. This account must have rights to create groups in Active Directory. If you select Enable synchronization, Policy Patrol will query the Policy Patrol Active Directory Groups for new users. If Policy Patrol finds new users it will add them to the Unlicensed users list. Select

Automatically license new users if you wish to automatically add any new users to the Licensed users group.

 Note

Licensed users can send and receive transfers. Unlicensed users can only see past transfers.

3. When you are ready, Click Update. If everything is correct, you should see a green circle with a check mark followed by: ‘Active Directory synchronization is running’.

You will now see three Policy Patrol MFT Groups in Active Directory:

Group Default members

Policy Patrol MFT Compliance Officers No default members Policy Patrol MFT Administrators Domain Administrators Policy Patrol MFT Users No default members

By default the Domain Administrators are a member of the Policy Patrol MFT Administrators group. The different permissions per user group are described in the paragraph ‘Policy Patrol user groups’. In order to allow users to send and receive transfers, you must add them to one of the Policy Patrol MFT groups.

 Note

In order to provide users access to Policy Patrol MFT, they will need to be added as a

member of one of the Policy Patrol MFT Active Directory groups, or they need to be

invited as a user (see below).

2.6.2 Inviting users to Policy Patrol MFT

In addition to synchronizing with Active Directory, you can also invite users as follows:

1. Go to Users > Invite New User.

2 I N S T A L L A T I O N

2. Enter the user details: First Name, Last Name, and Email Address. In Username, enter the suggested user name (the user name is used when the user logs on to the Portal).

This user name will be prefilled when they create their account. If desired, the user can change the user name when setting up their account. In Custom Message, enter the message you would like to include (if any). This message will be inserted into the User invitation message. Select the user role for this user: User, Administrator or Compliance Officer. Click Invite. The user will be listed under Pending User Invitations.

3. The user will now receive an invitation email that will ask the user to click on the link in the email to create their user account. When they click on the link, they will be asked to enter their account details. If they did not receive the invitation email, go to Users >

View Pending Invitations. Click on Resend Invitation for the User.

4. The user will then receive an email asking them to activate their account. The account will now be enabled and the user will be listed under Users > Manage Users.

 Info

The texts for invitation and activation emails can be edited in Settings > Email Templates.

2.7 Policy Patrol user groups

Policy Patrol MFT can be used by three different user groups, based on their role within the organization:

• Policy Patrol MFT Compliance Officers (these users have access to all options in the program and can view all users’ transfers, and permanently delete transfers and files from the Deleted folder).

• Policy Patrol MFT Administrators (these users can access all settings, add licenses, install components, but can only view their own transfers - they have no access to file transfers from other users. They also cannot permanently delete files and transfers, only move transfers to the deleted folder).

• Policy Patrol MFT Users (these users can invite contacts, move files and transfers to deleted items, but can only view their own transfers and cannot view settings or permanently delete from deleted items).

2.7.1 Group permissions

Below is an overview of the permissions per user group:

Permissions Compliance Officers Administrators Users

View your own transfers Yes Yes Yes

View transfers of others Yes No No

Permanently remove from deleted Yes No No

View Settings node Yes Yes No

Disable contacts Yes Yes Yes

Reset password for contact Yes Yes Yes

Delete contact Yes No No

View deleted items folder Yes No No

2.8 Uninstalling Policy Patrol

When uninstalling Policy Patrol MFT, uninstall each component from Add or Remove programs.

Make sure however, that you uninstall Policy Patrol MFT Server last.

File Transfers

his chapter describes how to initiate new file transfers and the different transfer options that are available. In addition it describes how to manage file transfers including

searching, expiring and deleting file transfers.

3.1 New Transfer

Files can be uploaded by clicking on New Transfer .

Chapter

3

T

To select files to be uploaded, click on Add Files or the plus sign (+). Alternatively, drag and drop files into the area marked with ‘Drag files here’. You can select single or multiple files. You can also select entire folders to be uploaded.

Each file will appear in the list along with the size of the file. The total size of all files will also be listed. If you want to remove a file from the upload, click on the minus sign (-) next to the file.

Click on the Thumbnails button in the top right corner to see the thumbnails for the files. To go back to the List view, click on the List button next to it.

To upload the files to the Policy Patrol MFT server click on ‘Start Upload’. Note that you do not need to click on Start Upload; when you click ‘Send’ the files will automatically be uploaded too.

Now enter the name and email address of the recipient and the subject for the email. Multiple recipients need to be separated by a comma.

If you wish to add a message, click on Add a message and enter the message to be included in the email notification to the recipient.

3 F I L E T R A N S F E R S

In Adjust Transfer Settings there are a number of further options available that are discussed in the next paragraphs.

When you are ready, click Send. The file transfer will now be listed in your Outbox folder.

If you are not ready to send the transfer yet, you can click Save. The transfer will be saved in your Drafts folder. To send the transfer from Drafts, click on the Edit button for the Transfer and click on the Send button.

3.1.1 Authentication Options

Select whether you wish to send the file(s) using Standard Authentication or Advanced Authentication.

If Standard Authentication is selected, the recipient will receive an email with a unique URL in the email to the uploaded file(s). The advantage of this method is that it is easy for the recipient to retrieve the files. The recipient simply has to click on the link and download the files from a web page. The disadvantage of this method is that theoretically anyone who intercepts the email is able to download the files.

Advanced Authentication is a more secure way of sending files. If Advanced

Authentication is selected, the recipient will receive an email that they have received a new transfer. When they click on the download link they will be asked to enter their Policy Patrol MFT credentials, after which the files will be downloaded.

If the contact does not yet have an existing account, the contact will automatically receive an invitation email asking them to create a new user account. After creating the account, the contact will be able to download the files.

3.1.2 Expiration options

Select whether you wish the files to expire. You can either select to expire the file(s) after a certain number of days, and/or you can select to expire the file(s) when they have been downloaded for a specified number of times per recipient. If you select to expire the files after a certain number of days, the expiration date will be shown in the Expiration column of the Transfer details. Once this expiration date is reached, the files will no longer be available to the recipient and the transfer will be marked as Expired in the Sender’s Outbox folder.

If you select to allow only a certain number of downloads per recipient, the recipient will automatically be denied access to the file once the maximum number of downloads is reached.

3 F I L E T R A N S F E R S

3.1.3 Notification options

You can select from a number of notification options:

3.1.3.1 Upload notifications

Select Send notification when upload succeeds to receive an email notification when your files are successfully uploaded. If you select the option Send notification when upload fails, you will receive an email if there is a failure during upload.

3.1.3.2 Download notifications

You can also select to receive a download notice when the file is downloaded by the recipient.

Select On First Download if you only wish to receive a notification the first time the recipient downloads the file(s). If you wish to receive a notification each time the files are downloaded by the recipient, select On Every Download. If you do not want to receive a download notice, select Never.

3.2 Inbox

You can view all incoming transfers by going to Inbox. The sender, subject, recipient, date received, and number of files will be listed for each file transfer you received.

 Note

If the sender or recipient name is not known, the email address will be displayed.

Click on the transfer to view the details (you can click on any item, e.g. subject, sender, etc).

The details pane shows the sender, recipient, date and message for the file. For each file included in the file transfer, the file name and size will be displayed. To download the file, click on the download link next to the file.

To return to the Inbox view, click << Back.

 Note

When an incoming file transfer expires (i.e. the expiration date is reached or your maximum number of downloads is reached) the file transfer will no longer be listed in the Inbox.

If you wish to delete a file transfer, select the checkbox next to the file transfer and click on the Delete button. A warning dialog will pop up. If you choose Yes, the selected transfer is moved to the Deleted folder. The file(s) will still remain on the File Server though.

A warning dialog will pop up. If you choose OK, the selected files are moved to the Deleted folder. If only one file is deleted from a transfer with several files, the deleted file will be listed in the Deleted folder identically to the original transfer, but the only file in the transfer in the Deleted items will be the deleted file. The other files will remain in the File Transfers in the Inbox folder. The file(s) will still remain on the file server though.

3.3 Outbox

You can view all sent transfers by going to Outbox. The recipient, subject, date sent, number of files, and status will be listed for each transfer you sent (and has not been deleted).

Click on the transfer to view the details (you can click on any item, e.g. subject, sender, etc).

The details pane shows the sender, recipient, date and message for the file. For each file included in the file transfer, the file name, size, and status will be displayed. To download the file, click on the download link.

If you wish to view or change the expiration date or maximum number of downloads, you can click on the Details button . The Details button next to the file transfer will show information about all the files in the transfer, if you click on the > sign next to the file transfer and then on the Details button next to the file name you wil see information about that file only.

The Expiration tab includes information on the expiration date for the file. The Download Limit tab includes information on the number of times the file was downloaded and the maximum number of allowed downloads.

To change the expiration date, click on the Expiration tab and select the option ..expire on.. (where the selected date will be the expiration date), ..expire in.. (where you enter the number of days the file should be available from today) or .. extend by.. (where you enter the number of additional days the file should be available after the existing expiration date). Click Apply to save the changes.

3 F I L E T R A N S F E R S

To change the maximum number of allowed downloads, click on the Download Limit tab and enter the additional number of downloads that you wish to apply (this will be in addition to the number of allowed downloads listed at the top of the dialog). Click Apply to save the changes.

If you change the expiration date to a date that has passed, the files will marked as Expired. The file(s) will still remain on the File Server, however the recipient will no longer have access to the files.

If you only expire one file from a transfer with several files, the file will show as Expired in the list and will no longer be available to the recipient. All other files in the file transfer will still be available.

If you wish to delete a file transfer, select the file transfer and click on the Delete button. A warning message will appear. If you choose OK, the file transfer is moved to the Deleted folder.

The file(s) will still remain on the File Server, however the recipient will no longer have access to the files (if the recipient clicks on the file link, they will see a message saying that the file has expired and is no longer available).

To delete an individual file, select the file(s) to be deleted and click on the Delete button.

A warning dialog will pop up. If you choose OK, the selected files are moved to the Deleted folder and will be listed under the file transfer. The file(s) will still remain on the file server, however the recipient will no longer have access to the files.

3.4 Drafts

Drafts Transfers are transfers that have not yet been sent. Draft Transfers are created by going to New Transfer and then clicking Save instead of Send. You can view all draft transfers by going to Drafts. The subject, recipient, and number of files will be listed for each draft file transfer.

 Note

If the sender or recipient name is not known, the email address will be displayed.

If you wish to send a draft file transfer, select the transfer and click on the Edit button. You will now go to the New Transfer dialog. Make any necessary changes and click on the Send button.

To delete a file transfer from Drafts, click on the Delete button next to the file transfer. The item will now no longer appear in Drafts.

3.5 Deleted

You can view all deleted transfers by going to Deleted. The sender, subject, recipient, date received, and number of files will be listed for each transfer that was deleted.

 Note

If the sender or recipient name is not known, the email address will be displayed.

If you wish to permanently delete a file transfer, select the transfer to be permanently deleted and click on the Purge button (note that this button is only available to Compliance Officers). A warning dialog will pop up. If you click OK, the transfer and its associated files will be permanently removed from the file server. If the recipient clicks on the link of an expired or deleted file, they will see a message saying that the file has expired and is no longer available.

If you wish to permanently delete only certain files from the file transfer, select the file(s) to be permanently deleted and click on the Purge button (note that this button is only available to Compliance Officers). A warning dialog will pop up. If you click OK, the selected files will be

3 F I L E T R A N S F E R S

the Deleted folder and on the file server. If the recipient clicks on the link of an expired or deleted file, they will see a message saying that the file has expired and is no longer available.

Click on the > sign next to the transfer to see the files included in the transfer. The File Name and Size will be listed, along with a download icon to download the file.

 Note

You cannot edit the Expiration date or Maximum number of downloads for a Deleted transfer. To do this, you would have to restore the file transfer or file first.

To restore a file transfer, select the appropriate file transfer(s) and click on the Restore button.

The selected file transfers will be moved from the Deleted folder to the appropriate folder (Inbox or Outbox).

To restore individual files only, select the appropriate file(s) and click on the Restore button. A dialog will pop up asking you to confirm whether you wish to restore the selected file(s). When you click OK, the selected files will be moved from the Deleted folder to the appropriate folder (Inbox or Outbox).

If not all files from a transfer are restored, only the selected file(s) will be moved. The file transfer will remain listed in the Deleted folder but will only show the other remaining file(s). If there is only one file in the transfer, restoring the file will also restore and move the entire transfer out of the Deleted folder and back to the appropriate folder.

 Note

If an incoming file transfer is deleted, it will remain visible in the Deleted folder until it expires (i.e. the expiration date is reached or the maximum number of downloads per recipient is reached). When it expires, the file transfer will no longer be listed in the Deleted folder.

3.6 Search File Transfers

Policy Patrol MFT includes a simple search field that is accessible in the top right corner of the Portal. If you enter a search query in this field, Policy Patrol will search for items and will display any results that match.

Policy Patrol will search the following fields:

Sender: This includes the name and email address of the sender.

Recipient: This includes the name and email address of the recipient.

Subject: This is the subject of the file transfer or email.

Body: This is the body of the email or the optional message that was entered during the file transfer.

File name: The name of the files in the transfer.

Contacts

olicy Patrol MFT allows you to send secure file transfers to contacts outside your organization. If using Advanced Authentication, contacts need to create an account in order to be authenticated. This chapter describes how to manage and create accounts for contacts and how they can download files.

4.1 Manage contacts

Go to Contacts > Manage contacts to see a list of contacts that have set up an account and can use Advanced Authentication. For each contact the name, company, email address, and status will be displayed.

Chapter

4

P

To temporarily disable a contact, click on the Disable button next to the contact. If the contact goes to the Policy Patrol MFT portal, or clicks on a file download link, they will see a message saying that their account has been disabled. To enable a contact again, click on the Enable button next to the contact.

To reset the password for the contact, click on Reset Password. The contact will receive an email asking them to create a new password.

Note that there are no action buttons for contacts using an external account to sign in, such as Google or LinkedIn.

4.2 Invite Contacts

There are three ways to invite new contacts to set up an account in order to exchange secure files with you:

1. By sending the new contact secure files through the New Transfer page and selecting the Advanced Authentication option.

2. By going to Invite Contacts and submitting an invitation to create a new account (you would choose this option if you wish to receive files from this recipient, or if you wish the recipient to create the account before you send any files for increased security).

3. By sending the contact an email for which an email policy rule applies with Advanced Authentication.

To invite a new contact, go to Contacts > Invite New Contact. Enter the first name, last name and email address, company and suggested user name. The email will already include the standard email template. If you wish to add a custom message too, you can do this by entering text in the Message field. When you are ready, click Invite.

4 C O N T A C T S

Once a contact has been sent an invitation they will be listed in Pending Invitations. When the contact clicks on the verification link in the email and sets up their account, the contact will be moved from Pending Invitations and will be listed under Manage contacts.

If the contact has not yet set up their account you can resend the invitation email by clicking on the button Resend Invitation. If you wish to delete a pending invitation, you can click on the Delete button.

4.3 Setting up a New Account

After sending an invitation to a new contact, the contact will receive an invitation email (the email text can be customized in Email Templates). The invitation email will contain a link that will show a dialog allowing the user to create a new account in Policy Patrol MFT or sign in with an existing Google or LinkedIn account.

To create a new account in Policy Patrol MFT, click on Create new Policy Patrol MFT Account.

The contact will now be asked to enter their name, email address, company name and password.

They must also select a security question from the list and enter the answer to the security question (the answer is not case sensitive). If the user forgets their password, they will be able to reset their password by providing the correct answer to the security question.

After the contact clicks on the button Create Account, the contact will receive a verification email with a link. When the contact clicks on the link in the email, the account will be enabled. If the contact does not click on the link to verify the email address, the Contact will be listed in de the Pending Contact Invitations list.

To use an existing Google or LinkedIn account, the contact must click on the appropriate button and enter their login details. An additional dialog will appear asking the contact to enter some additional information. After completing the account creation, an activation link will be sent to the contact’s email address. The account will be enabled when the contact clicks on the activation link. The contact will now be able to login to Policy Patrol MFT by clicking on the Google or LinkedIn button and entering their login details.

4 C O N T A C T S

If the Contact has forgotten their password, they will be able to click on the I forgot my password link. The contact must enter the answer to their security question. If the answer to the security question is correct, the Contact is sent an email with a link from where they can reset their password.

You can also reset the password for a contact from Manage Contacts (see paragraph 4.1). If you reset the password for a contact, they will receive an email with a link to reset their password.

4.4 Downloading Files

When the Contact has received new files and clicks on the download link, the Contact will be asked to enter their Policy Patrol MFT portal login details. The download will start automatically after entering the details.

4 C O N T A C T S

4.5 Inbox

Contacts will be able to browse incoming file transfers by going to the Inbox folder.

When a transfer expires or is deleted by the Sender, the file transfer will no longer be displayed in the Inbox. If a Contact clicks on a link in an email notification of an expired or deleted transfer, the Contact will see a message saying that the files have expired.

To view and download the files of the file transfer, the Contact must click on the > sign next to the File Transfer. To delete the transfer, the Contact can select the checkbox next to the transfer and click on the Delete button. To delete individual files, the checkbox next to the file must be selected and then the Contact must click Delete.

4.6 Outbox

Contacts can browse their outgoing file transfers from the Outbox.

4.7 Drafts

The Drafts folder lists saved transfers that have not yet been sent.

4.8 New Transfer

Contacts will be able to send files securely to your organization by going to New Transfer. The options will be the same as described in Chapter 3.

 Note

Contacts can only send files to Policy Patrol MFT users, not to contacts or other external email addresses.

4.9 Changing Account Information

If you wish to change your details or your security question and answer, you can do this by going to My Account > My Information. Click Save to save any changes.

To change your password, go to Change Password. Enter your old password and your new password. Confirm your new password and click Save.

Users

olicy Patrol MFT licenses users from your Active Directory. This chapter describes how to import users, license users and disable users.

5.1 Manage users

In Manage users you will see a list of Active Users, Unlicensed Users and Disabled Users.

Users in the Active Users list are able to send and receive files through Policy Patrol MFT.

Chapter

5

P

To disable a user, click on the Disable button next to the user. The user will now be moved from the Active Users list to the Disabled Users list.

To unlicense a user, click on the Unlicense button next to the user. The user will now be moved from the Active Users list to the Unlicensed Users list.

5.2 Invite users

To invite a new user, go to Users > Invite New user. Enter the First name, Last name, Email address, Suggested user name and message. Click Invite. The user will receive an invitation email. Until the user creates their account, they will be listed in Pending Invitations.

To delete a user from Pending Invitations, click on the Delete button next to the user in Pending Invitations. To resend the invitation to the user, click on the Resend Invitation button next to the user.

5.3 Changing Account Information

If the user account is synchronized with Active Directory, the user will not be able to make any changes to their account or password since Policy Patrol MFT will use Windows Integrated

5 U S E R S

If the user was invited to become a Policy Patrol User without Active Directory synchronization, the user will be able to change their password and update their security question, by clicking on My Account .

In My Information, the user can change their name, company and security question and answer. Click Save to apply the changes.

To change your password, go to Change Password. Enter your Old Password and then enter your new password in New Password and enter it again in Confirm password. Click Save to update the password.

Exchange Agents & Rules

olicy Patrol MFT allows you to set central policies to ensure the secure transfer of certain files without requiring any user intervention. Exchange Server Rules allow you to set policies for your email attachments.

6.1 Agent Management

Chapter

6

P

 Note

The Exchange Agents node is only visible to Administrators and Compliance Officers.

When Exchange Agents are installed they are automatically added to the list. The Exchange Agents are used to run rules on incoming and outgoing emails and are installed on the Exchange Server.

For each Agent the Name, Address, and State (Disconnected/Connected) is listed. To disconnect an Agent, click on the Disconnect button.

Agents listed in Known Agents have not been registered.

6.2 Agent Rules

Policy Patrol allows you to configure rules that specify which email attachments must be sent via secure transfer. This gives you the peace of mind that certain attachments will always be sent via secure transfer, without requiring any action on the user’s part.

To create a new Rule, go to Settings > Manage Rules and click on the Add Rule button. A rules wizard will appear that will guide you through a number of dialogs.

Notice that the bottom pane contains the rule description. This description is updated each time you make new selections.

You will be guided through the following dialogs:

6.2.1 General

In the General dialog you must enter the Rule Name, Rule Description and select whether the rule is Enabled. When ready, click on the right arrow to go to the next dialog.

6 E X C H A N G E A G E N T S

6.2.2 Rule Users

Select the Users for the rule. Select All users to apply the rule to all users listed as Active users in Users > Manage users. Select Selected users if you wish to apply the rule to specific users only.

6.2.3 Rule Direction

Select the Direction for the rule. You can select Internally Sent, Internally Received, Externally Sent, Externally Received.

6 E X C H A N G E A G E N T S

6.2.4 Rule Conditions

In the Conditions dialog you can select which conditions must trigger the rule.

If you select multiple conditions you can select Match any of the conditions or Match all of the conditions. For instance if you wish to send all files via secure file transfer that have a sensitivity of Confidential and are larger than 1 MB, you must select Match all of the conditions. If you wish to send attachments larger than 1 MB via secure file transfer, as well as emails that have been marked as Confidential, then you must select Match any of the conditions.

The following conditions are available:

Priority

To trigger the rule when a certain message priority is set, select the option Priority. Select the Priorities that should trigger the rule. You can select from High, Normal and Low.

Sensitivity

To trigger the rule when a certain message sensitivity is set, select the option Sensitivity.

Select the Sensitivity options that should trigger the rule. You can select from Normal, Personal, Private and Confidential.

6 E X C H A N G E A G E N T S

Attachment Size

To trigger the rule only for certain attachment sizes, select the condition Attachment Size.

Select whether the size should be Greater Than, Less Than, Between or Not Between.

Enter the size and select B, KB, MB or GB.

Select the option Add up all attachments, if you wish Policy Patrol to count the total of the attachments, rather than the individual attachment. For instance with this option

selected, an email with two attachments, one of 5 MB and the other of 3 MB would trigger a rule with the attachment size condition of Greater Than 7 MB. However if you do not select the option Add up all attachments, each attachment is counted individually and the rule would not trigger.

Attachment Count

To trigger the rule when a certain number of attachments exist, select the condition Attachment Count. Select Equal To, Greater Than, Less Than, Between or Not Between.

Enter the number of attachments that should trigger the rule.

Attachment Extension

To trigger the rule when a certain type of file is attached, select the condition Attachment Extension. In the File Type Extensions box, enter the email attachment extensions for which the rule should trigger. If you want to enter multiple extensions, separate them by a comma. For instance, if you want to trigger the rule for Microsoft Word documents and pdf files, enter doc, docx, pdf.

Note that if this condition is set, the rule will only trigger for the attachment extensions listed. So if you have specified doc, docx, pdf in the File Type Extensions box and an email contains a pdf and an xlsx attachment, Policy Patrol MFT will remove the pdf attachment

and insert a secure link to the pdf file. The xlsx file will remain as an attachment to the email.

To edit a condition that you have configured, click on the edit link next to the condition.

6.2.5 Rule Exceptions

In the Exceptions dialog you can select which exceptions should prevent the rule from triggering.

6 E X C H A N G E A G E N T S

If you select multiple exceptions you can select Match any of the exceptions or Match all of the exceptions. For instance if you wish to send all files via secure file transfer but not those that have a sensitivity of Normal and are smaller than 1 MB, you must select Match all of the exceptions. If you wish to exclude emails with attachments smaller than 1 MB via secure file transfer, as well as emails that have been marked as Normal, then you must select Match any of the exceptions.

The available exceptions are the same as the conditions discussed in the previous paragraph.

6.2.6 Rule Actions

In the last step you need to select the secure file transfer options.

In Authentication Mode, select Standard Authentication or Advanced Authentication. If Standard Authentication is selected, the recipient will be able to download the file without entering a password. If Advanced Authentication is selected, the recipient will first have to enter their Policy Patrol MFT credentials before they can download the file. If the recipient is not yet set up as a Policy Patrol MFT contact, they will receive an email asking them to create an account. Once they have created an account they will be able to download the file.

In ‘Send download notification to sender’, select Never, First Download, Every

Download. If you select First Download, you will only receive an email notification the first time the file is downloaded. If you select Every Download, you will receive an email notification each time the file is downloaded.

Select whether you wish to receive a notification is the transfer fails or succeeds. Select When Upload Fails to receive an email notification when the upload fails. Select When Upload Succeeds to receive an email notification when the upload is successful.

In Expire After, enter the number of days after which the file transfer must expire. For instance you can select to expire the files in 30 days. When files expire, the sender will still see the files in their Outbox but the recipient can no longer see them in their Inbox (in the

6 E X C H A N G E A G E N T S

In Max downloads per recipient enter the maximum number of downloads per recipient.

In Rule Affects, select which type of attachments the rule should apply to. If you select Standard attachments only, the rule will only replace attached files (where the sender clicked on the paperclip icon) with download links. If you select Inline attachments only, the rule will only replace pictures that have been inserted into the email message itself with a download link. If you select All attachments, the rule will replace all attachments and inserted pictures with a download link.

 Note

Inline attachments are pictures or objects that have been inserted in the email message itself.

Standard attachments are files that have been attached to the message.

When you are ready, click Save to save the rule. The rule will now appear in the Rule list.

6.2.7 Editing a Rule

If you wish to edit an existing rule, click on the Edit button.

After making changes, click Finish to apply the changes to the rule.

6.2.8 Ordering rules

If you wish to change the order in which rules are applied, you can click on the up or down arrow next to the rule.

Settings

his chapter describes the different settings that can be configured for Policy Patrol MFT, including Email SMTP Settings, Active Directory, My Account settings, Widgets, and Email Templates, Branding, Default Transfer settings, Retention Policy and Anti Virus. All settings are available form the Settings drop down menu.

7.1 SMTP Settings

This tab shows your SMTP settings. After installing Policy Patrol MFT you entered the SMTP settings. If you need to make any changes, you can do so from here. In SMTP Host, enter the IP address of the SMTP host. In SMTP Port, leave 25 entered unless you know it uses a different port. Select Enable SSL to specify whether SSL is used to access the configured SMTP host.

Select Ignore Certificate if you wish any SSL certificate warnings to be ignored. If the SMTP host requires SMTP authentication you must enter your Domain, i.e. NEWHOUSINGCORP, user name and password. Click Next to continue.

7

T

7.2 Send Test Email

If you wish to send a test email to verify that your SMTP settings are properly configured, you can do this from the Test Email tab. Enter a From and To email address and click on the Send Email button. Note: make sure that the From email address is a valid internal email address.

Verify that the email arrives at the To address. If the test email arrives, your SMTP settings are correct.

7.3 Active Directory

The Active Directory dialog includes information about the Active Directory Domain controller, synchronization and licensing options.

If the Active Directory settings are not correct, an error message will be shown.

In ‘Server Address’ enter the IP address of your Domain Controller. Enter the Administrator username (DOMAIN\Username) and password. This account must have rights to create groups in Active Directory). Select Enable synchronization in order to synchronize any Policy Patrol MFT Active Directory group membership changes. Select Automatically license new users if you wish to automatically license any new members that are added to the Policy Patrol MFT groups.

When you are ready, click Update. If everything is correct, you should see a green circle with a check mark followed by: ‘Active Directory synchronization is running’.

7.4 Updates

This tab displays the Policy Patrol MFT version that is installed.

7.5 Licenses

To view current product licenses, go to Licenses. For each installed license, the Key, Type Status and Description will be shown. If the license will expire, the expiration date is provided in the description. To enter your product license, and click on Add. Existing licenses will be listed. To remove an existing license from the list, click on Remove next to the license.

7.6 Widgets

Widgets are forms used on your website to allow customers and suppliers to send you files via secure file transfer. For instance, a widget can be used for clients to send confidential and/or large documents to your company.