Symantec Secure Proxy Administration Guide

(1)

(2)

Documentation version: 4.4 (2)

Legal Notice

Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

(3)

Symantec Corporation 350 Ellis Street

(4)

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the right amount of service for any size organization

■ Telephone and/or Web-based support that provides rapid response and up-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis

■ Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our website at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support information at the following URL:

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem.

When you contact Technical Support, please have the following information available:

■ Product release level

(5)

■ Available memory, disk space, and NIC information

■ Operating system ■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec ■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

Customer service

Customer service information is available at the following URL: www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts ■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

(6)

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:

[email protected] Asia-Pacific and Japan

[email protected] Europe, Middle-East, and Africa

(7)

Setting up an email proxy

for Symantec App Center

This document includes the following topics:

■ Restricting mobile device access to organizational email

■ Setting up the email proxy

■ Selecting your email proxy deployment model

■ Installing and registering the email proxy

■ Installing SSL certificates for the email proxy

■ Creating, configuring, and managing email proxy clusters

■ Testing your email proxy

■ Creating device policies that route email access through your email proxy

■ Blocking email access for non-compliant devices ■ Monitoring the health of your email proxy

■ Unregistering your email proxy

■ Uninstalling your email proxy

(8)

Restricting mobile device access to organizational

email

Symantec App Center integrates with the Secure Email Proxy to manage access to your organization's Exchange ActiveSync mail server. It provides an access control point for email traffic to registered devices. When users attempt to access corporate email from their devices, the connection requests are routed through the email proxy. The email proxy verifies the connections come from approved users on registered devices.

Supported email apps are as follows:

■ Symantec Secure Email (Mobile device management (MDM ) is optional)

■ Android 4.x

■ iOS 7/6

■ iOS Native email app (MDM is required) iOS 7/6

Setting up the email proxy

Follow this workflow to install and set up email proxy and integrate it with Symantec App Center.

Table 1-1 Email proxy installation and setup workflow Description

Task Phase

Decide how you want to deploy the email proxy in your environment.

See“Selecting your email proxy deployment model” on page 10.

Select a deployment model.

1

Install and register the email proxy through the command line.

See“Installing and registering the email proxy”on page 12. Install and register

the proxy. 2

(9)

Table 1-1 Email proxy installation and setup workflow (continued) Description

Task Phase

You only need to install SSL certificates if you use SSL authentication.

See“Installing SSL certificates for the email proxy” on page 13.

Install SSL certificates. 3

optional

Clusters let you assign the same configurations to multiple proxies.

See“Creating, configuring, and managing email proxy clusters”on page 15.

Create and configure clusters. 4

Before you deploy the proxy in your environment, test it first.

See“Testing your email proxy”on page 17. Test the proxy.

5

You can create rules to block email access when a device is non-compliant.

See“Blocking email access for non-compliant devices” on page 22.

Create a compliance rule.

6 optional

Your device policy must specify the Exchange ActiveSync host name or IP address of your proxy server or load balancer. It must also specify which email apps are supported and if MDM is required.

See“Creating device policies that route email access through your email proxy”on page 19.

Create a device policy.

7

You can monitor the health of your proxies from the Admin Console.

See“Monitoring the health of your email proxy”on page 22. Monitor the health of

your proxies. 8

Clickherefor the interactive workflow.

More information

See“Restricting mobile device access to organizational email”on page 8.

Get started

See“Selecting your email proxy deployment model”on page 10.

9 Setting up an email proxy for Symantec App Center

(10)

Selecting your email proxy deployment model

Before you install Secure Email Proxy and integrate it with Symantec App Center, you should consider which deployment option best suits your environment. The deployment options are based on where the SSL connection terminates. The proxy must terminate the SSL connection or it receives traffic and clear text.

Deployment options are as follows:

■ SSL termination at proxy

■ SSL termination at a load balancer

You can stand up multiple proxies behind the load balancer. Each proxy runs independently and communicates with App Center; however, there is no data sharing between proxies. You can add and remove proxies as needed to handle additional loads. The load balancer is expected to handle failover.

When you use a load balancer, the recommended setting is to round-robin with persistence.

Note:Do not install the Secure App Proxy and Secure Email Proxy on the same server.

Figure 1-1 Typical email proxy deployment model

Deployment recommendations are as follows:

■ No more than 5,000 connections per proxy.¹

(11)

■ Install your proxy in a DMZ or behind a firewall.

■ No more than one proxy per Exchange Client Access server (CAS).¹

¹ Microsoft recommendations

Refer to the following table for information about connectivity:

The email proxy makes HTTPS requests to App Center by connecting over SSL through port 443.

Between the proxy and App Center

ActiveSync is an HTTP-based protocol and, therefore, the device makes a HTTP/S request to the proxy (HTTPS is recommended). If HTTPS is used, you can install SSL certificates on a load balancer in front of the proxy, on the proxy, or both. You must determine the best point(s) of SSL termination based on your organization's architecture and requirements.

While you can configure the email proxy to listen on any port regardless of whether you use SSL, standard practices are to configure port 80 for non-SSL traffic and port 443 for SSL HTTP/S traffic. Therefore, the deployment scenario you select determines which ports you should open. You configure the listening port for the email proxy during proxy installation.

See“Installing and registering the email proxy”on page 12. Note:You can configure the iOS native email client to connect over any port, but the Secure Email client always connects over port 443 for HTTPS traffic.

Between the device and the proxy

You can configure CAS servers to listen with or without SSL. Typically, SSL is configured, and the proxy connects to it over port 443. You enable SSL and specify the port in the App Center Admin Console.

See“Creating, configuring, and managing email proxy clusters” on page 15.

Between the proxy and Exchange

More information

Hardening your App Center Secure Email Proxy

(12)

Installing and registering the email proxy

After you decide on your deployment model, you're ready to install the email proxy and register it with Symantec App Center.

What you'll need

■ Server on which to install the email proxy

The server on which you install the proxy must meet the following minimum system requirements:

■ 4 cores

■ 8-GB RAM ■ 20-GB disk space

■ Physical or virtual machine 64-bit CentOS/RHEL 6.4 See“Install libicu”on page 13.

■ Java JRE 1.7.0_51 or later

■ Recommend two NICs: one internal facing; one external facing

■ For proxy installation, you'll need the following:

■ IP address and port for receiving incoming connections

■ Proxy name

The proxy name is arbitrary, but it must be unique. It's the name by which App Center knows the proxy server.

■ For proxy registration, you'll need the following: ■ Your App Center URL

For example:

http://AppCenter.example.com

■ User name and password

A user that has admin rights to App Center Download the email proxy .iso file

◆ In the Admin Console, click Downloads > Download Secure Email Proxy. Tip: This option appears at the bottom of the Downloads page.

(13)

Install libicu

The email proxy needs the libicu package. On RHEL 6.4 installations, you may need to install libicu prior to installing the email proxy.

◆ On the server on which you install Secure Email Proxy, type the following command:

yum install libicu

Install and register your email proxy

1

Copy the .iso to the server and mount it.

2

Run the following command:

#./setup.sh install

3

Follow the installation script.

The installation script prompts you to register your proxy, but you can also register later through the command line.

Important: You must register the proxy for the proxy and App Center to communicate, and it must be registered before it can be added to a cluster. See“Secure Email Proxy command line tools”on page 25.

Tip: If any installation or registration issues occur, refer to the logs. See“Secure Email Proxy default file locations”on page 26.

More information

See“Restricting mobile device access to organizational email”on page 8. See“Selecting your email proxy deployment model”on page 10.

Installing SSL certificates for the email proxy

After you install the email proxy and register it with Symantec App Center, you have the option to set up SSL certificates on the proxy server. The SSL certificate chain must begin with the server certificate and the chained-certificate bundle must be concatenated after the server certificate. For more information, see the section on SSL certificate chains at the following Nginx website.

http://nginx.org/en/docs/http/configuring_https_servers.html#chains

(14)

The certificate file should include all of the certificates in the same order of the certificate chain, starting from the SSL certificate itself down to the root CA (but excluding the root).

Set up the SSL certificate on your proxy server

1

Copy the certificate file to the following directory:

/usr/local/nginx/certs/

2

Open the nginx.conf file in the following directory: /usr/local/nginx/conf

3

In the server section in the http configuration block, locate the following text: server {

listen YourIPAddress:YourPort;

include /usr/local/nginx/conf/ngao.conf; }

4

Add an ssl identifier to the listen directive. For example: server { listen 172.17.38.18:443 ssl; include /usr/local/nginx/conf/ngao.conf; } 14 Setting up an email proxy for Symantec App Center

(15)

5

Add the following lines beneath the listen directive: ssl_certificate /usr/local/nginx/certs/yourcert.crt; ssl_certificate_key /usr/local/nginx/certs/yourcertkey.key; For example: server { listen 172.17.38.18:443 ssl; ssl_certificate /usr/local/nginx/certs/yourcert.crt; ssl_certificate_key /usr/local/nginx/certs/yourcertkey.key; include /usr/local/nginx/conf/ngao.conf; }

6

Type the following command to restart nginx:

#service nginx restart

More information

See“Restricting mobile device access to organizational email”on page 8. See“Installing and registering the email proxy”on page 12.

Creating, configuring, and managing email proxy

clusters

Create email proxy clusters to organize and assign proxies common configurations. In Symantec App Center, email proxy clusters are for shared configuration only. Email proxy clusters are not a cluster in the traditional sense of load balancer or failover.

You must register your proxies before you can add them to a cluster. You can register your email proxy when you install it or later through the command line. See“Installing and registering the email proxy”on page 12.

See“Secure Email Proxy command line tools”on page 25.

(16)

Create and configure a cluster

1

Click Settings > Email Proxy > Create New Cluster.

2

On the General Settings page, specify the cluster settings.

Important: In active mode, the proxy enforces rules when the device is registered and in compliance. Otherwise, access is denied. In passive mode, the proxy behaves the same way as active mode. However, the verdict of which connections would have been permitted if the cluster had been in active mode is recorded in the log. This information lets you test the cluster before you make it active.

Tip: You may want to initially set a cluster to passive mode until you have tested all of the proxies in the cluster.

See“Testing your email proxy”on page 17.

3

Under Traffic Settings, specify the host name, ActiveSync server, and port for the cluster. Also indicate if you want to use SSL.

4

Click Save.

The new cluster appears in the Available Clusters table. Add a proxy to a cluster

◆ Under Available Proxies, locate and drag one or more proxies to a cluster. Tip: To reassign a proxy to a different cluster, unlink the proxy from the cluster first and then add it to the desired cluster. You can't simply drag a proxy to another cluster.

See“Remove (unlink) a proxy from a cluster”on page 17. Edit an existing cluster

1

In the Available Clusters table, click Edit beside the cluster that you want to edit.

2

Make your desired changes, and click Save.

When you make any modifications to a cluster, the services for all of the clusters restart.

(17)

Remove (unlink) a proxy from a cluster

◆ In the Available Clusters table, click the x beside the name the proxy that you want to remove. Then confirm that you want to unlink the proxy from the cluster. The unlinked proxies appear in the Available Proxies list. When a proxy is no longer part of a cluster, it no longer processes data and stops accepting connections. Proxies that have been removed from a cluster continue to check in with App Center on the regular basis for updates in case it's added back to a cluster.

Important: You must unlink every proxy from the cluster before you can delete the cluster.

Delete an existing cluster

◆ When all proxies have been removed from the cluster, in the Available Clusters table, click Delete on the right column of the cluster row that you want to remove. Then confirm that you do want to remove it.

More information

See“Restricting mobile device access to organizational email”on page 8. See“Installing SSL certificates for the email proxy”on page 13.

See“Monitoring the health of your email proxy”on page 22. See“Unregistering your email proxy”on page 23.

Testing your email proxy

Before you create Symantec App Center device policies to use the Secure Email Proxy, you should test it in passive mode first. In passive mode, the proxy allows access to your organization's email, but also logs activity for you to view for troubleshooting purposes.

See“Secure Email Proxy default file locations”on page 26.

(18)

Configure the cluster to passive mode

1

Click Settings > Email Proxy.

2

Select the cluster that contains the proxy you want to test, and click Edit.

3

Change the Mode to Passive, change the Logging Level to Information, and

click Save. Create a device policy

1

Create a device policy.

See“Creating device policies that route email access through your email proxy” on page 19.

2

Make sure that the device policy has the highest precedence. See"Prioritizing device policies".

Attempt email access

◆ From a mobile device, attempt to access your organization's email. The device that you use to test the policy should ...

■ Belong to a person in the target group to whom you've assigned the device policy

■ Meet the device policy compliance rules, if any

■ Contain the email app that you permit in your device policy ■ Have MDM enabled if required per the device policy

■ Contain the native App Center App

(19)

Check the proxy logs

1

On the proxy server, access the logs in the following location: /usr/local/nginx/logs

2

View the logs to determine if email access would have been permitted. Log file entries in passive mode are prepended with the following: [Passive Mode] Decision in Active Mode will be:

Below is an example of what the log files might look like in passive mode: 2014/04/03 14:40:06 [info] 22043#0x00007f872a535700: [EmailProxy] [Passive Mode] Decision in Active Mode will be: Request is blocked:

[EAS:Applxxxxxxxxxx] key does not exist in Redis. User: domain\user1; DeviceId: Applxxxxxxxxxx PolicyId: xxxxxxxxx; UserAgent:

Apple-iPhone3C1/1102.55400001 domain\user1 2014/04/03 14:40:09 [info] 22043#0x00007f872a535700: [EmailProxy] [Passive Mode] Decision in Active Mode will be: Request is blocked: [EAS:Applxxxxxxxxxx] is BLOCKED. User: domain\user1; DeviceId: Applxxxxxxxxxx PolicyId: xxxxxxxxx; UserAgent: Apple-iPhone3C1/1102.55400001 domain\user1 Allowed requests: 2014/04/03 15:35:43 [info] 43678#0x00007f01fdbd2700: [EmailProxy] [Passive Mode] Decision in Active Mode will be: Request is allowed. User: domain\user1; DeviceId: Applxxxxxxxxx; PolicyId: xxxxxxxx; UserAgent:

Apple-iPhone3C1/1102.55400001 domain\user1

Tip: When you've finished your testing, don't forget to delete or modify your test device policy and set your cluster to Active mode.

More information

See“Restricting mobile device access to organizational email”on page 8. See“Creating device policies that route email access through your email proxy” on page 19.

Creating device policies that route email access

through your email proxy

You can create a device policy in Symantec App Center that directs email traffic through your email proxy for the email apps that you allow.

(20)

Create a device policy

1

Click Device Policy > New Policy and specify a name and description for your policy.

2

Add the groups for which this policy applies.

3

Under General Settings, indicate whether MDM is required.

The iOS native email app requires MDM be enabled. The Symantec Secure Email app (for iOS or Android) supports MDM, but doesn't require it. See“Specify which email apps are allowed”on page 20.

Select a compliance rule (optional)

◆ Click the Compliance Rule drop-down list and select a rule. Compliance rules are optional.

See“Blocking email access for non-compliant devices”on page 22. Specify which email apps are allowed

◆ Under Email Settings, do one of the following:

Click the EAS Access Control drop-down list and select an existing configuration.

To use an existing Shared Settings configuration

1 Click New.

2 Type a name and description for this configuration. 3 Select which email apps are permitted.

Tip: The iOS native email app requires MDM be

enabled. The Symantec Secure Email app (for iOS or Android) supports MDM, but doesn't require it. 4 Click Save.

To create a new configuration

Specify the proxy through which to direct email traffic ◆ Configure the options for the email apps that are allowed:

Secure Email app

■ Under Email Settings, do one of the following: To use an existing Shared Settings configuration:

■ Click the Secure Email Configuration drop-down list and select an existing configuration.

To create a new configuration:

(21)

■ Beside Secure Email Configuration, click New.

■ Type a name and description for this configuration.

■ In the Exchange ActiveSync Host field, type the host name or IP address of the proxy or load balancer (if the proxy is fronted by a load balancer).

■ Configure the remainder of the options based on your email proxy server. See"Symantec Secure Email shared policy settings".

■ Click Save. Native iOS email app

■ Under iOS Settings > Exchange Active Sync Configuration, do one of the following:

To use an existing Shared Settings configuration:

■ In the Exchange Active Sync Configuration box, click Add, click the

configuration that you want to use, and click Select. To create a new configuration:

■ In the Exchange Active Sync Configuration box, click New.

■ Type a name and description for this configuration.

■ Type the Exchange Server Name that you want to appear as the email location on the device. In Exchange ActiveSync Host field, type the host name or IP address of the proxy or load balancer (if the proxy is fronted by a load balancer).

■ Configure the remainder of the options as needed. See"iOS shared policy settings".

■ Click Save.

Configure other device policy options

1

Configure any of the other device policy options you require. See"Creating device policies".

2

Click Save.

More information

(22)

Blocking email access for non-compliant devices

You can create device policies in Symantec App Center that block user access to your organization's email if their device is non-compliant.

Configure the compliance rule

1

Create or edit a compliance rule and specify the rule requirements.

2

Under Enforcements, check Block access to email and click Save. Apply the compliance rule to a device policy

1

Create or modify a device policy.

2

Under General Settings, click the Compliance Rule drop-down menu and select the rule that you created.

3

Click Save.

More information

Monitoring the health of your email proxy

Registered Secure Email Proxies check in with Symantec App Center on a regular basis and report their status. You can monitor your proxy status from the Admin Console.

Proxy health is color-coded as follows:

The proxy is registered, but it is not assigned to a cluster. Gray

Healthy

The proxy checked in 10 minutes or less ago. Green

Warning

The proxy hasn't checked in for more than 30 minutes. Yellow

(23)

Error

The proxy has experienced a failure applying configuration updates or applying policies. App Center might have also detected the proxy processes are not running.

Red

If the email proxy can't communicate with App Center, Access is based on the last known device policy. Important: Access is allowed during this time even if the device becomes non-compliant. But users who are blocked email access continue to be blocked. After the proxy restarts, users are allowed/blocked access based on the most current device policy.

Monitor the health of your proxies

1

2

In the Available Clusters table or the Available Proxies list, click on the name of the proxy you want to see more information about.

Details about that proxy along with all of the other proxies in the cluster appear. This information includes the date and time of the last check-in, the status of the proxy, and any available information about the proxy.

3

For additional information, check the proxy logs. By default, the proxy logs are in the following location: /user/local/nginx/logs

More information

Unregistering your email proxy

When you unregister Secure Email Proxy from Symantec App Center, the following events occur:

■ The proxy no longer checks in with Symantec App Center

■ It stops accepting connections

■ Policy, configuration, and user data is deleted

■ The proxy no longer appears on the Settings > Email Proxy page in the App Center Admin Console

You must unregister the email proxy before you uninstall it. See“Uninstalling your email proxy”on page 24.

(24)

Remove the proxy from the cluster

1

2

In the Available Clusters list, locate the proxy that you want to unregister and click the x beside the name.

You must unlink the proxy from the cluster before you can unregister it.

3

Confirm that you want to unlink the proxy from the cluster.

Unregister the proxy

1

In the Available Proxies list, locate the proxy that you want to unregister and click the x beside the name.

2

Confirm that you want to delete the proxy.

More information

See“Restricting mobile device access to organizational email”on page 8. See“Creating, configuring, and managing email proxy clusters”on page 15. See“Secure Email Proxy command line tools”on page 25.

Uninstalling your email proxy

Before you uninstall Secure Email Proxy, you must unregister the proxy from Symantec App Center first.

See“Unregistering your email proxy”on page 23.

If you install the email proxy with the default settings, the uninstall script performs a clean uninstallation of the nginx directory removing Secure Email Proxy and its related files. If you modified the location of installation and log files, all email proxy files may not be removed during uninstallation. In that case, you'll need to locate and manually delete these files when you permanently uninstall the email proxy. A user and group account are created when you initially install Secure Email Proxy. The default user and group account names are bothsymc-proxy, but you can customize these names. You may want to remove the user and group account names if you permanently uninstall the email proxy. However, make sure that you don't inadvertently remove possible shared accounts.

(25)

Run the uninstall script

1

Change directories to the directory that contains the uninstall.sh script. The default location of the uninstall.sh script is:

/usr/local/nginx/scripts

Tip: If you cannot run the uninstallation from the uninstall.sh scripts folder for any reason, you can mount the email proxy .iso file and use the setup.sh script to uninstall.

2

Type the following command:

#./uninstall.sh

More information

See“Restricting mobile device access to organizational email”on page 8. See“Secure Email Proxy default file locations”on page 26.

Secure Email Proxy command line tools

Modify Secure Email Proxy after installation through the command line using the configure.sh script. The nginx service automatically restarts after the command finishes executing. The default location of the script is as follows:

/usr/local/nginx/scripts The usage is as follows:

#/configure.sh [OPTIONS] {TOOL}

Table 1-2lists the tools that you can execute using the configure.sh script. Table 1-2 Configure.sh tools

Description Tool

Configures the network parameters. The configuration script prompts you for the network interface and port that receives/transfer data.

network

Configures the listening parameters of your proxy. The configuration script prompts you for the listening parameters of the proxy: IP, port, SSL (on or off).

proxy listen

Checks to see if your proxy server is registered. proxy registration check

(26)

Table 1-2 Configure.sh tools (continued) Description Tool

Provides the parameters to register your proxy with App Center.

You can type all of the parameters to register your proxy or let the script prompt you.

proxy registration [App Center

URI] [proxy name] [username] [ password]

Displays the password used by Redis. redis display_password

Generates a new password for Redis. redis new_password

Configures the Redis port. redis port [port number]

More information

Secure Email Proxy default file locations

Table 1-3lists the default location for Secure Email Proxy files. Table 1-3 Secure Email Proxy default file locations

Location File /usr/local/nginx Secure Email Proxy /usr/local/nginx/scripts configure.sh and uninstall.sh files /var/lib/SYMC.inventory setup.sh installation data and log files

/usr/local/nginx/sbin Main binary files

/user/local/nginx/conf Configuration files /usr/local/nginx/certs Security certificates 26 Setting up an email proxy for Symantec App Center

(27)

Table 1-3 Secure Email Proxy default file locations (continued) Location

File

/usr/local/nginx/logs

The log files contained in this folder are as follows: ■ error.log

Contains logs on users and devices which are blocked or allowed by the proxy

■ controller.log

Contains logs on proxy communication with App Center ■ registration.log

This log is written during the proxy registration process with App Center

■ redis.log

Internal database process logs Nginx log files

More information

See“Restricting mobile device access to organizational email”on page 8. See“Uninstalling your email proxy”on page 24.

Symantec Secure Proxy Administration Guide

Legal Notice

Technical Support

Contacting Technical Support

Licensing and registration

Customer service

Support agreement resources

Setting up an email proxy

for Symantec App Center

Restricting mobile device access to organizational

email

Next

Setting up the email proxy

More information

Get started

Selecting your email proxy deployment model

Next

More information

Installing and registering the email proxy

What you'll need

1

2

3

Next

More information

Installing SSL certificates for the email proxy

1

2

3

4

5

6

Next

More information

Creating, configuring, and managing email proxy

clusters

1

2

3

4

1

2

Next

More information

Testing your email proxy

1

2

3

1

2

1

2

Next

More information

Creating device policies that route email access

through your email proxy

1

2

3

1

2

Next

More information

Blocking email access for non-compliant devices

1

2

1

2

3

More information

Monitoring the health of your email proxy

1

2

3

More information

Unregistering your email proxy

1

2

3

1