GWAVA (Secure Messaging Gateway)
Need to migrate from GWAVA 6.x to SMG, how can this be done to avoid a messy and hard to manage policy once moved to SMG?
There is a migration utility to move from GWAVA 6.5 to SMG, but if there are a lot of different settings in GWAVA 6.5 making it harder to manage later on. However, if you don't have a lot of exceptions and if this way is preferred, here's a link to it: GWAVA 6.x to SMG
Here are some steps to do a manual migration for a single server:
1) Install the SMG server as a new install: Link to admin guide for installation.2) Set up a new policy using the policy wizard. It is recommended to set up a separate one for outbound as well. Link to admin guide for policy management - look under SMTP Policy Create With the Wizard.Tip for outbound policy: Be default, there are several nodes that aren't usually needed for outbound scanning. After installing it using the wizard, go into the policy and remove any nodes that aren't needed.A) Go under Organization / Policy management | Policy scan configuration | Outbound Mail Filter PolicyHere is what is installed with the wizard:B) Click on the garbage can icon on the top of each node that needs to be removed and then click ok to confirm:Here is an example of a recommended outbound policy:It is important to keep the 'Message Received', 'Statistics Recording' and 'Message Tracker' nodes. These are needed for stats and tracking purposes. Also, the 'Message Received' node is commonly misunderstood. It simply means this policy received it, it does not mean it's for inbound when it's on an outbound policy.
3) Open the GWAVA 6.x management console UI and the SMG system administration UI, to copy settings from one to the other.4) Install the SMG license.The pem file for GWAVA 6.x will not work with SMG. The validation key for SMG can be found after logging into customer centerGo to https://licenses.gwava.com to register and download a SMG pem file. This can then be installed in SMG under system management | licensing:5) From the GWAVA 6.5 UI under Server / Interface Management | <server name> | server management | Configure server | General. Check the 'Administrator's email address' and 'Keep log files for (days)' to match it on SMG.These settings can be found in SMG under:Admin email address is located under Organization / Policy Management | Settings | Administrator's email address:Days to retain log files is located under System Management | Manage servers | <server name> | Days to retain log files6) Go back to GWAVA 6.5 UI, still under Configure server | QMS configuration | Days to retain messages. The default on GWAVA 6.5 is 30 days.The default on SMG is 60 days. If this needs to be changed on SMG, login to the SMG quarantine UI and go to Settings | Message Retention and change Days to retain messages in quarantine:7) Go back to GWAVA 6.5 UI, still under Configure server | SSL configuration. If this is blank proceed to the next step. If there are certificates listed here, they will need to be copied onto the SMG server and the following TID will need to be done:If it a certain certificate is needed for the UI follow this TID:8) Go back to GWAVA 6.5 UI | Server / Interface Management | <server name> | server management | Configure domains.If there is more than one domain listed, they will need to be added in SMG. One would have been added during the initial install of SMG already. This can be done by going to the SMG system admin. UI | Organization / Policy Management | Domain managementAdd the missing domains here. Click on this link to the manual about domain management if needed.9) If you use GWAVA as an outbound relay for any of your servers, go back to GWAVA 6.5 UI | Server/Interface Management | SMTP Scanner | Interface Settings | Trusted outbound relayIn SMG system admin UI | Module Management | Interfaces | SMTP Interface Manager | Relay/Host protectionNote that by default "127.0.0.1", "10.*", "172.16.0.0/12", "192.168.*.". will be in this list. Those can be left or removed depending on your environment. Please see documentation for further information.10) Go back to the GWAVA 6.5 UI | Server/Interface Management | SMTP scanner | Interface Settings | Show optional SMTP settings. If there is something listed for "Connection Greeting (banner)" or "EHLO hostname", then that will have to be put in SMG as well. If nothing is listed, please proceed to next step.In SMG system admin UI | Module Management | Interfaces | SMTP Interface Manager | Protocol. Put the "Connection Greetting (banner)" from GWAVA 6.5 in the "SMTP banner" section for SMG. Put "EHLO hostname" from GWAVA 6.5 in both the "Custom EHLO response" and the "Forwarded EHLO/HELO response" in SMG.11) Go back to the GWAVA 6.5 UI | Server/Interface Management | SMTP scanner | Interface Settings | Show optional SMTP settings | Maximum SMTP DATA line length. Make note of the number (default is 1000).In SMG system admin UI | Organization/Policy Management | Domain Management | <domain name> | SMTP Hosts | Line Limit. Default is 1000 in SMG as well. If this default worked for your system before then you can leave it as is. If not, change it to what you had in GWAVA 6.5.12) Go back to the GWAVA 6.5 UI | Scanner/Policy Management | Scanning Configuration | Anitivirus. Check to see if the service is enabled. Check the scan result action. By default the "Block the message" is checked and "Quarantine the message" is not checked.In SMG system admin UI | Organization/Policy Management | Policy Scan configuration | Inbound Mail Filter Policy. Find the Anti-Virus filter. There should be a red link to the Quarantine with the read hand. The red hand means don't quarantine.