NwTech, Inc.
                                     
   
ES4000 Email Security Appliance
Frequently asked questions (FAQs)

The following list of frequently asked questions about the ES4000
Email Security Appliance is updated with answers from Sophos support engineers.
General
What is the ES4000 Email Security Appliance?
What is the turnaround time for evaluation appliances and replacement components?
What is the pricing and licensing structure?
What organization size is the ES4000 suitable for?

Network requirements and specifications
What network infrastructure does the ES4000 require?
What are the ES4000's hardware specifications?
How is email protected by Sophos?
What anti-spam measures does the ES4000 use?
What software is installed on the ES4000?
Do I need UNIX experience to use the ES4000?
Does the ES4000 support Active Directory?

Deployment
How do I configure the ES4000?
If I evaluate the ES4000, will I have to re-install it for regular service?
How do upgrades and updates work?

Email management/administration
How does an IT administrator manage the ES4000?
Is there command line access?
What kind of policy control is included in the ES4000?
How are the components of the ES4000 integrated?
Can someone without administration privileges quarantine infected files?
How can administrators review and manage policy, reports and logs?
What kind of reporting does the ES4000 provide?
Can the administrator use external applications to run custom reports?

Performance
What is the ES4000's peak load performance?
How does the quarantine work?
How does the quarantine backup work?
How is system health monitored?
Why types of alert are sent to Sophos Support?

Support and Service
How is the ES4000 supported?
What technologies are used to support the ES4000?
What if I need further assistance?
How does Sophos maintain security during remote assistance sessions?
Can remote monitoring be disabled?
What kind of support is included during evaluation?
Are support contracts different, depending on the issue?
What is the warrantly on the ES4000?
How do I migrate from other Sophos products to the ES4000?

General
  • What is the ES4000 Email Security Appliance?
    The ES4000 Email Security Appliance is an SMTP appliance designed to deliver effective and reliable protection against email-borne threats, including viruses, spam, spyware, Trojans, phishing and other harmful inbound or outbound email. Compact and easy to manage, the ES4000 features a hardened operating system with optimized software, automatic updates, a highly functional user interface and preset policy options.
  • What is the turnaround time for evaluation appliances and replacement components?
    Within North America and Europe, you should receive a ready-to-test evaluation unit within 48 hours of Sophos receiving an approved request (plus any shipping/custom delays beyond our control). Outside North America and Europe, you should allow for up to five days for delivery, plus an additional 48 hours for customs clearance.
  • What is the pricing and licensing structure?
    There is one price for the hardware, and a separate per user/per year price for licenses and support. For complete pricing and licensing information, contact us at sales@nwtechusa.com.
  • What organization size is the ES4000 suitable for?
    Each ES4000 can handle up to 40,000 messages per hour, and is ideal for organizations that value:
    • strong, enterprise-grade email security
    • smart, easy-to-use administration control
    • real visibility into system performance for better decision-making and reporting
    • assurance that both hardware and software are constantly maintained and monitored


Network requirements and specifications
  • What network infrastructure does the ES4000 require?
    The ES4000 is a compact 1U design requiring only one slot in a standard server rack. It has two power supplies.
  • What are the ES4000's hardware specifications?
    The ES4000 is built for high performance, with on-board redundancy. Its hardware specifications are:
    • Two Intel Xeon 3.2 GHz 64-bit processors
    • Dual hot-swap 146 GB hard drives - RAID1
    • Dual hot-swap 540 W power supplies (100-240 V, 60-50 Hz)
    • 2GB memory
  • How is email protected by Sophos?
    Threat protection is delivered by SophosLabs, our global network of threat analysis centers. We collect the data, operate the labs 24/7, own the technology and deliver the service. This integrated approach to security provides a unique ability to respond to today's multi-vector attacks.
  • What anti-spam measures does the ES4000 use?
    The ES4000 features a multi-layered approach to spam detection, utilizing a range of techniques that are automatically balanced for optimum performance and minimum latency. These techniques include reputation filtering, Genotype detection, heuristics, checksum-based spam identities and URI (Uniform Resource Identifier) filtering. This "cocktail" methodology covers a wider range of spam characteristics, making it harder for spammers to evade our filters and yielding a higher catch rate, with far fewer false positives.
  • What software is installed on the ES4000?
    The ES4000 features the following software components, which are fully optimized, controlled and automatically updated by Sophos:
    • Sophos anti-virus engine
    • Sophos anti-spam engine
    • Sophos IP Block Lists (for reputation filtering)
    • Web-based dashboard and management console
    • Alerting and notification system
    • Postfix MTA (mail transfer agent)
    • Hardened FreeBSD operating system
  • Do I need UNIX experience to use the ES4000?
    No UNIX experience is required. The operating system is hardened and locked down for optimum performance. There is no need for command line access, as all administrative functions are easily accessed through the web-based management console.
  • Does the ES4000 support Active Directory?
    Yes. The ES4000 automatically detects common Active Directory (AD) settings and configurations, enabling policy enforcement and authentication by user. The ES4000 synchronizes with Active Directory to ensure that email continues to flow if the AD server fails, and notifies the administrator of a failure via email and on the system status page of the management console. Active Directory is currently the only authentication protocol supported. Administrators can import user lists from other systems or enter them manually. SMTP recipient validation is used in the absense of LDAP authentication.


Deployment
  • How do I configure the ES4000?
    A QuickStart Guide is shipped with the ES4000 to help you to complete configuration with the aid of a simple wizard-based setup accessed via a web browser.
    By contrast, most competing products require at least two days on-site professional services and often need additional days for subsequent updates. From first boot-up, customers will have instant gateway protection that is fully optimized, with built-in redundancy - the easiest, fastest and safest deployment available on the market today.
  • If I evaluate the ES4000, will I have to re-install it for regular service?
    No. The ES4000 includes built-in evaluation modes, which enable an easy switch from evaluation to pilot, and operational modes.
  • How do upgrades and updates work?
    The ES4000 automatically applies threat definition updates and software upgrades. Customers choosing to install non-critical software upgrades manually will be notified of their availability, and will receive timely notifications of any delays. All software upgrades will be automatically installed after 30 days.


Email management/administration
  • How does an IT administrator manage the ES40000?
    The ES4000 features a finely tuned management console that is accessible from any modern web browser, offering a secure connection between the GUI (graphical user interface) and the appliance.
  • Is there command line access?
    No. The administrative functions are performed through the web-based management console, so no command line access is required.
  • What kind of policy control is included in the ES40000?
    Because it is based on the award-winning PureMessage software, the ES4000 incorporates best practice default policy settings and a range of other optional setitngs. These capabilities reduce time spent on setting policy and enhance the ease of use.
  • How are the components of the ES4000 integrated?
    We own and control all mission-critical security components, right down to the operating system and MTA. These components are completely integrated and fully optimized, offering higher capacity and more reliable performance than the multiple applications from different vendors patching together on most competitive appliances.
  • Can someone without administrative privileges quarantine infected files?
    No. However, any file found to contain a virus is immediately blocked, thereby preventing access and any further infection. The administrator is then informed.
  • How can administrators review and manage policy, reports and logs?
    The most important day-to-day tasks and reports are directly available to administrators via the web-based management console dashboard. The dashboard provides easy control of the email gateway and an instant view of system performance, with advanced monitoring and reporting of mail traffic trends and protection status.
  • What kind of reporting does the ES4000 provide?
    The web-based management console offers easily accessible, function and quick contextual reporting designed for specific audiences in your organization (e.g. CIO, CTO, CEO). The ES4000 can convert statistics into intelligent reports that not only tell you waht's happening, but how it affects your organization and what it really means for your email network security.
  • Can the administrator use external applications to run custom reports?
    No. The administrator can only use the reports included with the management console to view system data. However, many reports do allow the administrator to set parameters.


Performance
  • What is the ES4000's peak load performance?
    Sophos has a reputation for fast anti-virus scanning (176% faster than Kaspersky, 160% faster than McAfee and 178% faster than Symantec). The ES4000 is designed specifically for enterprise-class performance. Robust hardware, optimized anti-spam and anti-virus scanning and reputation filtering enable the ES4000 to handle high message volume and unusual traffic surges of up to 1 million messages per day.
  • How does the quarantine work?
    The ES4000 features an on-board quarantine, eliminating the need for additional storage capacity on other servers and reducing the total cost of ownership. The ES4000 also provides the administrator with powerful message forensics, including the ability to track messages, both in logs and in the quarantine. This greatly reduces the time spent dealing with lost-message inquiries and frees the administrators for more critical business tasks.
  • How does the quarantine backup work?
    The ES4000 is configured by the administrator to back up the quarantine to a network location of their choice via FTP (File Transfer Protocol). As soon as the disk usage reaches 85% (quarantine plus logs), data is automatically backed up to restore disk usage to no more than 70%. This feature ensure that the ES4000 never runs out of onboard storage space.
  • How is system health monitored?
    The ES4000 monitors its own health and protection status, and also features remote monitoring technology that lets us track the appliance's connection status. Administrators have instant visibility of hardware health and protection status through the management console. In the event of hardware disruption, or protection becoming out of date, we are alerted and the administrator is sent an email alert.
  • Why types of alerts are sent to Sophos Support?
    The system checks to make sure each license appliance is using the most up-to-date protection, and alerts the administrator and Sophos Support in the event of a software anomaly or hardware component failure to ensure the quickest resolution possible. No information about mail flow or message content is passed on to Sophos.


Support and service
  • How is the ES4000 supported?
    We provide the industry's best technical support exclusively for enterprises, with 24/7 assistance on the hardware, operating system, and all software components. We will respond directly to every support request, regardless of its nature.
    The ES4000 is equipped with advanced monitoring and on-demand remote assistance technologies that deliver a new and truly superior customer support experience. These technologies ensure that every installed appliance is kept fully up to date and at its operational peak, with minimal administrative involvement.
  • What technologies are used to support the ES4000?
    Using advanced embedded technology, the ES4000 communicates with Sophos Support every five minutes, automatically receiving anti-virus and anti-spam updates and reporting on protection status. If an unusual traffic spike or hardware failure condition is detected, such as an out-of-date anti-spam engine or a failing hard drive, we will proactively initiate the appropriate support procedures, often before your administrator even realizes that there is a problem.
  • What if I need further assistance?
    ES4000 administrators can initiate a reverse-tunnel SSH (Secure Shell) connection directly to Sophos Support. Open for four hours, this connection grants Sophos engineers remote access to the appliance for quicker issue resolution. Sophos Support does not have any access to the appliance unless it is initiated by the customer. The SSH connection can be renewed by the administrator if required.
  • How does Sophos maintain security during remote assistance sessions?
    Unless initiated by the customer, Sophos Support does not have any access to the appliance. Acceptance of the remote connection request is fully logged (request source, time, date, location etc.) together with all Sophos Support keystrokes and mouse clicks. The SSH connection automatically closes after four hours.
  • Can remote monitoring be disabled?
    No. Remote monitoring of protection status is an automated function designed to maintain the highest level of email gateway protection possible.
  • What kind of support is included during evaluation?
    Sophos will provide online and telephone support to assist customers with all aspects of the appliance throughout the evaluation period.
  • Are support contracts different depending on the issue?
    No. Unlike the competitors, Sophos provides a single source for updates and support of software and hardware. Customers only need to make one call for support relating to spam, viruses, spyware, filtering, operating system and hardware.
  • What is the warranty on the ES4000?
    Each appliance comes with a hardware advance replacement warranty of up to three years, provided an active software license agreement is in place to help your customers keep their networks up and running, even in the event of hardware failure.
    If a hardware component or entire appliance requires replacement at any time during the warranty period, we will cover the costs of the new appliance and delivery. The customer is responsible for the cost of returning the failed unit/component.
  • How do I migrate from other Sophos products to the ES4000?
    We will assist you with the transition from previous software solutions to the ES4000 by applying any outstanding licensing credit against the purchase price of your appliance.




Home | Products | Downloads | Support | Contact Us

Friday, May 09, 2008   ©2008 NwTech, Inc. All rights reserved.