Virtual PPS Server Master one agent cluster setup

Specify VMware configuration

VMware requirements – Standard configuration is a single Master /Agent cluster

 Typical Master VM resource configuration

non-filtering virtual master (8GB VM-2, 250GB disk)
Guest OS : Linux , version: Centos 5/6 (64bit)

 Typical Agent VM resource configuration

1 virtual agent (8GB VM-2, 80GB disk)
Guest OS : Linux , version: Centos 5/6 (64bit)

OVF download link

250 GB disk size image –

https://support.proofpoint.com/download/8.0.1.1446_VMWare_Images/pps-8.0.1.1446-1368-
250GBovf. zip

80 GB disk size image –

https://support.proofpoint.com/download/8.0.1.1446_VMWare_Images/pps-8.0.1.1446-1368-
80GBovf. zip

Specify POC environment

With external Internet access

 Requires MX domain external IP pointed to Agent or Master if using a single system.

External IP NAT add to internal IP
 Master and agent ports to be opened. Master /Internet:-
25 - SMTP to/from internet
443 - HTTPS to internet – update2.proofpoint.com, pdus.proofpoint.com
80 - HTTP to internet
53 - DNS to internet
123 - NTP to internet

Agent / internet

25 - SMTP to/from internet

443 - HTTPS to internet
80 - HTTP to internet – zerohour.proofpoint.com
53 - DNS to internet
123 - NTP to internet

Master/Agent
10000 - Master to Agent - Commands, Configuration
10000 – Agent to Master - logs
3306 – Both directions - Database Replication
10010 - Agent to master - Quarantine

Agent to Mailbox Server

25 - both directions

Master/End User
10020 – End user to Master – EU Wed for Quarantine
443 – End user to Master
Agent/End User
443 – End User to Agent – Encryption Secure Reader
OVF install

Startup vSphere Client

Take File>>Deploy OVF Template

Browse to location where you stored the ovf files. Click next to continue

Verify VMware instance setting are correct. Click next to continue

Give you VM instance a description name then click next

Confirm storage type is correct. Click next to continue
 Confirm summary information are correct. Click Finish to continue

You should see a deployment progress popup as the above two screen shots
New VM instanced created
Initial Command Setup Assistant Guide of PPS server

Start the VM instance to begin the initial setup.

Default initial login and password:
Login: admin
Default Password: password

Take Yes
Change default password to new one. Enter a strong password of your choice using the format instructed.

Password successfully changed

Select “Yes” to change network settings

Enter “yes“ to continue with network settings

Enter IP address for the master PPS

Enter network mask or the enter key to accept default of 255.255.255.0

Enter “y” for auto negotiate

Enter your default gateway’s IP address

Enter hostname (do not include domain at this point). Just the actual hostname part.

Now enter the domain part

Enter your DNS server IP address

Enter your secondary DNS IP address if you do use one. Otherwise press enter to leave blank
Enter your Tertiary DNS IP address if you do use one. Otherwise press enter to leave blank

If your Master and Agent FQDN are not already provisioned in your DNS server , you should enter them here to
allow the PPS master and Agent to resolve the hostname from the local /etc/hosts file. In order for the Master to
add the Agent in to the cluster, both the Master FQDN and Agent FQDN must resolve either from your DNS server
or from the /etc/hosts file. Failure to resolve hostname will result in the Master not being able to add the Agent.
Example format is:

192.168.0.124 pps-master2.kinnet.co.uk
192.168.0.126 pps-agent2.kinnet.co.uk

If your FQDN hostnames are already entered in your DNS servers and can be resolved using nslookup, enter a
blank and press enter to continue (In my case my DNS server is correctly setup)

Important

It is important to make sure your master and agent FQDN are provisioned in your DNS server. If your DNS is not
setup correctly to resolve both the pps master and pps agent FQDN hostnames, It is important to enter the
hostname override value to map the IP address and hostnames of both the master and agent. These hostname
override entries are used to populate the /etc/hosts to allow local name resolutions. This step would ensure the
Master and Agent can resolve each other’s FQDN allowing you to later instruct your DNS server team to provision
them properly in your DNS server.

If you are using the hostname override route and you have multiple Agents to add to the cluster, during each
Agent’s initial setup, you must at least have the Master FQDN and the Agents FQDN entered in the hostname
override field during that Agent’s initial setup.

Finally confirm the network settings with “yes”

Applying configuration changes takes a while. About 5 mins.
Another 1-2 minutes for the Rebuilding and Restarting buffers. Finally it’s done and you will see the above screen
to use your browser to login and start the Web Setup Wizard using https://192.168.0.124:10000

Go ahead and do the Web Setup Assistant Guide before doing the agent.

Press enter to continue.

You should arrive at the above command line Main Menu where the initial setup is now complete.
Step 5 – Web Browser Setup Assistant Guide configuration

Security warning screen since the PPS login site uses a self-generated certificate
Login in using the admin account and new password you set during the initial setup.

Click next to continue.

Scroll to bottom of licence agreement, click I accept the terms of the licence agreement, click Next to continue.
Select the Appliance Type as Master or Agent. Select master if this is going to be the Master Console. Select Agent
if this node is going to be an Agent.

Then enter the Activation ID that was provided to you via the welcome letter.
Click next to continue.

Verify and make any changes to your IP information then click next to continue.
Verify and make any changes to your network DNS information then click next to continue.

Important

It is important to make sure your master and agent FQDN is provisioned in your DNS server. If your DNS is not
setup correctly to resolve both the pps master and pps agent hostnames, it is important to enter the hostname
override to map the IP address and hostnames of both the master and agent. This hostname override entries gets
entered in the /etc/hosts to allow local name resolutions.

For example:
If you are using a HTTPS proxy, enter the credentials via the Use Proxy radio button

Otherwise just select Do not use proxy then click next to continue.
Click the Add button to add an inbound mail route
Enter the internal domain name to accept emails for.
Enter IP address of the mailbox server to deliver the email to. Alternative you can enter a FQHN but make sure it is
resolvable via DNS.

Enter IP address of allowed IP that will relay emails for your domains for outbound emails.
Set your language for the Administration UI and the Time zone.
Set the email profile that will be used for sending PPS email alerts.

Set the email mailbox that will receive the pps servers alerts
Finally you can press Finish to finalize the Setup Assistant Guide.

Setup and configuration progress…

Reached the Activation and critical point..

On successful activation and installation, you will see this screen

When you click the Ok button, you will arrive at the above administration screen. You are all done and have
completed the master installation.
Agent Installation

Repeat above to install the OVF for the Agent

Agent command line Initial Setup Assistant Guide

Enter initial default login.

Login: admin
Pw : password
if your Master and Agent FQDN are not already provisioned in your DNS server , you should enter them here to
allow the PPS master and Agent to resolve the hostname from the local /etc/hosts file. In order for the Master to
add the Agent in to the cluster, both the Master FQDN and Agent FQDN must resolve either from your DNS server
or from the /etc/hosts file. Failure to resolve hostname will result in the Master not being able to add the Agent.

Example format is:

192.168.0.124 pps-master2.kinnet.co.uk
192.168.0.126 pps-agent2.kinnet.co.uk

If your FQDN hostnames are already entered in your DNS servers and can be resolved using nslookup, enter a
blank and press enter to continue (In my case my DNS server is correctly setup)

Important

It is important to make sure your master and agent FQDN are provisioned in your DNS server. If your DNS is not
setup correctly to resolve both the pps master and pps agent FQDN hostnames, It is important to enter the
hostname override value to map the IP address and hostnames of both the master and agent. These hostname
override entries are used to populate the /etc/hosts to allow local name resolutions. This step would ensure the
Master and Agent can resolve each other’s FQDN allowing you to later instruct your DNS server team to provision
them properly in your DNS server.

If you are using the hostname override route and you have multiple Agents to add to the cluster, during each
Agent’s initial setup, you must at least have the Master FQDN and the Agents FQDN entered in the hostname
override field during that Agent’s initial setup.
Adding Agent to the Master

Login to Admin Gui

Go to Systems>> Servers
Click Add Agent
Adding Server can take up to 8mins.

When done, the screen will look like the above.

Now configure mail routing for agents by selecting the Server drop down.

When saving configuration to agents, the above popup appears.

Double check Inbound domain mail routing

1. Goto System>>Inbound Mail

2. Review /modify/add other relevant domains and delivery to mailbox servers

Double check outbound allowed relays

1. Goto System>>outbound Mail

2. Review /modify/add other relevant domains and allowed relays. Subnet using the dot
format as shown below
Appendix B

Setting up the PPS as an Agent via the Browser

Important
If for any reason you have not correctly setup Agent’s FQDN in your DNS server and also missed to enter FQDN via
the Hostname override stage during the Agent Initial Setup, you can still configure the Agent appropriately via the
Browser.

Connect to your Agent using the following URL address format:

https://<agents IP address>:10000

Repeat Step 5 above which shows a Master Setup you instead select the Appliance type to be an Agent. Screen
example below shows the selection options for Appliance Type.
Secondly on the DNS setting screen, you should then enter the hostname override that will populate the /etc/hosts
file in your Agents OS. Screen example below shoes the hostname override options.
Continue the Agent setup and finish to the end as above.

When successful completing the Web Browser Setup Assistant Guide steps, you can go ahead and add the agent to
the Master’s cluster.