Planning Your Implementation › Network Considerations

Network Considerations

CA Gateway Security requires one network interface card (NIC) on the computer on which it is installed.

CA Gateway Security does not need to be a default gateway or a physical buffer between the external and internal network. CA Gateway Security acts as an HTTP and FTP proxy and is actually a relay server for SMTP. You can install CA Gateway Security on any computer in your organization as long as the computer can access the following:

• DNS for MX queries
• Company SMTP mail server
• Internet for mail access
• User's proxy connections
• Antivirus signature updates and all subscription updates (for example URL filtering and dictionaries)

Note: To enable web updates, your firewall must allow an FTP connection from the CA Gateway Security computer to the Internet to obtain antivirus signature updates and an HTTPS connection from the CA Gateway Security computer to the Internet to obtain URL filtering updates.

For network connections between CA Gateway Security components, consider the following:

• When there is firewall buffering between different components of CA Gateway Security, verify that each CA Gateway Security component has access to TCP/IP port 1882. CA Gateway Security components use this port for internal communication.
• For CA Gateway Security components installed on different computers, make sure that all CA Gateway Security computers have a valid reverse name resolution, which is necessary for internal communication between CA Gateway Security components. This capability is used in a network configuration in which some components are installed on the DMZ and other components are installed on your local network.