Web Security - Prerequisites

Updated

This article summarizes the prerequisites needed for Mimecast Web Security, and is intended for use by Administrators.

Using this and the following Related Articles, you will be able to:

      • Ensure your devices and network meet the required prerequisites.
      • Create exceptions for trusted domains and IPs to bypass Mimecast Web Security.
      • Set up policies.
      • Configure and define your location, including egress IP address.
      • Install and verify a Mimecast SSL Certificate to enable you to display block and warning pages for sites using SSL (Secure Sockets Layer).
      • Configure your DNS Forwarders or gateway to use the Mimecast servers.

Prerequisites

To use the Mimecast Web Security feature, the prerequisites described below must be met.

Administration Console

To configure Mimecast Web Security, you need to have a role of Basic Administrator or higher.
If you're using a custom role, it must have access to the following Administration Console menu items:
      • Gateway | Policies (Write access)
      • Web Security (Write access)
      • Directories | Profile Groups (Read access)
      • Directories | Directory Groups (Read access)

Firewall configuration

Your firewall must be configured to allow requests to pass through port 53 for Network Level Protection and port 443 for the Mimecast Security Agent. For example:

Description Destination Source Port
Network Level Protection 41.74.203.10/32 & 41.74.203.11/32 TCP/UDP 53
Mimecast Security Agent 41.74.203.10/32 & 41.74.203.11/32 TCP 443


This is to ensure traffic for these devices isn't intercepted or filtered elsewhere on the network.
Although the Mimecast Web Security gateway servers are distributed worldwide, the IP addresses are registered in South Africa.

When a custom WebProxy is used in your organization, a Mimecast IP Bypass/Allow policy or rule must be created. The Mimecast IP addresses are at Data Centers & URLs.

Mimecast API URL for the Mimecast Security Agent

This step isn't required for most environments but is recommended. If you intend to use the Mimecast Security Agent, you must allow HTTPS requests to the *api.mimecast.com URL. This covers the following regional API URLs:

Region API URL
Europe (excluding Germany) eu-api.mimecast.com
Germany de-api.mimecast.com
United States of America us-api.mimecast.com
United States of America - B usb-api.mimecast.com
Canada ca-api.mimecast.com
South Africa za-api.mimecast.com
Australia au-api.mimecast.com
Offshore jer-api.mimecast.com

Network level protection

You must

      • Know your egress IP when configuring your Mimecast Web Security gateway locations. The egress IP is the public IP address used to send requests and must be in CIDR format. See the Configuring Locations page for further information.
      • Have a static egress IP.

        Dynamic egress IPs are not supported.

      • Have administrator rights to your network devices and DNS server. See DNS Forwarders / Gateway.
      • Install the Mimecast SSL certificate on network-connected devices. See Mimecast SSL Certificate.

Web browsers

Browsers must have cookies enabled to display block pages. If cookies are disabled, block pages won't display.

Mimecast Security Agent

You must

      • Have administrator privileges to install and set up the Mimecast Security Agent.
      • Managed endpoint systems must use a Network Time Provider to ensure accurate system clocks.
      • Ensure communication from the Mimecast Security Agent to Mimecast via API URLs isn't blocked. See the Firewall section.
      • Ensure you have Created an Authentication Key - see Mimecast Security Agent Settings.

You should

Supported OS Matrix

Operating System Supported VDI Solutions (e.g., Citrix, VMware)
Windows 11 (Pro/Enterprise)
Windows 10 (Pro/Enterprise)
Windows 7 / 8.1 (Pro/Enterprise)		 Yes Yes
Azure Windows 10 Multi-Session (Virtual Desktop)
Windows Server 2022
Windows Server 2019
Windows Server 2016
Windows Server 2012 R2

Yes (MSA v1.6 or later required)

 Yes 
macOS 10.13 to macOS 10.15, macOS 11, macOS 12, macOS 13, macOS 14. Yes N/A
iOS 12 + Yes N/A
Android OS No N/A
Chrome OS No N/A
Linux OS No N/A

Windows Home Edition version is not supported as it doesn't support the enterprise features of MSMQ.

Prerequisites for supported Mimecast Security Agent applications

Application Prerequisites
Mimecast Security Agent for Windows
  • For the Mimecast Security Agent to work correctly, the Messaging Queue (MSMQ) feature in Windows needs to be configured correctly. See the Message Queuing (MSMQ) page on Microsoft's site for more information.
  • You must have .NET Framework version 4.5.2 or higher.
  • You may be prompted and required to install additional software, including Visual C++.

See Mimecast Security Agent for Windows and Mimecast Security Agent for Windows Server.
Mimecast Security Agent for MacOS
The oldest supported OS version is macOS Sierra (10.13).
The newest supported OS version is macOS Sonoma (14).
Mimecast Security Agent for iOS
  • iOS 12 or higher 
  • The device must be in Supervised mode
  • Managed by EMM/MDM
See Mimecast Security Agent for iOS.


For detailed information on how to configure, optimize, integrate, and troubleshoot, see the Web Security Knowledge Hub.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.