To use the Mimecast Web Security feature, the following prerequisites must be met:
To configure Mimecast Web Security, you need an administrator role that has basic administrator role or higher. If you're using a custom role, the logon must have access to the following Administration Console menu items:
|Menu Item||Access Required|
|Gateway | Policies||Write|
|Directories | Profile Groups||Read|
|Directories | Directory Groups||Read|
Your firewall must allow requests to pass through port 53 to the Mimecast Web Security gateway servers. For example:
- Source: UDP/TCP port 53
- Destination: 18.104.22.168/32 & 22.214.171.124/32
Although the Mimecast Web Security gateway servers are distributed around the world, the IPs are registered in South Africa.
Mimecast API URL for the Mimecast Security Agent
If you intend to use the Mimecast Security Agent, you must allow HTTPS requests to the *api.mimecast.com URL. This covers the following regional API URLs:
- Europe (excluding Germany): eu-api.mimecast.com
- Germany: de-api.mimecast.com
- North America: us-api.mimecast.com
- South Africa: za-api.mimecast.com
- Australia: au-api.mimecast.com
- Offshore: jer-api.mimecast.com
Browsers must have cookies enabled to display block pages. If cookies are disabled, block pages won't display.
For Network Level Protection
- Know your egress IP when configuring your Mimecast Web Security gateway locations. The egress IP is the public IP address used to send requests and must be in CIDR format. See Mimecast Web Security: Configuring Locations for more information.
- Have administrator rights to your network devices and DNS server. See Mimecast Web Security: Configuring Your DNS Forwarders / Gateway for more details.
- Install the Mimecast SSL certificate on network connected devices. See Mimecast Web Security: Managing the Mimecast Certificate for more details.
For Mimecast Security Agent (MSA)
- Have administrator privileges to install and setup the Mimecast Security Agent.
- Managed endpoint systems must use a Network Time Provider to ensure accurate system clocks.
- Ensure communication from MSA to Mimecast via API URLs isn't blocked. See the "Firewall" section above.
Mimecast Security Agent for Windows
The minimum supported Windows OS version is Windows 7 or later. This can be either the Pro x86/x64 or Enterprise x86/x64 edition.
For the MSA to work correctly, the Messaging Queue (MSMQ) feature in Windows needs to be configured correctly. During installation, the MSMQ may be removed from the system or disabled in error. The workaround is to run the Windows Update service. Refer to the Message Queuing (MSMQ) article on Microsoft's site for more information.
You must have .Net Framework version 4.5.2 or higher.
See Mimecast Web Security: Installing the Mimecast Security Agent (Windows) for more information.
Mimecast Security Agent for MacOS
The minimum supported OS version is macOS Sierra (10.12).
See Mimecast Web Security: Installing the Mimecast Security Agent (Mac) for more information.