background image

APPENDIX D

 

209

NSC Notation for Netmasks

Netmask

Bits

Netmask

Bits

255.255.128.0

17

255.255.255.128

25

255.255.192.0

18

255.255.255.192

26

255.255.224.0

19

255.255.255.224

27

255.255.240.0

20

255.255.255.240

28

255.255.248.0

21

255.255.255.248

29

255.255.252.0

22

255.255.255.252

30

255.255.254.0

23

255.255.255.254

31

255.255.255.0 24

255.255.255.255

32

Summary of Contents for POLICY MANAGER 8.0

Page 1: ...F Secure Policy Manager 8 0 Administrator s Guide...

Page 2: ...Corporation will not be liable for any errors or omission of facts contained herein F Secure Corporation reserves the right to modify specifications cited in this document without prior notice Compani...

Page 3: ...licy Based Management 19 1 4 1 Management Information Base 21 Chapter 2 System Requirements 23 2 1 F Secure Policy Manager Server 24 2 2 F Secure Policy Manager Console 25 Chapter 3 Installing F Secur...

Page 4: ...ing In 77 5 2 2 F Secure Client Security Management 80 5 2 3 The Advanced Mode User Interface 81 5 2 4 Policy Domain Pane 82 5 2 5 Properties Pane 82 5 2 6 Product View Pane 83 5 2 7 Messages Pane 90...

Page 5: ...ing Up Restoring F Secure Policy Manager Console Data 140 6 3 Replicating Software Using Image Files 143 Chapter 7 Updating F Secure Virus Definition Databases 145 7 1 Automatic Updates with F Secure...

Page 6: ...nd Viewing Reports 170 9 4 1 Required Browser Settings for Viewing Web Reports 170 9 4 2 Generating a Report 171 9 4 3 Creating a Printable Report 173 9 4 4 Generating a Specific URL for Automated Rep...

Page 7: ...ecure SNMP Management Extension Installation 195 A 3 Configuring The SNMP Master Agent 196 A 4 Management Information Base 197 Appendix B Ilaunchr Error Codes 198 B 1 Overview 199 B 2 Error Codes 200...

Page 8: ...viii Contact Information 213 Glossary 214 About F Secure Corporation...

Page 9: ...9 ABOUT THIS GUIDE Overview 10 How This Guide is Organized 11...

Page 10: ...e products F Secure Client Security F Secure Internet Gatekeeper for Windows F Secure Anti Virus for Windows Workstations Windows Servers Citrix Servers Microsoft Exchange MIMEsweeper F Secure Linux S...

Page 11: ...overview setup procedures the logon procedure menu commands and basic tasks Chapter 6 Maintaining F Secure Policy Manager Server Covers backup procedures and restoration routines Chapter 7 Updating F...

Page 12: ...an occur during the Autodiscover Windows Hosts operation Appendix D NSC Notation for Netmasks Defines and offers information on NSC notation for Netmasks Glossary Explanation of terms Technical Suppor...

Page 13: ...s black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a sit...

Page 14: ...used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F...

Page 15: ...15 1 INTRODUCTION Overview 16 Installation Order 17 Features 18 Policy Based Management 19...

Page 16: ...ecure Policy Manager Server They are seamlessly integrated with the F Secure Management Agent that handles all management functions on local hosts Main Components of F Secure Policy Manager F Secure P...

Page 17: ...not being used by other Internet applications so the users can always be sure they will have the latest updates without having to search the Web If F Secure Automatic Update Agent is always connected...

Page 18: ...be provided in several ways From the F Secure CD From the F Secure Web site to the customer These can be automatically pushed by F Secure Automatic Update Agent or voluntarily pulled from the F Secur...

Page 19: ...et of well defined rules that regulate how sensitive information and other resources are managed protected and distributed The management architecture of F Secure software uses policies that are centr...

Page 20: ...es Base Policy files contain the administrative settings and restrictions for all the variables for all F Secure products on a specific host With domain level policies a group of hosts may share the s...

Page 21: ...the manner of an SNMP The managed products must operate within the limits specified here Statistics Delivers product statistics to F Secure Policy Manager Console Operations Operations are handled wit...

Page 22: ...te administration process etc The following types of traps are sent by most of the F Secure products Info Normal operating information from a host Warning A warning from the host Error A recoverable e...

Page 23: ...23 2 SYSTEM REQUIREMENTS F Secure Policy Manager Server 24 F Secure Policy Manager Console 25...

Page 24: ...ium III 450 MHz processor or faster Managing more than 5000 hosts or using Web Reporting requires Intel Pentium III 1 GHz level processor or faster Memory 256 MB RAM When Web Reporting is enabled 512...

Page 25: ...SUSE Linux Enterprise Server 9 and 10 SUSE Linux Enterprise Desktop 10 Debian GNU Linux Etch 4 0 Ubuntu 8 04 Hardy Processor Intel Pentium III 450 MHz processor or faster Managing more than 5000 hosts...

Page 26: ...26 3 INSTALLING F SECURE POLICY MANAGER SERVER Overview 27 Security Issues 28 Installation Steps 34 Uninstalling F Secure Policy Manager Server 54...

Page 27: ...anager Server includes the following files Policy Domain Structure Policy Data which is the actual policy information attached to each policy domain or host Base Policy files generated from the policy...

Page 28: ...w apache org docs misc security_tips html and a list of vulnerabilities at http www apacheweek com features security 13 3 2 1 Installing F Secure Policy Manager in High Security Environments F Secure...

Page 29: ...ed full administrative rights Multiple users can keep a read only session open simultaneously monitoring the system status without affecting other administrators or managed hosts in any way 2 To enabl...

Page 30: ...re Policy Manager Server is limited only to the localhost during the installation see Step 8 40 F Secure Setup modifies the FSMSA listen directive in httpd conf file as follows FSMSA listen Listen 127...

Page 31: ...tHandler fsmsa handler Location VirtualHost After this only the person who has access to the machines with the defined IP addresses can use F Secure Policy Manager Console 3 If there is a very strong...

Page 32: ...person who has physical access to the localhost can use F Secure Policy Manager Web Reporting When access to F Secure Policy Manager Web Reporting is limited only to the localhost during the installa...

Page 33: ...t ajp13 ErrorDocument 500 Policy Manager Web Reporting could not be contacted by the Policy Manager Server Location Order Deny Allow Deny from all First deny all Allow from 127 0 0 1 Then allow access...

Page 34: ...t the F Secure CD in your CD ROM drive 2 Select Corporate Use Click Next to continue 3 Go to the Install or Update Managed Software menu and select F Secure Policy Manager Step 2 Setup begins View the...

Page 35: ...CHAPTER3 35 Installing F Secure Policy Manager Server Step 3 Read the license agreement information If you agree select I accept this agreement Click Next to continue...

Page 36: ...36 Step 4 If you are installing on a clean computer select F Secure Policy Manager Server Click Next to continue...

Page 37: ...ded to use the default installation directory If you want to install F Secure Policy Manager Server in a different directory you can use the Browse feature WARNING If you have F Secure Management Agen...

Page 38: ...ir directory under F Secure Policy Manager Server installation directory and this will be the directory that F Secure Policy Manager Server will use as a repository You can use the previous commdir as...

Page 39: ...Policy Manager Server configuration file HTTPD conf This option automatically keeps the existing administration host and web reporting ports If you want to change the ports from the previous installa...

Page 40: ...module is used for communication with F Secure Policy Manager Web Reporting Select whether it should be enabled Web Reporting uses a local socket connection to the Admin module to fetch server data Th...

Page 41: ...CHAPTER3 41 Installing F Secure Policy Manager Server Click Next to continue...

Page 42: ...42 Step 9 Select to add product installation package s from the list of available packages if you selected F Secure Installation Packages in Step 4 on page 17 Click Next...

Page 43: ...CHAPTER3 43 Installing F Secure Policy Manager Server Step 10 Setup displays the components that will be installed Click Next...

Page 44: ...44 Step 11 When the setup is completed the setup shows whether all components were installed successfully...

Page 45: ...HAPTER3 45 Installing F Secure Policy Manager Server Step 12 F Secure Policy Manager Server is now installed Restart the computer if you are prompted to do so Click Finish to complete the installation...

Page 46: ...displayed Step 14 The setup wizard creates the user group FSPM users The user who was logged in and ran the installer is automatically added to this group To allow another user to run F Secure Policy...

Page 47: ...ll the directories on the path 2 Stop the F Secure Policy Manager Server service 3 Copy the whole directory structure from the old commdir path to the new path 4 Change the value for the CommDir and C...

Page 48: ...owever define what ports they should listen in if the defaults are not suitable If you want to change the port in which F Secure Policy Manager Server Admin Module listens add a Listen entry in the co...

Page 49: ...Secure Policy Manager Server Configuration Settings This section introduces and explains all the relevant entries present in the F Secure Policy Manager Server configuration file and how they are used...

Page 50: ...ines the directory that everyone will be able to access so don t use a path to a directory with sensitive data By default F Secure Policy Manager Server allocates a directory under F Secure Policy Man...

Page 51: ..._default_ 8080 Location fsmsa fsmsa dll SetHandler fsmsa handler Location VirtualHost Commdir and Commdir2 These directives define the path to the communication directory or repository This is the dir...

Page 52: ...LINED TOO_SMALL CR 0pct 10 128 131 224 18 Apr 2002 14 06 36 0300 tells you when the request to the server was made and by which host described by its IP address The fxnext component informs you which...

Page 53: ...s us to define the length a log should be kept 8 days by default and when the files should be rotated e g when the access log is named access log 1 and a new empty access log file is created where the...

Page 54: ...nication directory concurrently e g F Secure Management Agent RetryFileOperation 10 This setting tells the server how many times it should retry a failed file operation with a 1 second retry interval...

Page 55: ...Installing F Secure Policy Manager Server 3 The F Secure Uninstall dialog box appears Click Start to begin uninstallation 4 When the uninstallation is complete click Close 5 Click OK to exit Add Remo...

Page 56: ...56 4 INSTALLING F SECURE POLICY MANAGER CONSOLE Overview 57 Installation Steps 57 Uninstalling F Secure Policy Manager Console 73...

Page 57: ...on can be used for both Administrator and Read Only connections The following sections explain how to run the F Secure Policy Manager Console setup from the F Secure CD and how to select the initial o...

Page 58: ...58 Step 2 View the Welcome screen and follow the setup instructions Select the installation language from the drop down menu Click Next to continue...

Page 59: ...CHAPTER4 59 Installing F Secure Policy Manager Console Step 3 Read the license agreement information If you agree select I accept this agreement Click Next to continue...

Page 60: ...60 Step 4 Select F Secure Policy Manager Console Click Next to continue...

Page 61: ...cure Policy Manager Console Step 5 Choose the destination folder Click Next It is recommended to use the default installation directory Use the Browse feature to install F Secure Policy Manager Consol...

Page 62: ...62 Step 6 Specify F Secure Policy Manager Server address and Administration port number Click Next to continue...

Page 63: ...CHAPTER4 63 Installing F Secure Policy Manager Console Step 7 Review the changes that setup is about to make Click Next to continue...

Page 64: ...64 Step 8 Click Finish to close the installer...

Page 65: ...icy Manager Console F Secure Policy Manager Console When F Secure Policy Manager Console is run for the first time the Console Setup Wizard collects the information needed to create an initial connect...

Page 66: ...dministrator features Read Only mode allows you to view administrator data but no changes can be made If you select Read only mode you will not be able to administer hosts To change to Administrator m...

Page 67: ...CHAPTER4 67 Installing F Secure Policy Manager Console Step 11 Enter the address of the F Secure Policy Manager Server that is used for communicating with the managed hosts...

Page 68: ...private key files will be stored By default key files are stored in the F Secure Policy Manager Console installation directory Program Files F Secure Administrator Click Next to continue If the key pa...

Page 69: ...window to initialize the random seed used by the management key pair generator Using the path of the mouse movement ensures that the seed number for the key pair generation algorithm has enough rando...

Page 70: ...70 Step 14 Enter a passphrase which will secure your private management key Re enter your passphrase in the Confirm Passphrase field Click Next...

Page 71: ...management key pair After the key pair is generated F Secure Policy Manager Console will start Step 16 The setup wizard creates the user group FSPM users The user who was logged in and ran the instal...

Page 72: ...ovide them with a copy of the Admin pub key file or access to it If you install the F Secure products on the workstations remotely with F Secure Policy Manager a copy of the Admin pub key file is inst...

Page 73: ...nstalling F Secure Policy Manager Console To uninstall F Secure Policy Manager Console or other F Secure Policy Manager components follow these steps 1 Open the Windows Start menu and go to Control Pa...

Page 74: ...iew 75 F Secure Policy Manager Console Basics 76 F Secure Client Security Management 80 Managing Domains and Hosts 94 Software Distribution 104 Managing Policies 120 Managing Operations and Tasks 126...

Page 75: ...tor Group the managed hosts under policy domains sharing common attribute values Manage host and domain hierarchies easily Generate signed policy definitions which include attribute values and restric...

Page 76: ...s installation is user based and modifications cannot affect other users The user cannot do any of the following in Read only mode Modify the domain structure or the properties of domains and hosts Mo...

Page 77: ...defined when you installed the program This is not your network administrator password You can start the program in Read Only mode in which case you do not need to enter a passphrase In this case how...

Page 78: ...hs specify what management key pair to use for this connection If the specified key files do not exist F Secure Policy Manager Console will generate a new key pair Communication Preferences Select the...

Page 79: ...nment some hosts are naturally disconnected from the server every now and then For example laptop computers may not be able to access the server daily but in most cases this is perfectly acceptable be...

Page 80: ...face opens This mode is optimized for administering F Secure Client Security Using the Anti Virus mode user interface you can complete most tasks for managing F Secure Client Security or F Secure Anti...

Page 81: ...Manager Console you need to change to the Advanced mode user interface To do so select View Advanced Mode The Advanced mode user interface opens displaying the following four panes Policy Domain pane...

Page 82: ...aste operations Export a policy file After selecting a domain or host you can access the above options from the Edit menu The domains referred to in the commands are not Windows NT or DNS domains Poli...

Page 83: ...ted the Status view displays number of hosts in the domain and which hosts are disconnected from F Secure Policy Manager Alerts Displays a list of alerts originating from hosts in the selected domain...

Page 84: ...iew and edit installation information The traditional F Secure Policy Manager Console MIB tree contains all the settings operations Policy and local setting statistics Status in a product component sp...

Page 85: ...rs from the MIB tree in the following categories Communication edit communication settings Alerting edit alert settings Alert Forwarding see Configuring Alert Forwarding on page 128 for more details C...

Page 86: ...e Go To menu item to display the corresponding MIB tree node in the Properties pane Note that in most cases the MIB tree offers more though less frequently needed setting parameters For example this i...

Page 87: ...ubdomains and hosts Use this menu entry cautiously all values defined in the subdomain or hosts under the selected domain are discarded and cannot be restored Show Domain Values The Show Domain Values...

Page 88: ...ome alerts or useful statistics before the disconnection This information may help to investigate why the host was disconnected If the reason is clear for example if the host s F Secure software has b...

Page 89: ...ger than the allotted threshold days Always check the disconnection threshold value from Preferences before deleting hosts If a still existing host is deleted accidently all host specific alerts repor...

Page 90: ...sages are logged into both files in the message subdirectory of the local F Secure Policy Manager Console installation directory Logs of the messages are kept both in English and the language you have...

Page 91: ...rties box of a host or domain Launches the Autodiscover Windows Hosts tool New hosts will be added to the currently selected policy domain Starts push installation to Windows hosts Imports autoregiste...

Page 92: ...es Exit Exits F Secure Policy Manager Console Edit Cut Cuts selected items Paste Pastes items to selected location Delete Deletes selected items New Policy Domain Adds a new domain New Host Adds a new...

Page 93: ...erts page in the Properties pane with all alerts showing Advanced Mode Changes to the advanced mode user interface which is the user interface described in this manual Anti Virus Mode Changes to the A...

Page 94: ...y to that structure If you want to get started quickly you can also import all hosts to the root domain first and create the domain structure later when the need for that arises The hosts can then be...

Page 95: ...11 An example of a policy domain structure All domains and hosts must have a unique name in this structure Another possibility is to create the different country offices as subdomains Figure 5 12 An...

Page 96: ...in a parent domain must be selected or click in the toolbar alternatively press ctrl insert The new policy domain will be a subdomain of the selected parent domain Figure 5 14 Policy Domain Properties...

Page 97: ...hosts from a Windows domain select the target domain and choose Autodiscover Windows hosts from the Edit menu After the autodiscover operation is completed the new host is automatically added to the P...

Page 98: ...installation see step 6 in Using the Customized Remote Installation JAR Package 116 section It is possible to sort autoregistration messages according to the values of any column by clicking the corre...

Page 99: ...rt Autoregistered Hosts window You can use the following as import criteria in the rules WINS name DNS name Dynamic DNS name Custom Properties These support asterisk as a wildcard can replace any numb...

Page 100: ...hidden are remembered only until the Console is closed To add a new custom property do as follows 1 Right click a column heading and select Add New Custom Property The New Custom Property dialog opens...

Page 101: ...host manually select a policy domain and select New Host from the Edit menu or click the Add Host button alternatively press Insert This operation is useful in the following cases Learning and testin...

Page 102: ...ate Properties check box in the Identities tab of the Host Properties dialog box You can open the Host Properties dialog box by choosing Properties from the Edit menu or by clicking in the toolbar Hos...

Page 103: ...that is used to uniquely identify every host in the system In the Platform tab you can add the operating system of the host to the properties Platform name is the name of the operating system The ope...

Page 104: ...ns and Updates from CD ROM Installation can be performed independently on the host by running the setup directly from the CD ROM After installation F Secure Management Agent sends a registration messa...

Page 105: ...Console or with remotely triggered operations For more information see Automatic Updates with F Secure Automatic Update Agent 146 Shortcuts to all the installation related features are gathered in the...

Page 106: ...et hosts from a list of hosts Push Install to Windows Hosts allows you to define the target hosts directly with IP addresses or host names After the target hosts are selected both push installation op...

Page 107: ...this selection all details about the hosts are shown such as the versions of the operating system and F Secure Management Agent Resolve host names and comments only quicker If all hosts are not shown...

Page 108: ...ll to continue 5 After you have selected your target hosts continue to Push Installation After Target Host Selection 109 for instructions on push installing the applications to hosts Push Install to W...

Page 109: ...ost Selection To push install the installation package s after you have selected the target hosts 1 Select the installation package and click Next to continue 2 Select the products to install You can...

Page 110: ...on requires administrator rights for the target machine during the installation If the account you entered does not have administrator rights on one of the remote hosts an Access denied error message...

Page 111: ...the account otherwise the account is accepted only by the host in question 5 Review the installation summary To start the Remote Installation Wizard click Start The Remote Installation Wizard will gui...

Page 112: ...ation task to the base policy files thus policy distribution is required to start installations Both base policy files and the installation package are signed by the management key pair so that only g...

Page 113: ...the Installation Editor the administrator selects the products to be installed on the currently selected host or policy domain Figure 5 19 Installation Editor The Installation Editor contains the foll...

Page 114: ...ent for hosts and for domains In progress The installation operation has been started added to policy data but the host has not yet reported the operation s success or failure Failed The installation...

Page 115: ...s completed If the hosts are connected to the network and they send and receive policy files correctly then there could be a real problem The host may not be correctly acknowledging the installation o...

Page 116: ...nt version This option should only be used for troubleshooting Most of the time there is no reason to reinstall a product 5 4 3 Local Installation and Updates with Pre Configured Packages You can expo...

Page 117: ...d installation package Click Export 4 Specify the file location where you want to save the customized installation JAR package Click Save 5 Select the products you want to install Click Next to contin...

Page 118: ...operties to the autoregistration message it sends to the F Secure Policy Manager after local installation These customer specific properties will appear together with the standard host identification...

Page 119: ...name of the JAR package being installed When the installation runs the user will see a dialog displaying the installation progress If a restart is required after the installation the user is prompted...

Page 120: ...o sources The installation CD ROM or The F Secure website Normally new remote installation packages are installed from the CD ROM and F Secure Policy Manager setup moves the packages automatically to...

Page 121: ...its measured in 1 100s of a second Octet String binary data this type is also used in UNICODE text strings OID object identifier Opaque binary data that can represent additional data types A policy va...

Page 122: ...IXED SIZE restriction can be applied to tables With this restriction the end user cannot add or delete rows from fixed size tables Because the Final restriction cannot be used for empty tables the FIX...

Page 123: ...cy files are copied to the Communication directory where the F Secure software on the hosts will check for it periodically 5 5 5 Policy Inheritance In F Secure Policy Manager Console each policy domai...

Page 124: ...ains while other products could inherit their policies from subdomains or even get host specific policies If policy changes are implemented at multiple levels of the policy domain hierarchy tracking c...

Page 125: ...le inheritance F Secure Internet Shield Rules table F Secure Internet Shield Services table F Secure Internet Shield Security Levels table Please refer to the corresponding product manuals for more in...

Page 126: ...stributed the new policy and the host has fetched the policy file You may click Cancel at any time to undo the operation 5 7 Alerting This section describes how to view alerts and reports and how to c...

Page 127: ...nowledge an alert If all the alerts are acknowledged the Ack button will be dimmed Severity The problem s severity Each severity level has its own icon Info Normal operating information from a host Wa...

Page 128: ...ble which is located under F Secure Management Agent Settings Alerting Alert Forwarding Figure 5 22 F Secure Management Agent Settings Alert Forwarding The same table can also be found in the F Secure...

Page 129: ...o many alerts You can further configure the alert target by setting the policy variables under target specific branches For example Settings Alerting F Secure Policy Manager Console Retry Send Interva...

Page 130: ...t the domains and or hosts you are interested in from the reporting point of view The domain selected in the Policy Domain pane is selected by default in the Reporting tool By selecting the Recursive...

Page 131: ...heck box if inheritance information is to be included in the report Inheritance Report Type Export view reports containing values of all policy variables of the selected products from the selected dom...

Page 132: ...which information is included to the report to be made Alert report type dependent configurations allows you to sort alerts by all the alert description fields and select by severity which severity a...

Page 133: ...in the bottom pane to generate a report of the selected report type with selected configurations The report is then viewed in HTML format with the default web browser If default web browser has not be...

Page 134: ...d Hosts list in the Domain status view The domain tree notification icons can be switched off from Appearance Policy Domain Options Note that it s possible to an interval define shorter than one day b...

Page 135: ...the automatic status polling To do this open the Tools menu and select Preferences Select the Communications tab and click Polling Period options Check the Disable all polling checkbox Policy Files P...

Page 136: ...Installation Installation Timeout The maximum time F Secure Policy Manager Console waits for the results of an installation operation Browsing Timeout Important only if the Hide Already Managed Hosts...

Page 137: ...eel Defines the appearance and behavior of the user interface components The change will take place after program restart Policy Files Products Allows you to deactivate MIBs for products which you do...

Page 138: ...corresponding tab and a message per line including severity and creation time Save Messages Toggle message saving on and off It is highly recommended that you keep logging on as the log information ca...

Page 139: ...139 6 MAINTAINING F SECURE POLICY MANAGER SERVER Overview 140 Backing Up Restoring F Secure Policy Manager Console Data 140 Replicating Software Using Image Files 143...

Page 140: ...licy domain structure and all saved policy data It is also possible to back up the entire repository By doing so you will be able to restore not only the policy domain structure but also the alerts ho...

Page 141: ...ctory of Policy Manager Server s repository Commdir Full Backup 1 Close all F Secure Policy Manager Console management sessions 2 Stop F Secure Policy Manager Server service 3 Back up the Communicatio...

Page 142: ...ion such as keys and preferences Full Backup restore it as follows 1 Close all F Secure Policy Manager Console management sessions and stop F Secure Policy Manager Server service 2 Delete the communic...

Page 143: ...mputers This situation will prevent F Secure Policy Manager from functioning properly Please follow these steps to make sure that each computer uses a personalized Unique ID even if disk imaging softw...

Page 144: ...allation A new Unique ID is created automatically when the system is restarted This will happen individually on each machine where the image file is installed These machines will send autoregistration...

Page 145: ...NITION DATABASES Automatic Updates with F Secure Automatic Update Agent 146 Using the Automatic Update Agent 148 Forcing the Update Agent to Check for New Updates Immediately 153 Updating the Database...

Page 146: ...o hours after they have been published by F Secure Any possible delays will depend on when a connection to the Internet is available F Secure Automatic Update Agent is used to update either centrally...

Page 147: ...turn e If the client is configured to use HTTP Proxy it tries to download the updates through the HTTP Proxy from F Secure Update Server f After that the client tries to download the updates directly...

Page 148: ...by viewing the log file For more information see How to Read the Log File 149 7 2 1 Configuration Step 1 To configure F Secure Automatic Update Agent open the fsaua cfg configuration file located in...

Page 149: ...this enter the following commands on command line net stop fsaua net start fsaua 7 2 2 How to Read the Log File The fsaua log file is used to store messages generated by F Secure Automatic Update Agen...

Page 150: ...e and version are shown 3988 Thu Oct 26 12 40 39 2006 3 Downloaded F Secure Anti Virus Update 2006 10 26_04 DFUpdates version 1161851933 from fsbwserver f secure com 12445450 bytes download size 38535...

Page 151: ...successful and some files were downloaded For a list of update types that you can find in the log see What Updates are Logged in fsaua log 152 Installation of F Secure Anti Virus Update 2006 10 26_04...

Page 152: ...adb F Secure Anti Virus Orion Update 2006 10 02_07 oriondb F Secure Anti Virus Misc Update 2006 10 09_03 avmisc F Secure Housekeeper Update 2006 10 09_03 hke freebsd F Secure Housekeeper Update 2006 1...

Page 153: ...Policy Manager Console 7 3 Forcing the Update Agent to Check for New Updates Immediately If you need to force F Secure Automatic Update Agent to check for new updates immediately you need to stop and...

Page 154: ...tication failed Reason The password entered for HTTP proxy is incorrect Solution Check and correct the HTTP proxy password in the http_proxies directive in the fsaua cfg file For more information see...

Page 155: ...155 8 F SECURE POLICY MANAGER ON LINUX Overview 156 Installation 157 Configuration 161 Uninstallation 161 Frequently Asked Questions 163...

Page 156: ...tions F Secure Policy Manager supports many of the Linux distributions based on the Debian package management DEB system and on the Redhat Package Management RPM system The commands for these two syst...

Page 157: ...be installed on the same or a separate computer 8 2 1 Installing F Secure Automatic Update Agent 1 Log in as root 2 Open a terminal 3 To install type 4 To configure type opt f secure fsaua bin fsaua...

Page 158: ...install type 4 To configure type opt f secure fspms bin fspms config and answer the questions Push ENTER to choose the default setting shown in square brackets for each of these questions F Secure Pol...

Page 159: ...to the fspmc group usr sbin usermod G fspmc groups the user belongs to now as comma separated list user id For example if Tom belongs to the groups normal_users and administrators the command is usr s...

Page 160: ...t 2 Open a terminal 3 To install type 4 To configure type opt f secure fspmwr bin fspmwr config and answer the questions Push ENTER to choose the default setting shown in square brackets for each of t...

Page 161: ...re Automatic Update Agent 8 4 1 Uninstalling F Secure Policy Manager Web Reporting 1 Log in as root 2 Open a terminal 3 Type F Secure Policy Manager Component Configuration Command F Secure Policy Man...

Page 162: ...iles and configuration files are not removed as these are irreplaceable and contain valuable information To remove these type rm rf opt f secure fspmc Debian Based Distributions RPM Based Distribution...

Page 163: ...Administrator error log Q Why doesn t F Secure Policy Manager Server start A Runtime errors warnings and other information are logged to opt f secure fspms logs error_log opt f secure fsaus log fsaus...

Page 164: ...c Update Agent by typing sudo u fspms opt f secure fspms bin fsavupd debug Q Where are the F Secure Policy Manager Console files located in the Linux version A To list all files and their places type...

Page 165: ...iguration file A To restart F Secure Policy Manager Server a Log in as root b Type etc init d fspms restart Q How can I get information about how F Secure Policy Manager Server is running A Type etc i...

Page 166: ...e Agent so that the changes take effect etc init d fsaua restart Q How can I use an HTTP proxy with F Secure Automatic Update Agent A HTTP proxies are set through the file opt f secure fsaua etc fsaua...

Page 167: ...ER8 167 F Secure Policy Manager on Linux Q How can I restart F Secure Automatic Update Agent after changing the configuration file A To restart F Secure Automatic Update Agent type etc init d fsaua re...

Page 168: ...WEB REPORTING Overview 169 Introduction 169 Web Reporting Client System Requirements 170 Generating and Viewing Reports 170 Maintaining Web Reporting 174 Web Reporting Error Messages and Troubleshooti...

Page 169: ...based on historical trend data using a web based interface You can produce a wide range of useful reports and queries from F Secure Client Security alerts and status information sent by the F Secure M...

Page 170: ...mmary Internet Shield Summary Alerts Installed Software and Host Properties in the Web Reporting user interface The starting of F Secure Policy Manager Web Reporting can take a lot of time in big envi...

Page 171: ...iew it Automatically Select this if you want Internet Explorer to check for a new version of the page automatically Cookies It is also a good idea to enable cookies in your browser as this makes for e...

Page 172: ...ort category Root is selected by default in the Policy Domains pane 3 To view a new report first select the domain subdomain or host for which you want to generate the report 4 Then select a report ca...

Page 173: ...eneration You can also generate a specific URL that can be used for automated report generation This means that you do not have to select the report category report type or policy domain which you wan...

Page 174: ...artup type to Manual Skip this step if you want to stop the Web Reporting only temporarily 5 Click OK 9 5 2 Enabling Web Reporting You can enable F Secure Policy Manager Web Reporting by using the Ser...

Page 175: ...ere and access from a number of hosts defined by their IP addresses Allow Access from Everywhere default By default F Secure Policy Manager Web Reporting can be accessed from any computer that can acc...

Page 176: ...the Policy Manager Server Location Order Deny Allow Deny from all Allow from ip address 1 Allow from ip address 2 Allow from ip address 3 Location VirtualHost After this only those people who have acc...

Page 177: ...rting service 2 Copy the file C Program Files F Secure Management Server 5 Web Reporting firebird data fspmwr fdb to the backup media You can also use some compression utility to compress the file Usi...

Page 178: ...e this time to be longer If you want to keep the trend data for a shorter time you can also configure this time to be shorter 1 Stop the F Secure Policy Manager Web Reporting service 2 Change the maxi...

Page 179: ...hat machine or F Secure Policy Manager Server service is not running Check all of these in this order A firewall may also prevent the connection Error message F Secure Policy Manager Web Reporting cou...

Page 180: ...arting the Web Reporting service If Web Reporting cannot contact the database you should restart the Web Reporting service If this does not help you may wish to reinstall Web Reporting keeping the exi...

Page 181: ...the database is really broken you can also copy an empty database file on top of the broken one This is done as follows 1 Stop the F Secure Policy Manager Web Reporting service 2 Copy fspmwr fdb empty...

Page 182: ...182 10 F SECURE POLICY MANAGER PROXY Overview 183...

Page 183: ...a database distribution point There should be one F Secure Policy Manager Proxy in every network that is behind slow network lines F Secure Policy Manager Proxy retrieves virus definition database upd...

Page 184: ...184 11 TROUBLESHOOTING Overview 185 F Secure Policy Manager Server and Console 185 F Secure Policy Manager Web Reporting 190 Policy Distribution 191...

Page 185: ...olicy Manager Server start A Runtime errors warnings and other information can be found in the file F Secure Management Server 5 logs error log If the Application Log in Event Viewer Administrative to...

Page 186: ...nt Server 5 directory are automatically set correctly If the directory is copied by hand or for example restored from backup the access rights might be deleted In this case execute the steps described...

Page 187: ...settings option selected This will recreate the F Secure Policy Manager Server account and reset all file access rights to the correct ones Q Why does F Secure Policy Manager Server use its own accou...

Page 188: ...vent the F Secure Policy Manager Server service from starting For more information on these please consult the Microsoft Windows Server documentation Q Why am I unable to connect to F Secure Policy Ma...

Page 189: ...e under such a heavy network load that it does not have any free network connections available F Secure Policy Manager Console and all hosts are competing for the same network resources With the defau...

Page 190: ...iguration files are in F Secure Management Server 5 Web Reporting fspmwr conf F Secure Management Server 5 Web Reporting jetty etc fspmwr xml F Secure Management Server 5 Web Reporting firebird aliase...

Page 191: ...s not among the choices on a sub domain or host too high or low values are specified as range restriction boundaries or an empty choice list is specified When a domain includes hosts that have differe...

Page 192: ...omains for exceptions This is a good solution if you have only a few hosts with the older software versions installed Reason 2 You entered an integer value that is outside of the range restrictions Er...

Page 193: ...193 A SNMP Support Overview 194 Installing F Secure Management Agent with SNMP Support 195 Configuring The SNMP Master Agent 196 Management Information Base 197...

Page 194: ...with TCP IP or IPX SPX since the SNMP service uses Windows Sockets for network communication The master agent is an extensible SNMP agent which allows it to service additional MIBs The NT SNMP agent i...

Page 195: ...es A 2 Installing F Secure Management Agent with SNMP Support A 2 1 F Secure SNMP Management Extension Installation SNMP support for F Secure Management Agent is installed by installing Management Ext...

Page 196: ...equest for information that does not contain the correct community name and does not match an accepted host name for the Service the SNMP Service can send a trap to the trap destination indicating tha...

Page 197: ...OIDs are organized in a tree like structure and the sequence of numbers identifies the various branches of the subtree that a given object comes from The root of the tree is the ISO International Stan...

Page 198: ...198 B Ilaunchr Error Codes Overview 199 Error Codes 200...

Page 199: ...em Here is one example which you can insert into your login script Start Wait ILaunchr exe server share mysuite jar U if errorlevel 100 Go to Some_Setup_Error_occurred if errorlevel 5 Go to Some_Ilaun...

Page 200: ...fficient free space for installation 8 File package ini was not found in JAR file 9 File package ini did not contain any work instructions 10 Wrong parameters in command line or ini file 11 Error in i...

Page 201: ...nstallation aborted 110 Out of disk space 111 The destination drive is not local 120 The user has no administrative rights to the machine 130 Setup was unable to copy non packed files to the target di...

Page 202: ...n returned error 171 Plug in returned an unexpected code 172 Plug in returned a wrapper code 173 One of the previous install uninstall operations was not completed Reboot is required to complete it 17...

Page 203: ...203 C FSII Remote Installation Error Codes Overview 204 Windows Error Codes 204 Error Messages 205...

Page 204: ...or privileges With Domain Trusts make sure you have logged on to the F Secure Policy Manager Console using the account from the trusted domain 1069 Logon Failure In most cases the entered password is...

Page 205: ...p cancels the whole installation in the following situations 1 When it detects conflicting third party software 2 There are various other possibly reasons including the wrong URL to Policy Manager Ser...

Page 206: ...llation cannot be completed without first uninstalling it Q Invalid data is encountered in prodsett ini A The prodsett ini configuration file has invalid information If you have edited it manually mak...

Page 207: ...207 D NSC Notation for Netmasks Overview 208...

Page 208: ...re not contiguous The following table gives the number of bits for each permitted netmask The 0 0 0 0 is a special network definition reserved for the default route Network Address Netmask NSC Notatio...

Page 209: ...0 17 255 255 255 128 25 255 255 192 0 18 255 255 255 192 26 255 255 224 0 19 255 255 255 224 27 255 255 240 0 20 255 255 255 240 28 255 255 248 0 21 255 255 255 248 29 255 255 252 0 22 255 255 255 25...

Page 210: ...210 TECHNICAL SUPPORT Overview 211 Web Club 211 Advanced Technical Support 211 F Secure Technical Product Training 212...

Page 211: ...ser and your location To connect to the Web Club directly from your Web browser go to http www f secure com webclub Virus Descriptions on the Web F Secure Corporation maintains a comprehensive collect...

Page 212: ...effort F Secure Technical Product Training F Secure provides technical product training material and information for our distributors resellers and customers to succeed with F Secure security products...

Page 213: ...parts At the end of each course there is a certification exam Contact your local F Secure office or F Secure Certified Training Partner to get information about the courses and schedules Contact Info...

Page 214: ...214 GLOSSARY...

Page 215: ...epresent a single character There are 8 bits in a byte Certificate See Public Key Client A program that is used to contact and obtain data from a Server program on another computer Corrupted Data that...

Page 216: ...s consisting of 4 numeric strings separated by dots This will change in IPv6 IPSec IETF The IP Security Protocol is designed to provide interoperable high quality cryptography based security for IPv4...

Page 217: ...building Sometimes using a simple network protocol Login noun The account name used to gain access to a computer system Mbit Megabit MD5 Message Digest number 5 a secure hash function published in RFC...

Page 218: ...y more than one party Public Key The part of the key in a public key system which is widely distributed and not kept secure This key is used for encryption not decryption or for verifying signatures A...

Page 219: ...are Text file Any file whose contents are intended by the file s creator to be interpreted as a sequence of one or more lines containing ASCII or Latin printable characters URL Uniform Resource Locato...

Page 220: ...all with intrusion prevention antispam and antispyware solutions Founded in 1988 F Secure has been listed on the Helsinki Exchanges since 1999 and has been consistently growing faster than all its pub...

Page 221: ......

Reviews: