TREND MICRO
TM
InterScan
TM
Web Security Appliance 2500
Quick Start Guide
Quick Start Guide
InterScan
TM
Web Security Appliance (IWSA) helps protect LAN users against Internet threats
including worms, network viruses, phish sites, spyware, and viruses. Optional IWSA modules can
also provide Web content filtering and security against malicious Java applets and ActiveX controls.
Use this Quick Start Guide to get IWSA up and running on your network, and then use the
Administrator’s Guide to configure, update, and test IWSA.
Please verify that your IWSA carton contains each of the following items:
Contact Information
●
Local offices: http://www.trendmicro.com/en/about/contact/us.htm
●
Phone: + 1 (800) 228-5651 or + 1 (408) 257-1500
●
Address: Trend Micro, 10101 N. De Anza Blvd., Cupertino, CA - 95014, USA
Unless you modify the proxy settings, IWSA is pre-configured to transparently scan all inbound
and outbound Web traffic — your end-users do not need to modify their browser settings. You
can also configure IWSA to work with an ICAP client.
Mount the IWSA server in a standard 19-inch 4-post rack, or on a free-standing device such as a
sturdy desktop. Instructions can be found in the back of the Administrator’s Guide, which is
available on the IWSA Solutions CD and from the Trend Micro Update Center.
When mounting the server, be sure to allow at least two inches clearance in all directions for cooling.
Before proceeding with the IWSA setup, decide where on the LAN you want the IWSA server to
sit. IWSA supports three topologies:
Network Bridge
●
Clients — network device — IWSA — network device — Internet
Pass traffic from one network device such as a switch, router, or firewall to another device for
delivery to the requesting client. IWSA acts as a bridge between the devices and transparently
scans passing HTTP and FTP traffic.
Configurations
●
If your physical network is comprised of multiple IP segments, and IWSA will scan traffic for
clients from a different segment, join IWSA to the clients’ segment by giving it a bridge ID from
that segment. You can set bridge ID settings from the IWSA console (
Administration
>
Bridge ID Settings
).
●
If an L3 switch or router that receives client traffic from one segment will connect to an IWSA
server residing in a different segment, modify the IWSA routing table or static route settings so
it points to the device.
Note
: If your physical network has VLAN settings, bind the management IP or bridge IDs to
the specific VLANs. See the IWSA Solutions CD or online help for details.
●
If the clients and IWSA are in the same segment, no configuration is required.
HTTP proxy
●
Clients — IWSA — Internet
In HTTP proxy mode, configure client browsers to use IWSA as a proxy. Connect your
network (device) to IWSA port 1. The default proxy port number is 8080.
ICAP mode
●
Clients — ICAP capable cache server — Internet
I
IWSA (acting as ICAP server)
Choose this topology if you have an ICAP server on the network and you want it to pass traffic
to IWSA for scanning. IWSA will act as an ICAP server (and the original ICAP server then
behaves as an ICAP client). Connect your network device to IWSA port 1.
Notes on port usage
Use both the internal and external ports if you will be installing IWSA in bridge mode. Use only
the internal port for the other modes. Use port 5 to connect a laptop to the IWSA server and
run the system utilities from the IWSA Solutions CD.
Explanation of indicator lights and ports
The front of the IWSA server contains three indicator lights to reflect its operational status, and
three ports. The lights and ports are explained in the table that follows.
InterScan Web Security
Appliance
Power Cord
Mounting Rail
CD, Jacket & Safety Card,
License & warranty
Console Cable (RS-232)
Cross-over Cable
Navigation
buttons
Menu select
button
LCD menu
Power
on/off
System status
IWSA logo
& model number
Not used
Internal
port
External
port
Not used
Not used
ID light
Reboot
button
ID light
button
System recovery or updates
Port
Cable
Description
Port 1 (INT)
Port 2 (EXT)
Port 3
Port 4
Port 5
Ethernet
Ethernet
Disabled
Disabled
Cross-over
Use an Ethernet cable to route internal network traffic to IWSA.
Route scanned traffic from IWSA to an external device
(for example, a firewall); this port is used only in bridge mode.
This port is not used.
This port is not used.
Update or recover system files and firmware (DOM).
IWSA server back
Port
Cable
Description
RS-232
USB port
Console cable
USB cable
Connect a laptop to the RS-232 port to configure IWSA
hardware settings, update the firmware, or reinstall IWSA
program files. Requires Microsoft HyperTerminal (or a similar
program) on the laptop. See the Administrator’s Guide for details.
Not used.
Value
Your Answer
IP address for IWSA server:
Host name (domain.com):
Netmask (subnet):
Gateway:
Primary DNS:
Secondary DNS:
TMCM server IP address:
TMCM account:
(the user name IWSA will use
to log in to the TMCM server)
(supports a-z, 0-9, -, and . )
(requires Control Manager)
(supports A-Z, a-z, 0-9, -, and _ )
Hardware setup
Use the chart below to prepare the network values for which IWSA will prompt you.
Light
State
Description
Power
ID
System
Orange–steady
Off (no color)
Blue–steady
Orange–flashing
Red–one flash
Yellow–steady
Off
IWSA server is on and operating normally.
Device is off.
The unit identification light is on; use it to identify
the IWSA server in a crowded server room.
The IWSA server is booting.
Power-On Self-Test (POST).
IWSA firmware is ready.
Not used.
Open and inspect the IWSA carton
1
1
Understand the IWSA server
2
2
Decide the network configuration
3
3
Mount the IWSA server
4
4
InterScan Web Security Appliance
front view
AC power
cable socket
Cooling fans
On/off
switch
USB port
RS-232 serial
connection
Case connecting screw
InterScan Web Security Appliance
By default, IWSA installs in bridge mode, and acts as a
forward proxy (scanning client requests and downloads),
and is fully transparent to the user.
Serial port connection
HyperTerminal
IWSA
Internal port
External port
Firewall
Other external
facing device
HTTP proxy
Internet
Router, switch,
bridge, etc.
HTTP proxy
Router, switch,
bridge, etc.
Bridge Mode
IWSA console
http://IP-address:1812
Clients
7
4
2, 3
1
4
1
10
2, 3
8, 9
IWSA
Internal port
Firewall
Other external
facing device
HTTP proxy
Internet
Router, switch,
bridge, etc.
ICAP Mode
ICAP client
IWSA console
http://IP-address:1812
Clients
Note:
Cached
Not cached
5, 6
To power on IWSA, press and release the
power on/off
switch of the IWSA device.
IWSA would normally be powered off during maintenance (such as upgrading the memory)
or when moving it to a different physical location.
Notes:
●
Power off IWSA only during maintenance to minimize the impact on HTTP and FTP traffic interruption
●
If IWSA is powered off by unplugging the device, traffic will be interrupted
●
If IWSA is on network bridge mode and "Fail-open on system error" is enabled in the Web
console (
IWSA Web Console
>
HTTP
>
Configuration
>
Proxy Scan Settings
):
●
HTTP and FTP traffic will not be interrupted
●
If IWSA is powered off, HTTP and FTP requests and responses will be passed but the traffic
will not be scanned, leaving your network unprotected
To power off IWSA, press and then hold the Power on/off switch for 5 to 10 seconds. In
noisier environments, users will feel that the device stops vibrating.
Power IWSA on and off
5
5
