F-SECURE POLICY MANAGER 8.0 Скачать руководство пользователя страница 1

Страница: 1 / 221

F-Secure Policy

Manager 8.0

Administrator’s Guide

Содержание POLICY MANAGER 8.0

Страница 1: ...F Secure Policy Manager 8 0 Administrator s Guide...

Страница 2: ...Corporation will not be liable for any errors or omission of facts contained herein F Secure Corporation reserves the right to modify specifications cited in this document without prior notice Compani...

Страница 3: ...licy Based Management 19 1 4 1 Management Information Base 21 Chapter 2 System Requirements 23 2 1 F Secure Policy Manager Server 24 2 2 F Secure Policy Manager Console 25 Chapter 3 Installing F Secur...

Страница 4: ...ing In 77 5 2 2 F Secure Client Security Management 80 5 2 3 The Advanced Mode User Interface 81 5 2 4 Policy Domain Pane 82 5 2 5 Properties Pane 82 5 2 6 Product View Pane 83 5 2 7 Messages Pane 90...

Страница 5: ...ing Up Restoring F Secure Policy Manager Console Data 140 6 3 Replicating Software Using Image Files 143 Chapter 7 Updating F Secure Virus Definition Databases 145 7 1 Automatic Updates with F Secure...

Страница 6: ...nd Viewing Reports 170 9 4 1 Required Browser Settings for Viewing Web Reports 170 9 4 2 Generating a Report 171 9 4 3 Creating a Printable Report 173 9 4 4 Generating a Specific URL for Automated Rep...

Страница 7: ...ecure SNMP Management Extension Installation 195 A 3 Configuring The SNMP Master Agent 196 A 4 Management Information Base 197 Appendix B Ilaunchr Error Codes 198 B 1 Overview 199 B 2 Error Codes 200...

Страница 8: ...viii Contact Information 213 Glossary 214 About F Secure Corporation...

Страница 9: ...9 ABOUT THIS GUIDE Overview 10 How This Guide is Organized 11...

Страница 10: ...e products F Secure Client Security F Secure Internet Gatekeeper for Windows F Secure Anti Virus for Windows Workstations Windows Servers Citrix Servers Microsoft Exchange MIMEsweeper F Secure Linux S...

Страница 11: ...overview setup procedures the logon procedure menu commands and basic tasks Chapter 6 Maintaining F Secure Policy Manager Server Covers backup procedures and restoration routines Chapter 7 Updating F...

Страница 12: ...an occur during the Autodiscover Windows Hosts operation Appendix D NSC Notation for Netmasks Defines and offers information on NSC notation for Netmasks Glossary Explanation of terms Technical Suppor...

Страница 13: ...s black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a sit...

Страница 14: ...used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F...

Страница 15: ...15 1 INTRODUCTION Overview 16 Installation Order 17 Features 18 Policy Based Management 19...

Страница 16: ...ecure Policy Manager Server They are seamlessly integrated with the F Secure Management Agent that handles all management functions on local hosts Main Components of F Secure Policy Manager F Secure P...

Страница 17: ...not being used by other Internet applications so the users can always be sure they will have the latest updates without having to search the Web If F Secure Automatic Update Agent is always connected...

Страница 18: ...be provided in several ways From the F Secure CD From the F Secure Web site to the customer These can be automatically pushed by F Secure Automatic Update Agent or voluntarily pulled from the F Secur...

Страница 19: ...et of well defined rules that regulate how sensitive information and other resources are managed protected and distributed The management architecture of F Secure software uses policies that are centr...

Страница 20: ...es Base Policy files contain the administrative settings and restrictions for all the variables for all F Secure products on a specific host With domain level policies a group of hosts may share the s...

Страница 21: ...the manner of an SNMP The managed products must operate within the limits specified here Statistics Delivers product statistics to F Secure Policy Manager Console Operations Operations are handled wit...

Страница 22: ...te administration process etc The following types of traps are sent by most of the F Secure products Info Normal operating information from a host Warning A warning from the host Error A recoverable e...

Страница 23: ...23 2 SYSTEM REQUIREMENTS F Secure Policy Manager Server 24 F Secure Policy Manager Console 25...

Страница 24: ...ium III 450 MHz processor or faster Managing more than 5000 hosts or using Web Reporting requires Intel Pentium III 1 GHz level processor or faster Memory 256 MB RAM When Web Reporting is enabled 512...

Страница 25: ...SUSE Linux Enterprise Server 9 and 10 SUSE Linux Enterprise Desktop 10 Debian GNU Linux Etch 4 0 Ubuntu 8 04 Hardy Processor Intel Pentium III 450 MHz processor or faster Managing more than 5000 hosts...

Страница 26: ...26 3 INSTALLING F SECURE POLICY MANAGER SERVER Overview 27 Security Issues 28 Installation Steps 34 Uninstalling F Secure Policy Manager Server 54...

Страница 27: ...anager Server includes the following files Policy Domain Structure Policy Data which is the actual policy information attached to each policy domain or host Base Policy files generated from the policy...

Страница 28: ...w apache org docs misc security_tips html and a list of vulnerabilities at http www apacheweek com features security 13 3 2 1 Installing F Secure Policy Manager in High Security Environments F Secure...

Страница 29: ...ed full administrative rights Multiple users can keep a read only session open simultaneously monitoring the system status without affecting other administrators or managed hosts in any way 2 To enabl...

Страница 30: ...re Policy Manager Server is limited only to the localhost during the installation see Step 8 40 F Secure Setup modifies the FSMSA listen directive in httpd conf file as follows FSMSA listen Listen 127...

Страница 31: ...tHandler fsmsa handler Location VirtualHost After this only the person who has access to the machines with the defined IP addresses can use F Secure Policy Manager Console 3 If there is a very strong...

Страница 32: ...person who has physical access to the localhost can use F Secure Policy Manager Web Reporting When access to F Secure Policy Manager Web Reporting is limited only to the localhost during the installa...

Страница 33: ...t ajp13 ErrorDocument 500 Policy Manager Web Reporting could not be contacted by the Policy Manager Server Location Order Deny Allow Deny from all First deny all Allow from 127 0 0 1 Then allow access...

Страница 34: ...t the F Secure CD in your CD ROM drive 2 Select Corporate Use Click Next to continue 3 Go to the Install or Update Managed Software menu and select F Secure Policy Manager Step 2 Setup begins View the...

Страница 35: ...CHAPTER3 35 Installing F Secure Policy Manager Server Step 3 Read the license agreement information If you agree select I accept this agreement Click Next to continue...

Страница 36: ...36 Step 4 If you are installing on a clean computer select F Secure Policy Manager Server Click Next to continue...

Страница 37: ...ded to use the default installation directory If you want to install F Secure Policy Manager Server in a different directory you can use the Browse feature WARNING If you have F Secure Management Agen...

Страница 38: ...ir directory under F Secure Policy Manager Server installation directory and this will be the directory that F Secure Policy Manager Server will use as a repository You can use the previous commdir as...

Страница 39: ...Policy Manager Server configuration file HTTPD conf This option automatically keeps the existing administration host and web reporting ports If you want to change the ports from the previous installa...

Страница 40: ...module is used for communication with F Secure Policy Manager Web Reporting Select whether it should be enabled Web Reporting uses a local socket connection to the Admin module to fetch server data Th...

Страница 41: ...CHAPTER3 41 Installing F Secure Policy Manager Server Click Next to continue...

Страница 42: ...42 Step 9 Select to add product installation package s from the list of available packages if you selected F Secure Installation Packages in Step 4 on page 17 Click Next...

Страница 43: ...CHAPTER3 43 Installing F Secure Policy Manager Server Step 10 Setup displays the components that will be installed Click Next...

Страница 44: ...44 Step 11 When the setup is completed the setup shows whether all components were installed successfully...

Страница 45: ...HAPTER3 45 Installing F Secure Policy Manager Server Step 12 F Secure Policy Manager Server is now installed Restart the computer if you are prompted to do so Click Finish to complete the installation...

Страница 46: ...displayed Step 14 The setup wizard creates the user group FSPM users The user who was logged in and ran the installer is automatically added to this group To allow another user to run F Secure Policy...

Страница 47: ...ll the directories on the path 2 Stop the F Secure Policy Manager Server service 3 Copy the whole directory structure from the old commdir path to the new path 4 Change the value for the CommDir and C...

Страница 48: ...owever define what ports they should listen in if the defaults are not suitable If you want to change the port in which F Secure Policy Manager Server Admin Module listens add a Listen entry in the co...

Страница 49: ...Secure Policy Manager Server Configuration Settings This section introduces and explains all the relevant entries present in the F Secure Policy Manager Server configuration file and how they are used...

Страница 50: ...ines the directory that everyone will be able to access so don t use a path to a directory with sensitive data By default F Secure Policy Manager Server allocates a directory under F Secure Policy Man...

Страница 51: ..._default_ 8080 Location fsmsa fsmsa dll SetHandler fsmsa handler Location VirtualHost Commdir and Commdir2 These directives define the path to the communication directory or repository This is the dir...

Страница 52: ...LINED TOO_SMALL CR 0pct 10 128 131 224 18 Apr 2002 14 06 36 0300 tells you when the request to the server was made and by which host described by its IP address The fxnext component informs you which...

Страница 53: ...s us to define the length a log should be kept 8 days by default and when the files should be rotated e g when the access log is named access log 1 and a new empty access log file is created where the...

Страница 54: ...nication directory concurrently e g F Secure Management Agent RetryFileOperation 10 This setting tells the server how many times it should retry a failed file operation with a 1 second retry interval...

Страница 55: ...Installing F Secure Policy Manager Server 3 The F Secure Uninstall dialog box appears Click Start to begin uninstallation 4 When the uninstallation is complete click Close 5 Click OK to exit Add Remo...

Страница 56: ...56 4 INSTALLING F SECURE POLICY MANAGER CONSOLE Overview 57 Installation Steps 57 Uninstalling F Secure Policy Manager Console 73...

Страница 57: ...on can be used for both Administrator and Read Only connections The following sections explain how to run the F Secure Policy Manager Console setup from the F Secure CD and how to select the initial o...

Страница 58: ...58 Step 2 View the Welcome screen and follow the setup instructions Select the installation language from the drop down menu Click Next to continue...

Страница 59: ...CHAPTER4 59 Installing F Secure Policy Manager Console Step 3 Read the license agreement information If you agree select I accept this agreement Click Next to continue...

Страница 60: ...60 Step 4 Select F Secure Policy Manager Console Click Next to continue...

Страница 61: ...cure Policy Manager Console Step 5 Choose the destination folder Click Next It is recommended to use the default installation directory Use the Browse feature to install F Secure Policy Manager Consol...

Страница 62: ...62 Step 6 Specify F Secure Policy Manager Server address and Administration port number Click Next to continue...

Страница 63: ...CHAPTER4 63 Installing F Secure Policy Manager Console Step 7 Review the changes that setup is about to make Click Next to continue...

Страница 64: ...64 Step 8 Click Finish to close the installer...

Страница 65: ...icy Manager Console F Secure Policy Manager Console When F Secure Policy Manager Console is run for the first time the Console Setup Wizard collects the information needed to create an initial connect...

Страница 66: ...dministrator features Read Only mode allows you to view administrator data but no changes can be made If you select Read only mode you will not be able to administer hosts To change to Administrator m...

Страница 67: ...CHAPTER4 67 Installing F Secure Policy Manager Console Step 11 Enter the address of the F Secure Policy Manager Server that is used for communicating with the managed hosts...

Страница 68: ...private key files will be stored By default key files are stored in the F Secure Policy Manager Console installation directory Program Files F Secure Administrator Click Next to continue If the key pa...

Страница 69: ...window to initialize the random seed used by the management key pair generator Using the path of the mouse movement ensures that the seed number for the key pair generation algorithm has enough rando...

Страница 70: ...70 Step 14 Enter a passphrase which will secure your private management key Re enter your passphrase in the Confirm Passphrase field Click Next...

Страница 71: ...management key pair After the key pair is generated F Secure Policy Manager Console will start Step 16 The setup wizard creates the user group FSPM users The user who was logged in and ran the instal...

Страница 72: ...ovide them with a copy of the Admin pub key file or access to it If you install the F Secure products on the workstations remotely with F Secure Policy Manager a copy of the Admin pub key file is inst...

Страница 73: ...nstalling F Secure Policy Manager Console To uninstall F Secure Policy Manager Console or other F Secure Policy Manager components follow these steps 1 Open the Windows Start menu and go to Control Pa...

Страница 74: ...iew 75 F Secure Policy Manager Console Basics 76 F Secure Client Security Management 80 Managing Domains and Hosts 94 Software Distribution 104 Managing Policies 120 Managing Operations and Tasks 126...

Страница 75: ...tor Group the managed hosts under policy domains sharing common attribute values Manage host and domain hierarchies easily Generate signed policy definitions which include attribute values and restric...

Страница 76: ...s installation is user based and modifications cannot affect other users The user cannot do any of the following in Read only mode Modify the domain structure or the properties of domains and hosts Mo...

Страница 77: ...defined when you installed the program This is not your network administrator password You can start the program in Read Only mode in which case you do not need to enter a passphrase In this case how...

Страница 78: ...hs specify what management key pair to use for this connection If the specified key files do not exist F Secure Policy Manager Console will generate a new key pair Communication Preferences Select the...

Страница 79: ...nment some hosts are naturally disconnected from the server every now and then For example laptop computers may not be able to access the server daily but in most cases this is perfectly acceptable be...

Страница 80: ...face opens This mode is optimized for administering F Secure Client Security Using the Anti Virus mode user interface you can complete most tasks for managing F Secure Client Security or F Secure Anti...

Страница 81: ...Manager Console you need to change to the Advanced mode user interface To do so select View Advanced Mode The Advanced mode user interface opens displaying the following four panes Policy Domain pane...

Страница 82: ...aste operations Export a policy file After selecting a domain or host you can access the above options from the Edit menu The domains referred to in the commands are not Windows NT or DNS domains Poli...

Страница 83: ...ted the Status view displays number of hosts in the domain and which hosts are disconnected from F Secure Policy Manager Alerts Displays a list of alerts originating from hosts in the selected domain...

Страница 84: ...iew and edit installation information The traditional F Secure Policy Manager Console MIB tree contains all the settings operations Policy and local setting statistics Status in a product component sp...

Страница 85: ...rs from the MIB tree in the following categories Communication edit communication settings Alerting edit alert settings Alert Forwarding see Configuring Alert Forwarding on page 128 for more details C...

Страница 86: ...e Go To menu item to display the corresponding MIB tree node in the Properties pane Note that in most cases the MIB tree offers more though less frequently needed setting parameters For example this i...

Страница 87: ...ubdomains and hosts Use this menu entry cautiously all values defined in the subdomain or hosts under the selected domain are discarded and cannot be restored Show Domain Values The Show Domain Values...

Страница 88: ...ome alerts or useful statistics before the disconnection This information may help to investigate why the host was disconnected If the reason is clear for example if the host s F Secure software has b...

Страница 89: ...ger than the allotted threshold days Always check the disconnection threshold value from Preferences before deleting hosts If a still existing host is deleted accidently all host specific alerts repor...

Страница 90: ...sages are logged into both files in the message subdirectory of the local F Secure Policy Manager Console installation directory Logs of the messages are kept both in English and the language you have...

Страница 91: ...rties box of a host or domain Launches the Autodiscover Windows Hosts tool New hosts will be added to the currently selected policy domain Starts push installation to Windows hosts Imports autoregiste...

Страница 92: ...es Exit Exits F Secure Policy Manager Console Edit Cut Cuts selected items Paste Pastes items to selected location Delete Deletes selected items New Policy Domain Adds a new domain New Host Adds a new...

Страница 93: ...erts page in the Properties pane with all alerts showing Advanced Mode Changes to the advanced mode user interface which is the user interface described in this manual Anti Virus Mode Changes to the A...

Страница 94: ...y to that structure If you want to get started quickly you can also import all hosts to the root domain first and create the domain structure later when the need for that arises The hosts can then be...

Страница 95: ...11 An example of a policy domain structure All domains and hosts must have a unique name in this structure Another possibility is to create the different country offices as subdomains Figure 5 12 An...

Страница 96: ...in a parent domain must be selected or click in the toolbar alternatively press ctrl insert The new policy domain will be a subdomain of the selected parent domain Figure 5 14 Policy Domain Properties...

Страница 97: ...hosts from a Windows domain select the target domain and choose Autodiscover Windows hosts from the Edit menu After the autodiscover operation is completed the new host is automatically added to the P...

Страница 98: ...installation see step 6 in Using the Customized Remote Installation JAR Package 116 section It is possible to sort autoregistration messages according to the values of any column by clicking the corre...

Страница 99: ...rt Autoregistered Hosts window You can use the following as import criteria in the rules WINS name DNS name Dynamic DNS name Custom Properties These support asterisk as a wildcard can replace any numb...

Страница 100: ...hidden are remembered only until the Console is closed To add a new custom property do as follows 1 Right click a column heading and select Add New Custom Property The New Custom Property dialog opens...

Страница 101: ...host manually select a policy domain and select New Host from the Edit menu or click the Add Host button alternatively press Insert This operation is useful in the following cases Learning and testin...

Страница 102: ...ate Properties check box in the Identities tab of the Host Properties dialog box You can open the Host Properties dialog box by choosing Properties from the Edit menu or by clicking in the toolbar Hos...

Страница 103: ...that is used to uniquely identify every host in the system In the Platform tab you can add the operating system of the host to the properties Platform name is the name of the operating system The ope...

Страница 104: ...ns and Updates from CD ROM Installation can be performed independently on the host by running the setup directly from the CD ROM After installation F Secure Management Agent sends a registration messa...

Страница 105: ...Console or with remotely triggered operations For more information see Automatic Updates with F Secure Automatic Update Agent 146 Shortcuts to all the installation related features are gathered in the...

Страница 106: ...et hosts from a list of hosts Push Install to Windows Hosts allows you to define the target hosts directly with IP addresses or host names After the target hosts are selected both push installation op...

Страница 107: ...this selection all details about the hosts are shown such as the versions of the operating system and F Secure Management Agent Resolve host names and comments only quicker If all hosts are not shown...

Страница 108: ...ll to continue 5 After you have selected your target hosts continue to Push Installation After Target Host Selection 109 for instructions on push installing the applications to hosts Push Install to W...

Страница 109: ...ost Selection To push install the installation package s after you have selected the target hosts 1 Select the installation package and click Next to continue 2 Select the products to install You can...

Страница 110: ...on requires administrator rights for the target machine during the installation If the account you entered does not have administrator rights on one of the remote hosts an Access denied error message...

Страница 111: ...the account otherwise the account is accepted only by the host in question 5 Review the installation summary To start the Remote Installation Wizard click Start The Remote Installation Wizard will gui...

Страница 112: ...ation task to the base policy files thus policy distribution is required to start installations Both base policy files and the installation package are signed by the management key pair so that only g...

Страница 113: ...the Installation Editor the administrator selects the products to be installed on the currently selected host or policy domain Figure 5 19 Installation Editor The Installation Editor contains the foll...

Страница 114: ...ent for hosts and for domains In progress The installation operation has been started added to policy data but the host has not yet reported the operation s success or failure Failed The installation...

Страница 115: ...s completed If the hosts are connected to the network and they send and receive policy files correctly then there could be a real problem The host may not be correctly acknowledging the installation o...

Страница 116: ...nt version This option should only be used for troubleshooting Most of the time there is no reason to reinstall a product 5 4 3 Local Installation and Updates with Pre Configured Packages You can expo...

Страница 117: ...d installation package Click Export 4 Specify the file location where you want to save the customized installation JAR package Click Save 5 Select the products you want to install Click Next to contin...

Страница 118: ...operties to the autoregistration message it sends to the F Secure Policy Manager after local installation These customer specific properties will appear together with the standard host identification...

Страница 119: ...name of the JAR package being installed When the installation runs the user will see a dialog displaying the installation progress If a restart is required after the installation the user is prompted...

Страница 120: ...o sources The installation CD ROM or The F Secure website Normally new remote installation packages are installed from the CD ROM and F Secure Policy Manager setup moves the packages automatically to...

Страница 121: ...its measured in 1 100s of a second Octet String binary data this type is also used in UNICODE text strings OID object identifier Opaque binary data that can represent additional data types A policy va...

Страница 122: ...IXED SIZE restriction can be applied to tables With this restriction the end user cannot add or delete rows from fixed size tables Because the Final restriction cannot be used for empty tables the FIX...

Страница 123: ...cy files are copied to the Communication directory where the F Secure software on the hosts will check for it periodically 5 5 5 Policy Inheritance In F Secure Policy Manager Console each policy domai...

Страница 124: ...ains while other products could inherit their policies from subdomains or even get host specific policies If policy changes are implemented at multiple levels of the policy domain hierarchy tracking c...

Страница 125: ...le inheritance F Secure Internet Shield Rules table F Secure Internet Shield Services table F Secure Internet Shield Security Levels table Please refer to the corresponding product manuals for more in...

Страница 126: ...stributed the new policy and the host has fetched the policy file You may click Cancel at any time to undo the operation 5 7 Alerting This section describes how to view alerts and reports and how to c...

Страница 127: ...nowledge an alert If all the alerts are acknowledged the Ack button will be dimmed Severity The problem s severity Each severity level has its own icon Info Normal operating information from a host Wa...

Страница 128: ...ble which is located under F Secure Management Agent Settings Alerting Alert Forwarding Figure 5 22 F Secure Management Agent Settings Alert Forwarding The same table can also be found in the F Secure...

Страница 129: ...o many alerts You can further configure the alert target by setting the policy variables under target specific branches For example Settings Alerting F Secure Policy Manager Console Retry Send Interva...

Страница 130: ...t the domains and or hosts you are interested in from the reporting point of view The domain selected in the Policy Domain pane is selected by default in the Reporting tool By selecting the Recursive...

Страница 131: ...heck box if inheritance information is to be included in the report Inheritance Report Type Export view reports containing values of all policy variables of the selected products from the selected dom...

Страница 132: ...which information is included to the report to be made Alert report type dependent configurations allows you to sort alerts by all the alert description fields and select by severity which severity a...

Страница 133: ...in the bottom pane to generate a report of the selected report type with selected configurations The report is then viewed in HTML format with the default web browser If default web browser has not be...

Страница 134: ...d Hosts list in the Domain status view The domain tree notification icons can be switched off from Appearance Policy Domain Options Note that it s possible to an interval define shorter than one day b...

Страница 135: ...the automatic status polling To do this open the Tools menu and select Preferences Select the Communications tab and click Polling Period options Check the Disable all polling checkbox Policy Files P...

Страница 136: ...Installation Installation Timeout The maximum time F Secure Policy Manager Console waits for the results of an installation operation Browsing Timeout Important only if the Hide Already Managed Hosts...

Страница 137: ...eel Defines the appearance and behavior of the user interface components The change will take place after program restart Policy Files Products Allows you to deactivate MIBs for products which you do...

Страница 138: ...corresponding tab and a message per line including severity and creation time Save Messages Toggle message saving on and off It is highly recommended that you keep logging on as the log information ca...

Страница 139: ...139 6 MAINTAINING F SECURE POLICY MANAGER SERVER Overview 140 Backing Up Restoring F Secure Policy Manager Console Data 140 Replicating Software Using Image Files 143...

Страница 140: ...licy domain structure and all saved policy data It is also possible to back up the entire repository By doing so you will be able to restore not only the policy domain structure but also the alerts ho...

Страница 141: ...ctory of Policy Manager Server s repository Commdir Full Backup 1 Close all F Secure Policy Manager Console management sessions 2 Stop F Secure Policy Manager Server service 3 Back up the Communicatio...

Страница 142: ...ion such as keys and preferences Full Backup restore it as follows 1 Close all F Secure Policy Manager Console management sessions and stop F Secure Policy Manager Server service 2 Delete the communic...

Страница 143: ...mputers This situation will prevent F Secure Policy Manager from functioning properly Please follow these steps to make sure that each computer uses a personalized Unique ID even if disk imaging softw...

Страница 144: ...allation A new Unique ID is created automatically when the system is restarted This will happen individually on each machine where the image file is installed These machines will send autoregistration...

Страница 145: ...NITION DATABASES Automatic Updates with F Secure Automatic Update Agent 146 Using the Automatic Update Agent 148 Forcing the Update Agent to Check for New Updates Immediately 153 Updating the Database...

Страница 146: ...o hours after they have been published by F Secure Any possible delays will depend on when a connection to the Internet is available F Secure Automatic Update Agent is used to update either centrally...

Страница 147: ...turn e If the client is configured to use HTTP Proxy it tries to download the updates through the HTTP Proxy from F Secure Update Server f After that the client tries to download the updates directly...

Страница 148: ...by viewing the log file For more information see How to Read the Log File 149 7 2 1 Configuration Step 1 To configure F Secure Automatic Update Agent open the fsaua cfg configuration file located in...

Страница 149: ...this enter the following commands on command line net stop fsaua net start fsaua 7 2 2 How to Read the Log File The fsaua log file is used to store messages generated by F Secure Automatic Update Agen...

Страница 150: ...e and version are shown 3988 Thu Oct 26 12 40 39 2006 3 Downloaded F Secure Anti Virus Update 2006 10 26_04 DFUpdates version 1161851933 from fsbwserver f secure com 12445450 bytes download size 38535...

Страница 151: ...successful and some files were downloaded For a list of update types that you can find in the log see What Updates are Logged in fsaua log 152 Installation of F Secure Anti Virus Update 2006 10 26_04...

Страница 152: ...adb F Secure Anti Virus Orion Update 2006 10 02_07 oriondb F Secure Anti Virus Misc Update 2006 10 09_03 avmisc F Secure Housekeeper Update 2006 10 09_03 hke freebsd F Secure Housekeeper Update 2006 1...

Страница 153: ...Policy Manager Console 7 3 Forcing the Update Agent to Check for New Updates Immediately If you need to force F Secure Automatic Update Agent to check for new updates immediately you need to stop and...

Страница 154: ...tication failed Reason The password entered for HTTP proxy is incorrect Solution Check and correct the HTTP proxy password in the http_proxies directive in the fsaua cfg file For more information see...

Страница 155: ...155 8 F SECURE POLICY MANAGER ON LINUX Overview 156 Installation 157 Configuration 161 Uninstallation 161 Frequently Asked Questions 163...

Страница 156: ...tions F Secure Policy Manager supports many of the Linux distributions based on the Debian package management DEB system and on the Redhat Package Management RPM system The commands for these two syst...

Страница 157: ...be installed on the same or a separate computer 8 2 1 Installing F Secure Automatic Update Agent 1 Log in as root 2 Open a terminal 3 To install type 4 To configure type opt f secure fsaua bin fsaua...

Страница 158: ...install type 4 To configure type opt f secure fspms bin fspms config and answer the questions Push ENTER to choose the default setting shown in square brackets for each of these questions F Secure Pol...

Страница 159: ...to the fspmc group usr sbin usermod G fspmc groups the user belongs to now as comma separated list user id For example if Tom belongs to the groups normal_users and administrators the command is usr s...

Страница 160: ...t 2 Open a terminal 3 To install type 4 To configure type opt f secure fspmwr bin fspmwr config and answer the questions Push ENTER to choose the default setting shown in square brackets for each of t...

Страница 161: ...re Automatic Update Agent 8 4 1 Uninstalling F Secure Policy Manager Web Reporting 1 Log in as root 2 Open a terminal 3 Type F Secure Policy Manager Component Configuration Command F Secure Policy Man...

Страница 162: ...iles and configuration files are not removed as these are irreplaceable and contain valuable information To remove these type rm rf opt f secure fspmc Debian Based Distributions RPM Based Distribution...

Страница 163: ...Administrator error log Q Why doesn t F Secure Policy Manager Server start A Runtime errors warnings and other information are logged to opt f secure fspms logs error_log opt f secure fsaus log fsaus...

Страница 164: ...c Update Agent by typing sudo u fspms opt f secure fspms bin fsavupd debug Q Where are the F Secure Policy Manager Console files located in the Linux version A To list all files and their places type...

Страница 165: ...iguration file A To restart F Secure Policy Manager Server a Log in as root b Type etc init d fspms restart Q How can I get information about how F Secure Policy Manager Server is running A Type etc i...

Страница 166: ...e Agent so that the changes take effect etc init d fsaua restart Q How can I use an HTTP proxy with F Secure Automatic Update Agent A HTTP proxies are set through the file opt f secure fsaua etc fsaua...

Страница 167: ...ER8 167 F Secure Policy Manager on Linux Q How can I restart F Secure Automatic Update Agent after changing the configuration file A To restart F Secure Automatic Update Agent type etc init d fsaua re...

Страница 168: ...WEB REPORTING Overview 169 Introduction 169 Web Reporting Client System Requirements 170 Generating and Viewing Reports 170 Maintaining Web Reporting 174 Web Reporting Error Messages and Troubleshooti...

Страница 169: ...based on historical trend data using a web based interface You can produce a wide range of useful reports and queries from F Secure Client Security alerts and status information sent by the F Secure M...

Страница 170: ...mmary Internet Shield Summary Alerts Installed Software and Host Properties in the Web Reporting user interface The starting of F Secure Policy Manager Web Reporting can take a lot of time in big envi...

Страница 171: ...iew it Automatically Select this if you want Internet Explorer to check for a new version of the page automatically Cookies It is also a good idea to enable cookies in your browser as this makes for e...

Страница 172: ...ort category Root is selected by default in the Policy Domains pane 3 To view a new report first select the domain subdomain or host for which you want to generate the report 4 Then select a report ca...

Страница 173: ...eneration You can also generate a specific URL that can be used for automated report generation This means that you do not have to select the report category report type or policy domain which you wan...

Страница 174: ...artup type to Manual Skip this step if you want to stop the Web Reporting only temporarily 5 Click OK 9 5 2 Enabling Web Reporting You can enable F Secure Policy Manager Web Reporting by using the Ser...

Страница 175: ...ere and access from a number of hosts defined by their IP addresses Allow Access from Everywhere default By default F Secure Policy Manager Web Reporting can be accessed from any computer that can acc...

Страница 176: ...the Policy Manager Server Location Order Deny Allow Deny from all Allow from ip address 1 Allow from ip address 2 Allow from ip address 3 Location VirtualHost After this only those people who have acc...

Страница 177: ...rting service 2 Copy the file C Program Files F Secure Management Server 5 Web Reporting firebird data fspmwr fdb to the backup media You can also use some compression utility to compress the file Usi...

Страница 178: ...e this time to be longer If you want to keep the trend data for a shorter time you can also configure this time to be shorter 1 Stop the F Secure Policy Manager Web Reporting service 2 Change the maxi...

Страница 179: ...hat machine or F Secure Policy Manager Server service is not running Check all of these in this order A firewall may also prevent the connection Error message F Secure Policy Manager Web Reporting cou...

Страница 180: ...arting the Web Reporting service If Web Reporting cannot contact the database you should restart the Web Reporting service If this does not help you may wish to reinstall Web Reporting keeping the exi...

Страница 181: ...the database is really broken you can also copy an empty database file on top of the broken one This is done as follows 1 Stop the F Secure Policy Manager Web Reporting service 2 Copy fspmwr fdb empty...

Страница 182: ...182 10 F SECURE POLICY MANAGER PROXY Overview 183...

Страница 183: ...a database distribution point There should be one F Secure Policy Manager Proxy in every network that is behind slow network lines F Secure Policy Manager Proxy retrieves virus definition database upd...

Страница 184: ...184 11 TROUBLESHOOTING Overview 185 F Secure Policy Manager Server and Console 185 F Secure Policy Manager Web Reporting 190 Policy Distribution 191...

Страница 185: ...olicy Manager Server start A Runtime errors warnings and other information can be found in the file F Secure Management Server 5 logs error log If the Application Log in Event Viewer Administrative to...

Страница 186: ...nt Server 5 directory are automatically set correctly If the directory is copied by hand or for example restored from backup the access rights might be deleted In this case execute the steps described...

Страница 187: ...settings option selected This will recreate the F Secure Policy Manager Server account and reset all file access rights to the correct ones Q Why does F Secure Policy Manager Server use its own accou...

Страница 188: ...vent the F Secure Policy Manager Server service from starting For more information on these please consult the Microsoft Windows Server documentation Q Why am I unable to connect to F Secure Policy Ma...

Страница 189: ...e under such a heavy network load that it does not have any free network connections available F Secure Policy Manager Console and all hosts are competing for the same network resources With the defau...

Страница 190: ...iguration files are in F Secure Management Server 5 Web Reporting fspmwr conf F Secure Management Server 5 Web Reporting jetty etc fspmwr xml F Secure Management Server 5 Web Reporting firebird aliase...

Страница 191: ...s not among the choices on a sub domain or host too high or low values are specified as range restriction boundaries or an empty choice list is specified When a domain includes hosts that have differe...

Страница 192: ...omains for exceptions This is a good solution if you have only a few hosts with the older software versions installed Reason 2 You entered an integer value that is outside of the range restrictions Er...

Страница 193: ...193 A SNMP Support Overview 194 Installing F Secure Management Agent with SNMP Support 195 Configuring The SNMP Master Agent 196 Management Information Base 197...

Страница 194: ...with TCP IP or IPX SPX since the SNMP service uses Windows Sockets for network communication The master agent is an extensible SNMP agent which allows it to service additional MIBs The NT SNMP agent i...

Страница 195: ...es A 2 Installing F Secure Management Agent with SNMP Support A 2 1 F Secure SNMP Management Extension Installation SNMP support for F Secure Management Agent is installed by installing Management Ext...

Страница 196: ...equest for information that does not contain the correct community name and does not match an accepted host name for the Service the SNMP Service can send a trap to the trap destination indicating tha...

Страница 197: ...OIDs are organized in a tree like structure and the sequence of numbers identifies the various branches of the subtree that a given object comes from The root of the tree is the ISO International Stan...

Страница 198: ...198 B Ilaunchr Error Codes Overview 199 Error Codes 200...

Страница 199: ...em Here is one example which you can insert into your login script Start Wait ILaunchr exe server share mysuite jar U if errorlevel 100 Go to Some_Setup_Error_occurred if errorlevel 5 Go to Some_Ilaun...

Страница 200: ...fficient free space for installation 8 File package ini was not found in JAR file 9 File package ini did not contain any work instructions 10 Wrong parameters in command line or ini file 11 Error in i...

Страница 201: ...nstallation aborted 110 Out of disk space 111 The destination drive is not local 120 The user has no administrative rights to the machine 130 Setup was unable to copy non packed files to the target di...

Страница 202: ...n returned error 171 Plug in returned an unexpected code 172 Plug in returned a wrapper code 173 One of the previous install uninstall operations was not completed Reboot is required to complete it 17...

Страница 203: ...203 C FSII Remote Installation Error Codes Overview 204 Windows Error Codes 204 Error Messages 205...

Страница 204: ...or privileges With Domain Trusts make sure you have logged on to the F Secure Policy Manager Console using the account from the trusted domain 1069 Logon Failure In most cases the entered password is...

Страница 205: ...p cancels the whole installation in the following situations 1 When it detects conflicting third party software 2 There are various other possibly reasons including the wrong URL to Policy Manager Ser...

Страница 206: ...llation cannot be completed without first uninstalling it Q Invalid data is encountered in prodsett ini A The prodsett ini configuration file has invalid information If you have edited it manually mak...

Страница 207: ...207 D NSC Notation for Netmasks Overview 208...

Страница 208: ...re not contiguous The following table gives the number of bits for each permitted netmask The 0 0 0 0 is a special network definition reserved for the default route Network Address Netmask NSC Notatio...

Страница 209: ...0 17 255 255 255 128 25 255 255 192 0 18 255 255 255 192 26 255 255 224 0 19 255 255 255 224 27 255 255 240 0 20 255 255 255 240 28 255 255 248 0 21 255 255 255 248 29 255 255 252 0 22 255 255 255 25...

Страница 210: ...210 TECHNICAL SUPPORT Overview 211 Web Club 211 Advanced Technical Support 211 F Secure Technical Product Training 212...

Страница 211: ...ser and your location To connect to the Web Club directly from your Web browser go to http www f secure com webclub Virus Descriptions on the Web F Secure Corporation maintains a comprehensive collect...

Страница 212: ...effort F Secure Technical Product Training F Secure provides technical product training material and information for our distributors resellers and customers to succeed with F Secure security products...

Страница 213: ...parts At the end of each course there is a certification exam Contact your local F Secure office or F Secure Certified Training Partner to get information about the courses and schedules Contact Info...

Страница 214: ...214 GLOSSARY...

Страница 215: ...epresent a single character There are 8 bits in a byte Certificate See Public Key Client A program that is used to contact and obtain data from a Server program on another computer Corrupted Data that...

Страница 216: ...s consisting of 4 numeric strings separated by dots This will change in IPv6 IPSec IETF The IP Security Protocol is designed to provide interoperable high quality cryptography based security for IPv4...

Страница 217: ...building Sometimes using a simple network protocol Login noun The account name used to gain access to a computer system Mbit Megabit MD5 Message Digest number 5 a secure hash function published in RFC...

Страница 218: ...y more than one party Public Key The part of the key in a public key system which is widely distributed and not kept secure This key is used for encryption not decryption or for verifying signatures A...

Страница 219: ...are Text file Any file whose contents are intended by the file s creator to be interpreted as a sequence of one or more lines containing ASCII or Latin printable characters URL Uniform Resource Locato...

Страница 220: ...all with intrusion prevention antispam and antispyware solutions Founded in 1988 F Secure has been listed on the Helsinki Exchanges since 1999 and has been consistently growing faster than all its pub...

Страница 221: ......

Результаты поиска

Содержание POLICY MANAGER 8.0

Отзывы:

Похожие инструкции для POLICY MANAGER 8.0

Бренды по названию

Популярные бренды

F-SECURE POLICY MANAGER 8.0, Руководство администратора

Результаты поиска

Содержание POLICY MANAGER 8.0

Отзывы:

Похожие инструкции для POLICY MANAGER 8.0

Бренды по названию

Популярные бренды