background image

Understanding Trend Micro™ Network VirusWall™ Enforcer 2500

1

-

19

What happens:

1.

Network VirusWall Enforcer (NVWE) receives traffic with Endpoint 2’s IP and 
MAC addresses. The path of the traffic is: Endpoint 2 -> L2 Switch -> NVWE.

2.

Network VirusWall Enforcer (NVWE) sends the blocking page and deploys 
Policy Enforcement Agent to Endpoint 2. The path of the traffic is: NVWE -> L3 
Switch -> NVWE -> L2 Switch -> Endpoint 2.

3.

After performing an assessment, Policy Enforcement Agent sends the results to 
Network VirusWall Enforcer. The path of the traffic is: Endpoint 2 -> L2 Switch 
-> NVWE -> L3 Switch -> NVWE.

Network VirusWall Enforcer receives Endpoint 2’s IP address and L3 Switch’s 
MAC addresses because L3 Switch forwards the results.

4.

Network VirusWall Enforcer adds a new record with Endpoint 2’s IP address and 
L3 Switch’s MAC addresses after receiving the results. 

5.

Endpoint 2 tries to refresh the page to continue, but remains in the assessment 
stage because the wrong data (Endpoint 2’s IP address and the L3 Switches MAC 
addresses) was stored. 

F

IGURE

 1-5.   

An Example of When a Bridge IP Address is Necessary

Содержание VirusWall 2500

Страница 1: ...Network VirusWallTM Enforcer 2500 Administrator s Guide...

Страница 2: ...the Trend Micro t ball logo OfficeScan PC cillin ServerProtect TrendLabs VirusWall Trend Micro Control Manager Trend Micro Damage Cleanup Services Trend Micro Outbreak Prevention Services and Trend M...

Страница 3: ...prior to installing or using the software Detailed information about how to use specific features within the software are available in the online help file and the online Knowledge Base at Trend Micr...

Страница 4: ...l Enforcer 2500 1 2 Functions and Capabilities 1 2 Network VirusWall Enforcer 2500 Architecture 1 5 Components 1 5 Device s 1 5 Management 1 5 Antivirus Technology 1 10 Understanding Security Risks 1...

Страница 5: ...igh Availability 1 28 Redundant Ports and Devices 1 28 Failover 1 29 Failopen 1 30 Policy Prioritization and Creation 1 33 Sample Policy Creation 1 37 Policy Scenario 1 Authenticated users need to hav...

Страница 6: ...ngs 2 18 Configuring Access Control 2 18 Configuring Administrative Accounts 2 19 Using Backup Configuration 2 19 Performing Device Tasks 2 21 Replacing the HTTPS Certificate 2 24 Configuring IP Addre...

Страница 7: ...m File and Boot Loader 5 4 Uploading with the Network VirusWall Enforcer 2500 Appliance Firmware Flash Utility 5 5 Flashing the BIOS and BMC 5 7 Before Running the Appliance Firmware Flash Utility 5 7...

Страница 8: ...ol Manager B 9 Managing Network VirusWall Enforcer 2500 From Control Manager B 11 Understanding Product Directory B 11 Accessing a Network VirusWall Enforcer 2500 Device s Default Folder B 13 Access P...

Страница 9: ...Temp B 26 Removing Network VirusWall Enforcer 2500 Devices From Temp B 28 Download and Deploy New Components From Control Manager B 29 Understanding Update Manager B 29 Understanding Manual Downloads...

Страница 10: ...x C Supported Antivirus Products Supported Products for Endpoints with Windows 98 or ME Operating Systems C 2 Supported Products for Endpoints with Windows XP 2000 or 2003 Operating Systems C 4 Append...

Страница 11: ...and monitor the product The Network VirusWall Enforcer 2500 package includes the Trend Micro Solutions CD for Network VirusWall Enforcer 2500 If you are planning large scale deployment of Network Vir...

Страница 12: ...Network VirusWall Enforcer 2500 or downloadable from the Trend Micro Web site The GSG contains instructions on how to deploy Network VirusWall Enforcer 2500 a task that includes planning testing and p...

Страница 13: ...e management tools see Configuring Policy Enforcement and Device Settings on page 2 1 Procedures to update Network VirusWall Enforcer 2500 components see Updating Components on page 3 1 Instructions t...

Страница 14: ...usWall Enforcer 2500 documentation uses the following conventions CONVENTION DESCRIPTION ALL CAPITALS Acronyms abbreviations and names of certain com mands and keys on the keyboard Bold Menus and menu...

Страница 15: ...an overview of its technology capabilities and hardware connections The topics discussed in this chapter include Trend Micro Network VirusWall Enforcer 2500 on page 1 2 Functions and Capabilities on...

Страница 16: ...aks By deploying Network VirusWall Enforcer 2500 in network LAN segments organizations can significantly reduce their security risk network downtime and outbreak management burden Network VirusWall En...

Страница 17: ...io the percentage of endpoints with antivirus software in relation to the total number of detected endpoints Click Export to save the information to a file Component Status Use this information to det...

Страница 18: ...Update Your Protection Virus writers write and release new viruses through different media every day especially the Internet To help ensure your protection against the latest threats is current period...

Страница 19: ...ts or provide threat information Network VirusWall Enforcer 2500 helps organizations take precise outbreak security actions and proactively detect prevent or contain and eliminate outbreaks By deployi...

Страница 20: ...cer 2500 or using SSH There are certain settings you cannot alter if you login using SSH The settings you cannot alter using SSH include disabling SSH connection from the Access Control menu and setti...

Страница 21: ...zation This enables you to react quickly to network virus emergencies from nearly anywhere using the Web console FIGURE 1 2 Network VirusWall Enforcer 2500 Web console After preconfiguration the Web c...

Страница 22: ...Control Panel make up the LCD module The LCM console allows you to perform the following basic configuration Configure device settings Device settings such as the Network VirusWall Enforcer 2500 IP a...

Страница 23: ...re Interface Groups Configure IP Address Settings Configure Policy Exceptions Configure Proxy Settings Create and manage Policies Manage Access Control Manage Administrative Accounts Monitor device ev...

Страница 24: ...n however is effective only after servers or endpoints detect a virus in other words when a virus is already on your network Equipped with the Trend Micro network scan engine and network virus pattern...

Страница 25: ...en included in a document Trojan horses executable programs that do not replicate but instead reside on systems to perform malicious acts such as open ports for hackers to enter VBScript JavaScript or...

Страница 26: ...iated with at least ten Internet threats regardless of how destructive the associated Internet threats are Systems and networks not patched against these vulnerabilities will likely become infected du...

Страница 27: ...hat is the Internet other LAN segments and so on Tip Trend Micro recommends deploying a Network VirusWall Enforcer 2500 device between switches or routers Although the exact location of the device dep...

Страница 28: ...licy Enforcement Network VirusWall Enforcer 2500 is capable of identifying a packet source and then determining if it complies with the current antivirus and vulnerability elimination policies The dev...

Страница 29: ...wing scan endpoints to ensure the installation of antivirus software scan network packets to prevent security threats from entering the network ensure vulnerabilities are updated before allowing acces...

Страница 30: ...filters out the selected network type packets Viewing Logs to Assess Policy Enforcement Logs provide information to help you monitor Policy Enforcement on your network Configure log settings from the...

Страница 31: ...obal Endpoint Exceptions from the Web console Quarantined Endpoints You can configure the device to quarantine endpoints that violate the Network Virus Policy Quarantined endpoints are endpoints ident...

Страница 32: ...to the device from endpoints This list supports up to 64 entries An Example of When a Bridge IP Address is Necessary In an environment where the Network VirusWall Enforcer 2500 Management IP address...

Страница 33: ...nforcement Agent sends the results to Network VirusWall Enforcer The path of the traffic is Endpoint 2 L2 Switch NVWE L3 Switch NVWE Network VirusWall Enforcer receives Endpoint 2 s IP address and L3...

Страница 34: ...s the state of Endpoint 2 successfully Static Routes Configure static routes to allow packets to pass through the device to different segments in your network This list supports up to 50 entries An Ex...

Страница 35: ...elong to different network segments So we add a Bridge IP address bound to VLAN 3 that is in the same network segment as Endpoint 2 and Router 1 s interface 2 This allows Network VirusWall Enforcer to...

Страница 36: ...erformance and status Each managed device has a software module known as an agent which communicates with the NMS Security Managed devices can protect their MIBs by granting only specific network mana...

Страница 37: ...TED COMMUNITY NAMES Community names with the following characteristics Default name public Access privileges READ ONLY the get command Maximum number of community names 5 Maximum length of community n...

Страница 38: ...additional traps Cold start Enable SNMP Link down Remove connection from LAN port or fiber port Link up Connection to LAN port or fiber port established Authentication failure Login to the Web console...

Страница 39: ...reduce network congestion by managing the flow of traffic between endpoints that communicate often even if they are not on the same network segment Tagged and Non tagged Frames When a local switch on...

Страница 40: ...es untagged packets the device compares the destination MAC address from the packets to the Non VLAN traffic and specific VLAN traffic MAC address tables Once Network VirusWall Enforcer 2500 determine...

Страница 41: ...rts with user defined port groups Redundant devices with user defined port groups Fault tolerance solutions Nine User definable LAN Ports Network VirusWall Enforcer 2500 offers high performance gigabi...

Страница 42: ...ion Network VirusWall Enforcer 2500 provides two ports to connect to the up link and downlink switches in dual paths Applying a port redundant solution requires the completion of the following tasks 1...

Страница 43: ...lover Considerations for details Failover The failover solution involves two identical Network VirusWall Enforcer 2500 devices PRIMARY and SECONDARY It is an operation that automatically sends packets...

Страница 44: ...sables failopen LAN bypass in a failover environment Do not automatically update the program file for the devices in a failover pair Doing so alters the identical settings for the failover devices whi...

Страница 45: ...other devices must not exceed 100 meters 328 feet for copper port connections Note This constraint only applies to failopen deployments The network cable connecting port 1 should not exceed 50 m Also...

Страница 46: ...ected Disconnected 18 BIOS Power On Self Test POST Connected Connected 35 Loading Grand Unified Bootloader GRUB Connected Disconnected Rescue Mode Connected Disconnected Validating the boot partition...

Страница 47: ...all Enforcer 2500 applies For example consider the following three policies in the table In Table 1 5 prioritizing policies with broad settings lower in the list prevents situations where all endpoint...

Страница 48: ...etect the endpoint You can use a switch s mirror function with the Network VirusWall Enforcer 2500 SNIFFER port feature to scan all packets on the network and monitor activity without disrupting your...

Страница 49: ...operating systems the device will not assess endpoints with firewall software or devices such as routers If you select user authentication you must configure LDAP settings If you select Instant messa...

Страница 50: ...le name with zero bytes If CIFS connections exist at the time of policy creation the action may not function correctly Inform endpoints of policy requirements prior to blocking them from accessing the...

Страница 51: ...Before you create policies consider the services you want to apply to an endpoint and the type of endpoints to assess For example endpoints in Group A need to have antivirus software the corresponding...

Страница 52: ...38 FIGURE 1 7 Sample Policy 1 Authenticated users Step 2 In Step 2 Select Enable user authentication and Apply policy to authenticated users to apply this policy to authenticated users Specify the In...

Страница 53: ...ntivirus Program Scan and all of the antivirus applications in the list Select to Block non compliant endpoints to block endpoints that do not have any of these applications installed Select Log polic...

Страница 54: ...Guide 1 40 FIGURE 1 9 Sample Policy 1 Authenticated users Step 4 In Step 4 Select Enable Network Virus Scan Select Log policy violation and Notify endpoints about policy violations to record and send...

Страница 55: ...cond policy specify the required registry key if guest users try to access endpoints belonging to the network FIGURE 1 10 Sample Policy 2 Guest users Step 2 In Step 2 Select Enable user authentication...

Страница 56: ...Select Registry Key Scan and add the registry key as required Select to Block non compliant endpoints to block endpoints that do not have any of these applications installed Select Log policy violati...

Страница 57: ...2500 1 43 FIGURE 1 12 Sample Policy 2 Guest users Step 4 In Step 4 Select Enable Network Virus Scan Select Log policy violation and Notify endpoints about policy violations to record and send a block...

Страница 58: ...t has a lower priority than this policy never applies to endpoints FIGURE 1 13 Example of incorrect prioritization resulting in a policy that never applies to endpoints The second policy in this examp...

Страница 59: ...This example requires a policy that ensures that endpoints with Windows XP operating systems have Service Pack 2 installed To create a policy that ensures that endpoints with Windows XP operating syst...

Страница 60: ...e 1 46 2 For this policy configure a network zone that includes all IP addresses of endpoints with Windows XP operating systems You can click Add from Step 2 of the Add Policy screens to configure a n...

Страница 61: ...Trend Micro Network VirusWall Enforcer 2500 1 47 3 Specify the Windows XP network zone as the Source and the Destination as any to apply this policy to the Windows XP endpoints FIGURE 1 16 Policy Scen...

Страница 62: ...Trend Micro Network VirusWall Enforcer 2500 Administrator s Guide 1 48 4 Select the Registry Key Scan service FIGURE 1 17 Policy Scenario 2 Step 3...

Страница 63: ...Enforcer 2500 1 49 5 Add the registry value for Service Pack 2 as a required registry key FIGURE 1 18 Policy Scenario 2 Add the required registry key 6 Confirm that the required registry key displays...

Страница 64: ...l Enforcer 2500 Protects the public server farm The Network Virus Policy feature scans all traffic and Policy Enforcement applies to remote endpoints Apply a remedy to endpoints that violate the polic...

Страница 65: ...Understanding Trend Micro Network VirusWall Enforcer 2500 1 51 FIGURE 1 19 Standard Network Mode Scenario...

Страница 66: ...cy Enforcement applies to remote hosts Apply a remedy to endpoints that violate the policy Is located between the core switch and WAN module The Network Virus Policy feature scans all traffic and pair...

Страница 67: ...cer in either of the following Between the border routers and core routers The Network Virus Scan feature scans all traffic Enable asymmetric routing support BGP and enable high availability features...

Страница 68: ...reate different policies based on area and type of access For this example we want to do the following Configure policies to protect the public server farm Configure policies to scan packets going bet...

Страница 69: ...Agent deployment method ActiveX Compliant endpoint reassessment 1 day Non compliant endpoint reassessment 15 minutes Authenticati on and Network Zones Settings Authentication Default settings check b...

Страница 70: ...reassessment 1 day Non compliant endpoint reassessment 15 minutes Authenticati on and Network Zones Settings Authentication Default settings check boxes are clear Endpoint Network Zones Any Network Zo...

Страница 71: ...lways be last to address all other cases Agent type Agentless Agent deployment method ActiveX Compliant endpoint reassessment 1 day Non compliant endpoint reassessment 15 minutes Authenticati on and N...

Страница 72: ...o not introduce security threats into the network Settings Details Endpoint Settings Policy name Guest Policy comment This policy should be above authenticated users if using agentless detection Agent...

Страница 73: ...Critical vulnerabilities and Important vulnerabilities Log policy violations and notify endpoints about policy violations Network Virus Policy Settings Network Virus Scan Action Quarantine endpoint R...

Страница 74: ...e Agent type Persistent Agent Agent deployment method Remote login ActiveX Compliant endpoint reassessment 1 day Non compliant endpoint reassessment 15 minutes Authenticati on and Network Zones Settin...

Страница 75: ...bilities and Important vulnerabilities Registry Key Scan Action Block non compliant endpoints Remedy None Details Windows Firewall Prohibited Log policy violations and notify endpoints about policy vi...

Страница 76: ...Destination Network Zones Any Network Zone TCP Protocol Ports All Ports UDP Protocol Ports All Ports Daily Schedule Everyday Hourly Schedule All Day Enforcement Policy Settings Antivirus Program Scan...

Страница 77: ...cy does not use the authentication feature whereas the lower priority policy does no hosts will match the second policy Network Virus Policy Settings Network Virus Scan Action Quarantine endpoint Reme...

Страница 78: ...and device tasks Network VirusWall Enforcer 2500 provides three management tools that let you easily configure its settings See Table 1 1 to understand the configuration options allowable from the av...

Страница 79: ...Refer to the Getting Started Guide for details on how to preconfigure and test a successful Network VirusWall Enforcer 2500 deployment Configuring Policy Enforcement Settings This section includes the...

Страница 80: ...ettings Step 3 Configure the Enforcement Policy Step 4 Configure the Network Virus Policy Step 5 Configure the Network Application Policy Step 6 Configure Policy URL Exceptions Note See Policy Enforce...

Страница 81: ...u can use this account and password for remote deployment to endpoints belonging to that domain b ActiveX Policy Enforcement Agent PEAgent installation requires confirmation from the endpoint 8 Select...

Страница 82: ...settings if you select Enable user authentication See Configuring LDAP Settings on page 2 25 for more information If you create one policy for authenticated users create a policy that applies to user...

Страница 83: ...ation ii Block non compliant endpoints you can select a Remedy from None Deploy Real time Scan to scan the endpoint computer or Redirect to URL to a URL where the endpoint may rectify the violation If...

Страница 84: ...sessment time interval a Select the System Threat Scan check box b Specify the Endpoint Action by selecting one of the following i Monitor allow traffic to continue to destination ii Block non complia...

Страница 85: ...ou want endpoints to have on their computers Prohibited registry keys are those that you do not want endpoints to have on their computers e Type the Registry Key f Select Value name to check the value...

Страница 86: ...Log policy violations to record log entries in the Endpoint History log 3 Click Next Step 5 Specify Network Application Policy Specify the service by selecting the check box next to the scan to perfor...

Страница 87: ...le transfer detection Use this feature to assess file transfer activity Ensure that combinations such as specifying for Files to assess and selecting HTTP file transfer are not specified This type of...

Страница 88: ...nt one or more unknown characters follow these guidelines lock matches block clock glock plock and flock but not lock Trend Micro matches Trend Micro Trend Micro Trend_Micro but not TrendMicro block m...

Страница 89: ...nsiderations If you do not specify any IP MAC addresses the network zone includes all IP MAC addresses If you do not select any interfaces the network zone includes all the interfaces If you do not sp...

Страница 90: ...e multiple VLAN IDs in the text box 4 Click Save Configuring Exception Settings This is the last task to configuring a network zone to help manage network security 1 Click the Exception tab The Except...

Страница 91: ...computers or network segments are not scanned Policy Enforcement assessments will not scan any Global Endpoint exceptions To add to the Global Endpoint Exceptions 1 Click Policy Enforcement from the...

Страница 92: ...drop down menu The Endpoint Notifications screen displays 3 Click the Settings tab 4 Select to display the Trend default look and feel or Custom to specify the Page Title Title Text color and Banner...

Страница 93: ...next to Port and type an optional comment 4 Click Add to The port is added to the current list on the right 5 Click Save Remote Login Accounts To use the remote login feature for deploying the PEAgent...

Страница 94: ...ings When you import a policy file the policy file overwrites all current policy settings To export Policies 1 Click Policy Enforcement from the side menu The drop down menu displays 2 Click Export Im...

Страница 95: ...ttings on page 2 26 Configuring SNMP Settings on page 2 26 Configuring Access Control Configure Access Control settings to help keep undesired users from accessing Network VirusWall Enforcer 2500 Rest...

Страница 96: ...Accounts screen displays 3 Click Add The Add Administrative Account screen displays 4 Type the User ID Password and Confirm the password 5 Select the Privileges 6 Click Save Using Backup Configuration...

Страница 97: ...d export the Network VirusWall Enforcer 2500 configuration This allows easy replication of existing Network VirusWall Enforcer 2500 settings from one Network VirusWall Enforcer 2500 to other devices o...

Страница 98: ...you want to isolate your network you can lock Network VirusWall Enforcer 2500 to block all traffic that would normally pass through the device Likewise if you are experiencing problems with Network Vi...

Страница 99: ...s powered off failopen is enabled and network traffic lock is enabled traffic passes through the failopen ports ports 1 and 2 and possibly 6 7 8 and 9 if you have installed bypass cards If the device...

Страница 100: ...delay To reset the device through the preconfiguration menu 1 Access the Network VirusWall Enforcer 2500 Preconfiguration console see Getting Started Guide Logging on to the Preconfiguration Console f...

Страница 101: ...e The procedure is the same for configuring these settings for the failover device Administration Failover Settings from the Web console To configure the Management IP Address settings 1 Click Adminis...

Страница 102: ...Configure LDAP settings from the Web console LDAP setting considerations If you select Kerberos as the authentication method ensure you fill out the KDC settings and that the device and LDAP server ti...

Страница 103: ...The drop down menu displays 2 Click Proxy Settings from the drop down menu The Proxy Settings screen displays 3 Select Use a proxy server for pattern and engine updates 4 Select HTTP SOCKS4 or SOCKS5...

Страница 104: ...and System contact 7 Type a Community name to add under Accepted Community Name s 8 Click Add to The community name displays in the table 9 Type the IP Address to add under Trusted Network Management...

Страница 105: ...console which restores settings to the factory defaults WARNING You will lose all changes to preconfiguration settings when you perform initialization To initialize Network VirusWall Enforcer 2500 1 I...

Страница 106: ...ine rollback reset device or restore default settings System Rollback Use a serial connection to perform a system rollback When you reset Network VirusWall Enforcer 2500 after the Booting the Network...

Страница 107: ...VirusWall Enforcer 2500 devices from the Web console view system information deploy Network VirusWall Enforcer 2500 components and modify device settings The topics discussed in this chapter include...

Страница 108: ...system folder File Virus Pattern contains a regularly updated database of virus patterns Vulnerability Engine scans for vulnerabilities Vulnerability Assessment Pattern contains information about vul...

Страница 109: ...ogram file manually if one of the devices becomes disabled Depending on the device role in a failover environment the Management Network VirusWall Enforcer 2500 device always communicates with the upd...

Страница 110: ...ring virus outbreaks Network VirusWall Enforcer 2500 provides the following methods to update and deploy the latest components to its managed products and devices Manually Instruct Network VirusWall E...

Страница 111: ...k VirusWall Enforcer 2500 Web console to verify whether Network VirusWall Enforcer 2500 updates the selected components during manual update Tip Visit http www trendmicro com download product asp prod...

Страница 112: ...luding the proxy settings if your network has a proxy server to connect to the Internet To set the update source 1 Click Updates The drop down menu displays 2 Click Source The Update Source screen dis...

Страница 113: ...500 logs a wide variety of information about events that occur on your network such as endpoint infections and policy violations virus outbreaks and component updates The topics discussed in this chap...

Страница 114: ...ime Status Information The Real time Status screen provides an overview of real time device information Click Real time Status from the main menu to view real time device information From this screen...

Страница 115: ...er 2500 Logs Network VirusWall Enforcer 2500 generates the following log types Event log Network Virus log Endpoint History Viewing the Event Log When the device detects an event such as a virus outbr...

Страница 116: ...Control Manager configure the time interval to send the Endpoint History to the Control Manager server from Log Settings View the Endpoint History from the Web console Click Logs Endpoint History Sele...

Страница 117: ...t a Network VirusWall software or hardware component is mounted on an invalid platform Table 4 1 enumerates all possible asset tag logs ERROR CODE DESCRIPTION 0 Invalid asset tag 1 Action Issue GET_FR...

Страница 118: ...the above error codes can only mean that someone has tampered with the device Someone has altered or replaced the original components included with shipment of the product The error codes help listed...

Страница 119: ...omponent threshold The following are the possible critical level Lower Critical the lower critical component threshold Upper Critical the upper critical component threshold activity refers to the incr...

Страница 120: ...d temperature Tip Use the Left and Right arrows on the control panel to read the logs displayed on the LCD module LCD Module Error Logs LCD module error logs refer to logs generated by and displayed o...

Страница 121: ...tus 206 Cannot get key Unable to obtain the public encryption key The Network VirusWall Enforcer device cannot register to the Control Manager server Check the E2EPublic dat through the LCD module or...

Страница 122: ...odify the address through the LCD module or Preconfiguration console 405 Duplicate DNS IP address Duplicate DNS server IP address Ensure the address specified the address belonging to the DNS server C...

Страница 123: ...tion that displays system debug log information in real time as Network VirusWall Enforcer 2500 creates log entries Use the System Log Viewer to view system debug log entries and save them to a text f...

Страница 124: ...asked questions The topics discussed in this chapter include Using Network VirusWall Enforcer 2500 Utilities on page 5 2 Entering Rescue Mode on page 5 2 Uploading the Program File and Boot Loader on...

Страница 125: ...Uploading the latest program file firmware and boot loader see page 5 4 Flashing the BIOS BMC and LCM firmware see page 5 7 Entering Rescue Mode If you are experiencing problems that prohibit the nor...

Страница 126: ...ter rescue mode through the Preconfiguration console 1 Select Reset Device from System Tasks 2 When the device resets a message appears prompting you to enter rescue mode 3 Type r at the prompt The Ne...

Страница 127: ...work scan engine network virus pattern file and system programs Note Uploading the program file will restore the Network VirusWall Enforcer 2500 default factory settings To preserve the existing setti...

Страница 128: ...liance Firmware Flash Utility Uploading with the Trend Micro Network VirusWall Enforcer 2500 Appliance Firmware Flash Utility performs the same function as uploading through the command line interface...

Страница 129: ...o use a static IP address in the range 192 168 252 2 to 192 168 252 254 with a subnet mask 255 255 255 0 Note If you are running PC cillin 2002 or later set the Personal Firewall settings to low or me...

Страница 130: ...n the Trend Micro Solutions CD for Network VirusWall Enforcer 2500 Before Running the Appliance Firmware Flash Utility Prepare the following before running the utility Before running the utility ensur...

Страница 131: ...version number For example BMS25210 bin denotes that the BMC firmware version is 2 10 Note Remember the location of the directory with the latest firmware If you want to roll back to the factory defa...

Страница 132: ...hernet cable to the computer s LAN port and the other end to Port 5 of the Network VirusWall Enforcer 2500 device After completing these tasks you are now ready to run the Network VirusWall Enforcer 2...

Страница 133: ...tility detects the Network VirusWall Enforcer 2500 device connected to the computer and lists it in the detection table 5 Click the first row to select the detected device from the detection table 6 C...

Страница 134: ...scue mode a Select Yes for Update Boot Block This option is only applicable when flashing the BIOS WARNING If a power loss interrupts the BIOS boot block update BIOS will no longer be able to operate...

Страница 135: ...h the device establishes a network connection Note After successfully flashing the BIOS or BMC firmware the device shuts down On the other hand after successfully flashing the LCM firmware the device...

Страница 136: ...e section covers the following troubleshooting topics Hardware Issues on page 5 14 Configuration Issues on page 5 15 Control Manager and Network VirusWall Enforcer 2500 Communication Issues on page 5...

Страница 137: ...and terminal communications software settings refer to the Getting Started Guide Preconfiguring Network VirusWall Enforcer 2500 Using the Preconfiguration Console 3 Unable to change settings with the...

Страница 138: ...e following 1 Install Active Directory on the Windows Server 2003 server so Network VirusWall Enforcer 2500 can synchronize with the Windows Server 2003 time service 2 Disable the Windows Server 2003...

Страница 139: ...ectory on the Control Manager management console Remove the Network VirusWall Enforcer 2500 device see the Control Manager Getting Started Guide and online help for information on adding and removing...

Страница 140: ...affic from additional endpoints over 4096 whose packets are infected Reconsider your deployment plan to take into consideration the number of endpoints in your network 9 A endpoint that was blocked be...

Страница 141: ...affic 14 When Kerberos Authentication is used the User Authentication does not function as expected Check the clock sync between the authentication server and Network VirusWall Enforcer 2500 The authe...

Страница 142: ...s to access the update source add the IP address of the update source to the URL Exception List 22 Network VirusWall Enforcer 2500 is either unable to obtain or gets incorrect DNS server information T...

Страница 143: ...ceptions ports become disabled To re enable the necessary ports a Go to Windows Security Center Windows Firewall Exceptions File and Printer Sharing b Check to see if TCP 139 Port and UDP 137 Port are...

Страница 144: ...on the Network VirusWall Enforcer BIOS screen and I press the arrow keys Discard Changes and Exit displays Different emulation configurations exist between Network VirusWall Enforcer 2500 and the moth...

Страница 145: ...ervers Windows NTP may provide some other features for Active Directory Server ADS endpoints In addition Windows NTP does not work unless you have installed ADS To enable NTP 38 Automatically logged o...

Страница 146: ...ll not switch roles if the Management device is unable to connect to the Control Manager server In this situation the Management device still works However Network VirusWall Enforcer 2500 cannot deliv...

Страница 147: ...ide Choosing a Fiber Optic Media Connector for Fiber based Networks section Where does Network VirusWall Enforcer 2500 store its logs and how can I access them Network VirusWall Enforcer 2500 only use...

Страница 148: ...rver Register a device to a Control Manager server through the Network VirusWall Enforcer 2500 preconfiguration Device Settings option Does Network VirusWall Enforcer 2500 support spanning tree protoc...

Страница 149: ...he preconfiguration tasks To perform extensive configuration changes use the Web console See Table 1 1 for a comparison of the available Network VirusWall Enforcer 2500 management tools How can I back...

Страница 150: ...ed through a HyperTerminal session However importing or exporting the Network VirusWall Enforcer 2500 configuration is not possible when using Minicom available in Linux servers Note Export configurat...

Страница 151: ...s be transferred FTP and HTTP blocked files can be transferred again when Network VirusWall Enforcer 2500 drops the connection after time out 10 minutes Why does HTTPS traffic not redirect to the bloc...

Страница 152: ...HTTPS each can have 10 concurrent sessions and SSH can have more than 10 concurrent sessions Does the device block uploading to HTTP This version of the device does not support this feature Why was I...

Страница 153: ...ounts can only be added using the Web console You can create Administrator Power User and Operator Accounts Can I use another Control Manager account to register and manage Network VirusWall Enforcer...

Страница 154: ...Scan install to endpoints with Windows 2003 and Windows 2003 R2 operating systems Real time scan does not support Windows 2003 and Windows 2003 R2 operating systems What happens if there is more than...

Страница 155: ...ndows endpoint notification for endpoints with host names in Chinese This version of Network VirusWall Enforcer 2500 does not support Windows endpoint notification for endpoints with host names in Chi...

Страница 156: ...ntil the query sends successfully How does Network VirusWall Enforcer 2500 handle FTP transfers when I configure specific ports to assess When you assess and block specific ports the FTP connection an...

Страница 157: ...Windows Vista Why can t the endpoint access the Redirect URL If you have configured the Redirect URL in capital letters endpoints are not able to access the URL The URL scan feature is case sensitive...

Страница 158: ...gent The following will prevent successful deployment of PEAgent If Network VirusWall Enforcer 2500 and the endpoint do not belong to the same network segment The traffic from the endpoint goes to dir...

Страница 159: ...ll non IP traffic Does Network VirusWall Enforcer 2500 ignore Voice Over Internet Protocol VoIP packets in a network with VoIP Yes Network VirusWall Enforcer 2500 scans every packet that passes throug...

Страница 160: ...tion on how to get technical support Remember you must register your product to be eligible for support This chapter includes the following topics Before Contacting Technical Support on page 6 2 Conta...

Страница 161: ...Micro products The support Web site has answers to previous user inquiries To search the Knowledge Base visit http esupport trendmicro com Contacting Technical Support In addition to phone support Tr...

Страница 162: ...you are experiencing Our team of virus engineers will dissect the file to identify and characterize any viruses it may contain and return the cleaned file to you within 48 hours Introducing TrendLabs...

Страница 163: ...bs overview htm Other Useful Resources Trend Micro offers a endpoint of services via its Web site www trendmicro com Internet based tools and services include Virus Map monitors virus incidents around...

Страница 164: ...NSION L X W X H 33 54 x 22 24 x 8 27 852 x 565 x 210mm SYSTEM WEIGHT 9Kg SYSTEM WEIGHT WITH PACKAGE AND ACCESSORY BOX 16 54Kg 3 9Kg packing 9Kg system 1Kg acces sory box 2 64Kg rails PROCESSOR Nocona...

Страница 165: ...l motor system fan X 5 BIOS ROM ST M50FW040 FORM FACTOR 10 5 x 13 5 PCB S25 PCI X RISER BOARD FEA TURE PCI X 64bit Slot X 2 LCD MODULE FEATURE LCD display for server message 5 control panel buttons fo...

Страница 166: ...infections security violations or virus entry points System administrators can download and deploy update components throughout the network helping ensure that protection is consistent and up to date...

Страница 167: ...can encrypt messages or encrypt them with authentication Secure configuration and component download These features allow you to configure secure management console access and component download Task...

Страница 168: ...ity and flexibility in the protocol design the drawbacks of applying XML as the data format standard for the communication protocol consist of the following XML parsing requires more system resources...

Страница 169: ...h item is composed of name ID type length and value There will be no strict item order and compliment items can be present in the communication protocol only if needed In addition to applying binary s...

Страница 170: ...nly the agent initiates the network connection to the server The server cannot initiate connection to the agent This one way communication works well for log data transfers However the server dispatch...

Страница 171: ...e that drastically reduces re connection time Two Way Communication Two way communication is an alternative to one way communication It is still based on one way communication but has an extra channel...

Страница 172: ...ime moment by moment reflection of the network s status Control Manager checks the status of each Network VirusWall Enforcer 2500 device in a sequential manner in the background Control Manager change...

Страница 173: ...mode the Network VirusWall Enforcer 2500 device applies during the registration process A separate protocol handshake occurs between both parties to determine the mode Aside from simply sending the h...

Страница 174: ...t both the device and the Control Manager server belong to the same network segment To register Network VirusWall Enforcer 2500 to Control Manager 1 Log on to the Preconfiguration console 2 On the Mai...

Страница 175: ...router or NAT device server in the Port forwarding IP address and Port forwarding port number fields Note The Network VirusWall Enforcer 2500 device uses the Port forwarding IP address and Port forwar...

Страница 176: ...rol Manager prompts for the segment of the Product Directory that the user can access Carefully plan the Product Directory since you can only grant access to a single segment For example granting acce...

Страница 177: ...gure the Mail folder PRODUCT DIRECTORY TREE ICON DESCRIPTION New entity or user defined folder name InterScan eManager OfficeScan Corporate Edition ServerProtect Information Server ServerProtect Domai...

Страница 178: ...s managed products handled by Trend VCS agents under the Trend VCS agents folder The following presents different scenarios for the accessible folders given to the account and the resulting default ma...

Страница 179: ...her managed products on demand This is useful especially during virus outbreaks Download new components before deploying updates to specific or groups of Network VirusWall Enforcer 2500 devices or man...

Страница 180: ...l to the summary provided by the Product Status tab in the Product Directory Root folder To access through Product Directory 1 Click Products on the main menu 2 On the left hand menu select the desire...

Страница 181: ...e settings of other managed products from being overwritten The Configuration tab shows either the product s Web console or a Control Manager generated console To configure a product 1 Click Products...

Страница 182: ...he Trend Micro ActiveUpdate server Perform a manual download to ensure that current components are already present in the Control Manager server To issue tasks to Network VirusWall Enforcer 2500 devic...

Страница 183: ...Incident Refers to events The options are All events Virus outbreak Module update Service On Service Off Security violation Unusual network virus behavior Product If you select a folder this list sho...

Страница 184: ...lete existing records and create a new database option This option creates a new database using the name of the existing one Replacing the corrupted Control Manager database with another database of t...

Страница 185: ...efer to Change agent connection re verification frequency to modify the agent verification time Search for Network VirusWall Enforcer 2500 Devices Product Directory Folders or Computers Use the Search...

Страница 186: ...t type messaging security web security file storage protection and so on The Directory allows you to create modify or delete folders and move Network VirusWall Enforcer 2500 devices between folders Yo...

Страница 187: ...ces in your Control Manager network To use and apply changes in the Directory Manager Right click a folder or Network VirusWall Enforcer 2500 device to open a pop up menu that presents a list of actio...

Страница 188: ...ntrol Manager creates a new sub folder under the main folder 4 Type a name for the new folder or use the default name and then press Enter 5 Click Save Except for the New entity folder Control Manager...

Страница 189: ...Network VirusWall Enforcer 2500 device to the target new location Cut and paste the folder or Network VirusWall Enforcer 2500 device to the target new location 4 Click Save Delete User Defined Folders...

Страница 190: ...Enforcer 2500 devices in Temp the same way you would with Network VirusWall Enforcer 2500 devices in the Product Directory The folders and Network VirusWall Enforcer 2500 devices belonging to Temp ha...

Страница 191: ...he last method The Status Summary screen provides information as to which Network VirusWall Enforcer 2500 devices use outdated components It simplifies virus pattern and scan engine updates on groups...

Страница 192: ...p To add from the Product Directory 1 Access the Product Directory 2 On the left hand menu select the Network VirusWall Enforcer 2500 device you want to add to Temp 3 Press on the numeric keypad To ad...

Страница 193: ...h outdated component 6 Click Back to return to the Status Summary page and then proceed to the next outdated component Repeat the instructions until Control Manager adds all the outdated Network Virus...

Страница 194: ...lates Vulnerability Assessment patterns network outbreak rules Pattern Release History and network virus pattern files Anti spam rules refer to import and rule files used for anti spam and content fil...

Страница 195: ...This is the Trend Micro recommend method of configuring manual downloads Manually downloading components requires multiple steps Tip Ignore steps 1 and 2 if you have already configured your deploymen...

Страница 196: ...he left menu under Update Manager click Deployment Plan The Deployment Plan screen appears 3 On the working area click Add New Plan 4 On the Add New Plan screen type a deployment plan name in the Plan...

Страница 197: ...ts Control Manager delays the deployment according to the interval you specify Use the menus to indicate the duration in terms of hours and minutes Start at Performs the deployment at a specific time...

Страница 198: ...B 33 1 Click Administration System Settings The System Settings screen appears...

Страница 199: ...ate components from the Internet check box in the Download component proxy settings area 3 Type the host name or IP address of the server in the Host name field 4 Type a port number in the Port field...

Страница 200: ...load screen appears 2 From the Components area select the components to download a Click the icon to expand the component list for each component group b Select the following components to download Fr...

Страница 201: ...e icon to add an additional update source You can configure up to five update sources 2 Select Retry frequency and specify the number or retries and duration between retries for downloading components...

Страница 202: ...Control Manager from the Deployment plan list 3 Click Save Step 6 Complete the manual download 1 Click Download Now and then click OK to confirm The download response screen appears The progress bar d...

Страница 203: ...re Control Manager supports granular component downloading You can specify the component group and individual component download schedules All schedules are autonomous of each other Scheduling downloa...

Страница 204: ...ds and Enable Scheduled Component Downloads Step 1 Configure a Deployment Plan for your components 1 Click Administration on the main menu 2 On the left menu under Update Manager click Deployment Plan...

Страница 205: ...owing options Delay After Control Manager downloads the update components Control Manager delays the deployment according to the interval you specify Use the menus to indicate the duration in terms of...

Страница 206: ...e Use a proxy server to download update components from the Internet check box in the Download component proxy settings area 3 Type the host name or IP address of the server in the Host name field 4 T...

Страница 207: ...ea select the components to download a Click the icon to expand the component list for each component group b Select the following components to download From Pattern files Cleanup templates Virus pat...

Страница 208: ...Enable scheduled download check box to enable scheduled download for the component 2 Define the download schedule Select a frequency and use the appropriate drop down menu to specify the desired sche...

Страница 209: ...TP proxy server on the network that is the Control Manager server does not have direct Internet access click Edit to configure the proxy settings on the System Settings screen Step 6 Configure the aut...

Страница 210: ...If you do not click Save your settings will be lost 2 Select a deployment plan after components download to Control Manager from the Deployment plan list 3 Click Save Step 7 Enable the schedule and s...

Страница 211: ...administered by the parent server Local reports do not include reports generated by child servers Use the Global Report options to view reports about managed products administered by child servers re...

Страница 212: ...Service Pack 3 The reports added in Service Pack 3 fall into five categories Desktop Fileserver Gateway MailServer and Executive Summary The new reports in Control Manager 3 5 fall into a new 6th cat...

Страница 213: ...eX format Note Control Manager cannot send reports in ActiveX format as email attachments RPT Crystal Report format use Crystal Smart Viewer to view RPT reports After generating the report Report Serv...

Страница 214: ...file click Create Report Profile Step 2 Configure the Contents tab settings 1 In the working area under the Contents tab type a name for the report in the Report name field to identify the profile on...

Страница 215: ...ect the target of the local or global report profile Select the Network VirusWall Enforcer 2500 devices or folders The profile only contains information about the Network VirusWall Enforcer 2500 devic...

Страница 216: ...e and segment of the clients you want to include in the report 3 Click Next to proceed to the Frequency tab Step 4 Configure the Frequency tab settings 1 On the working area under the Frequency tab sp...

Страница 217: ...our of the first day and end time is the generation hour of the day when generation occurs 2 Under Start the scheduler specify when the Report Server starts collecting information for this report Sele...

Страница 218: ...pients from the existing Control Manager users and groups Use to add recipients from the Users and groups list to the Recipient list Use to remove recipients from the Recipient list 2 Click Send the r...

Страница 219: ...n click Finish to save the profile Review Report Profile Settings Use the Profile Summary screen to review profile settings To access Profile Summary and review report profiles Access Local or Global...

Страница 220: ...available because Control Manager generates these reports only once Generate On demand Scheduled Reports The Report Server generates scheduled reports based on the date and time you specified When th...

Страница 221: ...Profile screen to view the available local or global reports To view reports 1 Click Reports on the main menu 2 Do one of the following To create a local report profile click Local Report Profile on t...

Страница 222: ...tivirus products for endpoints with Microsoft Windows 98 ME operating systems The tables in this chapter include Supported Products for Endpoints with Windows 98 or ME Operating Systems on page C 2 Su...

Страница 223: ...er Associates International Inc eTrust EZ Antivirus 6 4 x Computer Associates International Inc eTrust EZ Antivirus 7 x McAfee Inc McAfee VirusScan 4 5 1 x McAfee Inc McAfee VirusScan 8 x McAfee Inc M...

Страница 224: ...Virus 2003 Professional Edition 9 x Symantec Corp Norton AntiVirus 2004 10 x Symantec Corp Norton AntiVirus 2004 Symantec Corporation 10 x Symantec Corp Norton AntiVirus 10 x Symantec Corp Norton Anti...

Страница 225: ...Administrator s Guide C 4 Supported Products for Endpoints with Windows XP 2000 or 2003 Operating Systems Refer to the Supported Products screen in the Web console for the latest list for endpoints wi...

Страница 226: ...e that the data ends up where the sender intended it to go BPDU messages go back and forth across bridges to detect loops in a network topology The protocol then removes the loops by shutting down sel...

Страница 227: ...continuously opera tional for a desirably long length of time Admin istrators usually measure availability relative to 100 operational or never failing IETF Short for Internet Engineering Task Force...

Страница 228: ...Display A 5x7 dot dis play LCD on the Network VirusWall Enforcer 2500 front panel that is capable if displaying 2x16 character messages LCM console Also referred to as the LCD module It is com posed o...

Страница 229: ...rk of computers Network virus The type of threat that Network VirusWall Enforcer 2500 devices can detect eliminate and contain A virus spreading over a network is not strictly speaking a network virus...

Страница 230: ...access vendor companies known collectively as the PPTP Forum Preconfiguration console The console used to preconfigure a Network VirusWall Enforcer 2500 device Preconfiguring a Network VirusWall Enfor...

Страница 231: ...paths into a standby or blocked state STP allows only one active path at a time between any two network devices this prevents the loops but establishes the redundant links as a backup if the initial...

Страница 232: ...ides rules and sig natures to detect network threats and other vul nerabilities Network VirusWall Enforcer 2500 uses both the Network Virus Scan Engine and Network Virus Pattern to detect known threat...

Страница 233: ...46 Control Manager antivirus and content security com ponents Anti spam rules B 29 Engines B 29 Pattern files Cleanup templates B 29 convention document P 4 conventions P 4 creating folders B 23 Creat...

Страница 234: ...for B 20 viewing logs B 17 viewing status B 15 management 1 5 manually download components B 30 MCP understanding B 3 MCP benefits HTTPS support B 5 NAT and firewall traversal B 4 one way and two way...

Страница 235: ...templates B 47 reports B 46 global B 46 local B 46 on demand scheduled B 55 report profiles B 48 ActiveX B 48 Contents B 49 creating B 48 Frequency B 51 PDF B 48 Recipient B 53 RPT B 48 RTF B 48 Targ...

Страница 236: ...ministrator s Guide I 4 V VBScript 1 11 viewing managed products logs B 17 managed products status B 15 viewing generated reports B 56 vulnerability 1 14 5 19 W who should read this document audience...

Отзывы: