Trend Micro VirusWall 2500, Administrator'S Manual

Page 1: ...Network VirusWallTM Enforcer 2500 Administrator s Guide...

Page 2: ...the Trend Micro t ball logo OfficeScan PC cillin ServerProtect TrendLabs VirusWall Trend Micro Control Manager Trend Micro Damage Cleanup Services Trend Micro Outbreak Prevention Services and Trend M...

Page 3: ...prior to installing or using the software Detailed information about how to use specific features within the software are available in the online help file and the online Knowledge Base at Trend Micr...

Page 4: ...l Enforcer 2500 1 2 Functions and Capabilities 1 2 Network VirusWall Enforcer 2500 Architecture 1 5 Components 1 5 Device s 1 5 Management 1 5 Antivirus Technology 1 10 Understanding Security Risks 1...

Page 5: ...igh Availability 1 28 Redundant Ports and Devices 1 28 Failover 1 29 Failopen 1 30 Policy Prioritization and Creation 1 33 Sample Policy Creation 1 37 Policy Scenario 1 Authenticated users need to hav...

Page 6: ...ngs 2 18 Configuring Access Control 2 18 Configuring Administrative Accounts 2 19 Using Backup Configuration 2 19 Performing Device Tasks 2 21 Replacing the HTTPS Certificate 2 24 Configuring IP Addre...

Page 7: ...m File and Boot Loader 5 4 Uploading with the Network VirusWall Enforcer 2500 Appliance Firmware Flash Utility 5 5 Flashing the BIOS and BMC 5 7 Before Running the Appliance Firmware Flash Utility 5 7...

Page 8: ...ol Manager B 9 Managing Network VirusWall Enforcer 2500 From Control Manager B 11 Understanding Product Directory B 11 Accessing a Network VirusWall Enforcer 2500 Device s Default Folder B 13 Access P...

Page 9: ...Temp B 26 Removing Network VirusWall Enforcer 2500 Devices From Temp B 28 Download and Deploy New Components From Control Manager B 29 Understanding Update Manager B 29 Understanding Manual Downloads...

Page 10: ...x C Supported Antivirus Products Supported Products for Endpoints with Windows 98 or ME Operating Systems C 2 Supported Products for Endpoints with Windows XP 2000 or 2003 Operating Systems C 4 Append...

Page 11: ...and monitor the product The Network VirusWall Enforcer 2500 package includes the Trend Micro Solutions CD for Network VirusWall Enforcer 2500 If you are planning large scale deployment of Network Vir...

Page 12: ...Network VirusWall Enforcer 2500 or downloadable from the Trend Micro Web site The GSG contains instructions on how to deploy Network VirusWall Enforcer 2500 a task that includes planning testing and p...

Page 13: ...e management tools see Configuring Policy Enforcement and Device Settings on page 2 1 Procedures to update Network VirusWall Enforcer 2500 components see Updating Components on page 3 1 Instructions t...

Page 14: ...usWall Enforcer 2500 documentation uses the following conventions CONVENTION DESCRIPTION ALL CAPITALS Acronyms abbreviations and names of certain com mands and keys on the keyboard Bold Menus and menu...

Page 15: ...an overview of its technology capabilities and hardware connections The topics discussed in this chapter include Trend Micro Network VirusWall Enforcer 2500 on page 1 2 Functions and Capabilities on...

Page 16: ...aks By deploying Network VirusWall Enforcer 2500 in network LAN segments organizations can significantly reduce their security risk network downtime and outbreak management burden Network VirusWall En...

Page 17: ...io the percentage of endpoints with antivirus software in relation to the total number of detected endpoints Click Export to save the information to a file Component Status Use this information to det...

Page 18: ...Update Your Protection Virus writers write and release new viruses through different media every day especially the Internet To help ensure your protection against the latest threats is current period...

Page 19: ...ts or provide threat information Network VirusWall Enforcer 2500 helps organizations take precise outbreak security actions and proactively detect prevent or contain and eliminate outbreaks By deployi...

Page 20: ...cer 2500 or using SSH There are certain settings you cannot alter if you login using SSH The settings you cannot alter using SSH include disabling SSH connection from the Access Control menu and setti...

Page 21: ...zation This enables you to react quickly to network virus emergencies from nearly anywhere using the Web console FIGURE 1 2 Network VirusWall Enforcer 2500 Web console After preconfiguration the Web c...

Page 22: ...Control Panel make up the LCD module The LCM console allows you to perform the following basic configuration Configure device settings Device settings such as the Network VirusWall Enforcer 2500 IP a...

Page 23: ...re Interface Groups Configure IP Address Settings Configure Policy Exceptions Configure Proxy Settings Create and manage Policies Manage Access Control Manage Administrative Accounts Monitor device ev...

Page 24: ...n however is effective only after servers or endpoints detect a virus in other words when a virus is already on your network Equipped with the Trend Micro network scan engine and network virus pattern...

Page 25: ...en included in a document Trojan horses executable programs that do not replicate but instead reside on systems to perform malicious acts such as open ports for hackers to enter VBScript JavaScript or...

Page 26: ...iated with at least ten Internet threats regardless of how destructive the associated Internet threats are Systems and networks not patched against these vulnerabilities will likely become infected du...

Page 27: ...hat is the Internet other LAN segments and so on Tip Trend Micro recommends deploying a Network VirusWall Enforcer 2500 device between switches or routers Although the exact location of the device dep...

Page 28: ...licy Enforcement Network VirusWall Enforcer 2500 is capable of identifying a packet source and then determining if it complies with the current antivirus and vulnerability elimination policies The dev...

Page 29: ...wing scan endpoints to ensure the installation of antivirus software scan network packets to prevent security threats from entering the network ensure vulnerabilities are updated before allowing acces...

Page 30: ...filters out the selected network type packets Viewing Logs to Assess Policy Enforcement Logs provide information to help you monitor Policy Enforcement on your network Configure log settings from the...

Page 31: ...obal Endpoint Exceptions from the Web console Quarantined Endpoints You can configure the device to quarantine endpoints that violate the Network Virus Policy Quarantined endpoints are endpoints ident...

Page 32: ...to the device from endpoints This list supports up to 64 entries An Example of When a Bridge IP Address is Necessary In an environment where the Network VirusWall Enforcer 2500 Management IP address...

Page 33: ...nforcement Agent sends the results to Network VirusWall Enforcer The path of the traffic is Endpoint 2 L2 Switch NVWE L3 Switch NVWE Network VirusWall Enforcer receives Endpoint 2 s IP address and L3...

Page 34: ...s the state of Endpoint 2 successfully Static Routes Configure static routes to allow packets to pass through the device to different segments in your network This list supports up to 50 entries An Ex...

Page 35: ...elong to different network segments So we add a Bridge IP address bound to VLAN 3 that is in the same network segment as Endpoint 2 and Router 1 s interface 2 This allows Network VirusWall Enforcer to...

Page 36: ...erformance and status Each managed device has a software module known as an agent which communicates with the NMS Security Managed devices can protect their MIBs by granting only specific network mana...

Page 37: ...TED COMMUNITY NAMES Community names with the following characteristics Default name public Access privileges READ ONLY the get command Maximum number of community names 5 Maximum length of community n...

Page 38: ...additional traps Cold start Enable SNMP Link down Remove connection from LAN port or fiber port Link up Connection to LAN port or fiber port established Authentication failure Login to the Web console...

Page 39: ...reduce network congestion by managing the flow of traffic between endpoints that communicate often even if they are not on the same network segment Tagged and Non tagged Frames When a local switch on...

Page 40: ...es untagged packets the device compares the destination MAC address from the packets to the Non VLAN traffic and specific VLAN traffic MAC address tables Once Network VirusWall Enforcer 2500 determine...

Page 41: ...rts with user defined port groups Redundant devices with user defined port groups Fault tolerance solutions Nine User definable LAN Ports Network VirusWall Enforcer 2500 offers high performance gigabi...

Page 42: ...ion Network VirusWall Enforcer 2500 provides two ports to connect to the up link and downlink switches in dual paths Applying a port redundant solution requires the completion of the following tasks 1...

Page 43: ...lover Considerations for details Failover The failover solution involves two identical Network VirusWall Enforcer 2500 devices PRIMARY and SECONDARY It is an operation that automatically sends packets...

Page 44: ...sables failopen LAN bypass in a failover environment Do not automatically update the program file for the devices in a failover pair Doing so alters the identical settings for the failover devices whi...

Page 45: ...other devices must not exceed 100 meters 328 feet for copper port connections Note This constraint only applies to failopen deployments The network cable connecting port 1 should not exceed 50 m Also...

Page 46: ...ected Disconnected 18 BIOS Power On Self Test POST Connected Connected 35 Loading Grand Unified Bootloader GRUB Connected Disconnected Rescue Mode Connected Disconnected Validating the boot partition...

Page 47: ...all Enforcer 2500 applies For example consider the following three policies in the table In Table 1 5 prioritizing policies with broad settings lower in the list prevents situations where all endpoint...

Page 48: ...etect the endpoint You can use a switch s mirror function with the Network VirusWall Enforcer 2500 SNIFFER port feature to scan all packets on the network and monitor activity without disrupting your...

Page 49: ...operating systems the device will not assess endpoints with firewall software or devices such as routers If you select user authentication you must configure LDAP settings If you select Instant messa...

Page 50: ...le name with zero bytes If CIFS connections exist at the time of policy creation the action may not function correctly Inform endpoints of policy requirements prior to blocking them from accessing the...

Page 51: ...Before you create policies consider the services you want to apply to an endpoint and the type of endpoints to assess For example endpoints in Group A need to have antivirus software the corresponding...

Page 52: ...38 FIGURE 1 7 Sample Policy 1 Authenticated users Step 2 In Step 2 Select Enable user authentication and Apply policy to authenticated users to apply this policy to authenticated users Specify the In...

Page 53: ...ntivirus Program Scan and all of the antivirus applications in the list Select to Block non compliant endpoints to block endpoints that do not have any of these applications installed Select Log polic...

Page 54: ...Guide 1 40 FIGURE 1 9 Sample Policy 1 Authenticated users Step 4 In Step 4 Select Enable Network Virus Scan Select Log policy violation and Notify endpoints about policy violations to record and send...

Page 55: ...cond policy specify the required registry key if guest users try to access endpoints belonging to the network FIGURE 1 10 Sample Policy 2 Guest users Step 2 In Step 2 Select Enable user authentication...

Page 56: ...Select Registry Key Scan and add the registry key as required Select to Block non compliant endpoints to block endpoints that do not have any of these applications installed Select Log policy violati...

Page 57: ...2500 1 43 FIGURE 1 12 Sample Policy 2 Guest users Step 4 In Step 4 Select Enable Network Virus Scan Select Log policy violation and Notify endpoints about policy violations to record and send a block...

Page 58: ...t has a lower priority than this policy never applies to endpoints FIGURE 1 13 Example of incorrect prioritization resulting in a policy that never applies to endpoints The second policy in this examp...

Page 59: ...This example requires a policy that ensures that endpoints with Windows XP operating systems have Service Pack 2 installed To create a policy that ensures that endpoints with Windows XP operating syst...

Page 60: ...e 1 46 2 For this policy configure a network zone that includes all IP addresses of endpoints with Windows XP operating systems You can click Add from Step 2 of the Add Policy screens to configure a n...

Page 61: ...Trend Micro Network VirusWall Enforcer 2500 1 47 3 Specify the Windows XP network zone as the Source and the Destination as any to apply this policy to the Windows XP endpoints FIGURE 1 16 Policy Scen...

Page 62: ...Trend Micro Network VirusWall Enforcer 2500 Administrator s Guide 1 48 4 Select the Registry Key Scan service FIGURE 1 17 Policy Scenario 2 Step 3...

Page 63: ...Enforcer 2500 1 49 5 Add the registry value for Service Pack 2 as a required registry key FIGURE 1 18 Policy Scenario 2 Add the required registry key 6 Confirm that the required registry key displays...

Page 64: ...l Enforcer 2500 Protects the public server farm The Network Virus Policy feature scans all traffic and Policy Enforcement applies to remote endpoints Apply a remedy to endpoints that violate the polic...

Page 65: ...Understanding Trend Micro Network VirusWall Enforcer 2500 1 51 FIGURE 1 19 Standard Network Mode Scenario...

Page 66: ...cy Enforcement applies to remote hosts Apply a remedy to endpoints that violate the policy Is located between the core switch and WAN module The Network Virus Policy feature scans all traffic and pair...

Page 67: ...cer in either of the following Between the border routers and core routers The Network Virus Scan feature scans all traffic Enable asymmetric routing support BGP and enable high availability features...

Page 68: ...reate different policies based on area and type of access For this example we want to do the following Configure policies to protect the public server farm Configure policies to scan packets going bet...

Page 69: ...Agent deployment method ActiveX Compliant endpoint reassessment 1 day Non compliant endpoint reassessment 15 minutes Authenticati on and Network Zones Settings Authentication Default settings check b...

Page 70: ...reassessment 1 day Non compliant endpoint reassessment 15 minutes Authenticati on and Network Zones Settings Authentication Default settings check boxes are clear Endpoint Network Zones Any Network Zo...

Page 71: ...lways be last to address all other cases Agent type Agentless Agent deployment method ActiveX Compliant endpoint reassessment 1 day Non compliant endpoint reassessment 15 minutes Authenticati on and N...

Page 72: ...o not introduce security threats into the network Settings Details Endpoint Settings Policy name Guest Policy comment This policy should be above authenticated users if using agentless detection Agent...

Page 73: ...Critical vulnerabilities and Important vulnerabilities Log policy violations and notify endpoints about policy violations Network Virus Policy Settings Network Virus Scan Action Quarantine endpoint R...

Page 74: ...e Agent type Persistent Agent Agent deployment method Remote login ActiveX Compliant endpoint reassessment 1 day Non compliant endpoint reassessment 15 minutes Authenticati on and Network Zones Settin...

Page 75: ...bilities and Important vulnerabilities Registry Key Scan Action Block non compliant endpoints Remedy None Details Windows Firewall Prohibited Log policy violations and notify endpoints about policy vi...

Page 76: ...Destination Network Zones Any Network Zone TCP Protocol Ports All Ports UDP Protocol Ports All Ports Daily Schedule Everyday Hourly Schedule All Day Enforcement Policy Settings Antivirus Program Scan...

Page 77: ...cy does not use the authentication feature whereas the lower priority policy does no hosts will match the second policy Network Virus Policy Settings Network Virus Scan Action Quarantine endpoint Reme...

Page 78: ...and device tasks Network VirusWall Enforcer 2500 provides three management tools that let you easily configure its settings See Table 1 1 to understand the configuration options allowable from the av...

Page 79: ...Refer to the Getting Started Guide for details on how to preconfigure and test a successful Network VirusWall Enforcer 2500 deployment Configuring Policy Enforcement Settings This section includes the...

Page 80: ...ettings Step 3 Configure the Enforcement Policy Step 4 Configure the Network Virus Policy Step 5 Configure the Network Application Policy Step 6 Configure Policy URL Exceptions Note See Policy Enforce...

Page 81: ...u can use this account and password for remote deployment to endpoints belonging to that domain b ActiveX Policy Enforcement Agent PEAgent installation requires confirmation from the endpoint 8 Select...

Page 82: ...settings if you select Enable user authentication See Configuring LDAP Settings on page 2 25 for more information If you create one policy for authenticated users create a policy that applies to user...

Page 83: ...ation ii Block non compliant endpoints you can select a Remedy from None Deploy Real time Scan to scan the endpoint computer or Redirect to URL to a URL where the endpoint may rectify the violation If...

Page 84: ...sessment time interval a Select the System Threat Scan check box b Specify the Endpoint Action by selecting one of the following i Monitor allow traffic to continue to destination ii Block non complia...

Page 85: ...ou want endpoints to have on their computers Prohibited registry keys are those that you do not want endpoints to have on their computers e Type the Registry Key f Select Value name to check the value...

Page 86: ...Log policy violations to record log entries in the Endpoint History log 3 Click Next Step 5 Specify Network Application Policy Specify the service by selecting the check box next to the scan to perfor...

Page 87: ...le transfer detection Use this feature to assess file transfer activity Ensure that combinations such as specifying for Files to assess and selecting HTTP file transfer are not specified This type of...

Page 88: ...nt one or more unknown characters follow these guidelines lock matches block clock glock plock and flock but not lock Trend Micro matches Trend Micro Trend Micro Trend_Micro but not TrendMicro block m...

Page 89: ...nsiderations If you do not specify any IP MAC addresses the network zone includes all IP MAC addresses If you do not select any interfaces the network zone includes all the interfaces If you do not sp...

Page 90: ...e multiple VLAN IDs in the text box 4 Click Save Configuring Exception Settings This is the last task to configuring a network zone to help manage network security 1 Click the Exception tab The Except...

Page 91: ...computers or network segments are not scanned Policy Enforcement assessments will not scan any Global Endpoint exceptions To add to the Global Endpoint Exceptions 1 Click Policy Enforcement from the...

Page 92: ...drop down menu The Endpoint Notifications screen displays 3 Click the Settings tab 4 Select to display the Trend default look and feel or Custom to specify the Page Title Title Text color and Banner...

Page 93: ...next to Port and type an optional comment 4 Click Add to The port is added to the current list on the right 5 Click Save Remote Login Accounts To use the remote login feature for deploying the PEAgent...

Page 94: ...ings When you import a policy file the policy file overwrites all current policy settings To export Policies 1 Click Policy Enforcement from the side menu The drop down menu displays 2 Click Export Im...

Page 95: ...ttings on page 2 26 Configuring SNMP Settings on page 2 26 Configuring Access Control Configure Access Control settings to help keep undesired users from accessing Network VirusWall Enforcer 2500 Rest...

Page 96: ...Accounts screen displays 3 Click Add The Add Administrative Account screen displays 4 Type the User ID Password and Confirm the password 5 Select the Privileges 6 Click Save Using Backup Configuration...

Page 97: ...d export the Network VirusWall Enforcer 2500 configuration This allows easy replication of existing Network VirusWall Enforcer 2500 settings from one Network VirusWall Enforcer 2500 to other devices o...

Page 98: ...you want to isolate your network you can lock Network VirusWall Enforcer 2500 to block all traffic that would normally pass through the device Likewise if you are experiencing problems with Network Vi...

Page 99: ...s powered off failopen is enabled and network traffic lock is enabled traffic passes through the failopen ports ports 1 and 2 and possibly 6 7 8 and 9 if you have installed bypass cards If the device...

Page 100: ...delay To reset the device through the preconfiguration menu 1 Access the Network VirusWall Enforcer 2500 Preconfiguration console see Getting Started Guide Logging on to the Preconfiguration Console f...

Page 101: ...e The procedure is the same for configuring these settings for the failover device Administration Failover Settings from the Web console To configure the Management IP Address settings 1 Click Adminis...

Page 102: ...Configure LDAP settings from the Web console LDAP setting considerations If you select Kerberos as the authentication method ensure you fill out the KDC settings and that the device and LDAP server ti...

Page 103: ...The drop down menu displays 2 Click Proxy Settings from the drop down menu The Proxy Settings screen displays 3 Select Use a proxy server for pattern and engine updates 4 Select HTTP SOCKS4 or SOCKS5...

Page 104: ...and System contact 7 Type a Community name to add under Accepted Community Name s 8 Click Add to The community name displays in the table 9 Type the IP Address to add under Trusted Network Management...

Page 105: ...console which restores settings to the factory defaults WARNING You will lose all changes to preconfiguration settings when you perform initialization To initialize Network VirusWall Enforcer 2500 1 I...

Page 106: ...ine rollback reset device or restore default settings System Rollback Use a serial connection to perform a system rollback When you reset Network VirusWall Enforcer 2500 after the Booting the Network...

Page 107: ...VirusWall Enforcer 2500 devices from the Web console view system information deploy Network VirusWall Enforcer 2500 components and modify device settings The topics discussed in this chapter include...

Page 108: ...system folder File Virus Pattern contains a regularly updated database of virus patterns Vulnerability Engine scans for vulnerabilities Vulnerability Assessment Pattern contains information about vul...

Page 109: ...ogram file manually if one of the devices becomes disabled Depending on the device role in a failover environment the Management Network VirusWall Enforcer 2500 device always communicates with the upd...

Page 110: ...ring virus outbreaks Network VirusWall Enforcer 2500 provides the following methods to update and deploy the latest components to its managed products and devices Manually Instruct Network VirusWall E...

Page 111: ...k VirusWall Enforcer 2500 Web console to verify whether Network VirusWall Enforcer 2500 updates the selected components during manual update Tip Visit http www trendmicro com download product asp prod...

Page 112: ...luding the proxy settings if your network has a proxy server to connect to the Internet To set the update source 1 Click Updates The drop down menu displays 2 Click Source The Update Source screen dis...

Page 113: ...500 logs a wide variety of information about events that occur on your network such as endpoint infections and policy violations virus outbreaks and component updates The topics discussed in this chap...

Page 114: ...ime Status Information The Real time Status screen provides an overview of real time device information Click Real time Status from the main menu to view real time device information From this screen...

Page 115: ...er 2500 Logs Network VirusWall Enforcer 2500 generates the following log types Event log Network Virus log Endpoint History Viewing the Event Log When the device detects an event such as a virus outbr...

Page 116: ...Control Manager configure the time interval to send the Endpoint History to the Control Manager server from Log Settings View the Endpoint History from the Web console Click Logs Endpoint History Sele...

Page 117: ...t a Network VirusWall software or hardware component is mounted on an invalid platform Table 4 1 enumerates all possible asset tag logs ERROR CODE DESCRIPTION 0 Invalid asset tag 1 Action Issue GET_FR...

Page 118: ...the above error codes can only mean that someone has tampered with the device Someone has altered or replaced the original components included with shipment of the product The error codes help listed...

Page 119: ...omponent threshold The following are the possible critical level Lower Critical the lower critical component threshold Upper Critical the upper critical component threshold activity refers to the incr...

Page 120: ...d temperature Tip Use the Left and Right arrows on the control panel to read the logs displayed on the LCD module LCD Module Error Logs LCD module error logs refer to logs generated by and displayed o...

Page 121: ...tus 206 Cannot get key Unable to obtain the public encryption key The Network VirusWall Enforcer device cannot register to the Control Manager server Check the E2EPublic dat through the LCD module or...

Page 122: ...odify the address through the LCD module or Preconfiguration console 405 Duplicate DNS IP address Duplicate DNS server IP address Ensure the address specified the address belonging to the DNS server C...

Page 123: ...tion that displays system debug log information in real time as Network VirusWall Enforcer 2500 creates log entries Use the System Log Viewer to view system debug log entries and save them to a text f...

Page 124: ...asked questions The topics discussed in this chapter include Using Network VirusWall Enforcer 2500 Utilities on page 5 2 Entering Rescue Mode on page 5 2 Uploading the Program File and Boot Loader on...

Page 125: ...Uploading the latest program file firmware and boot loader see page 5 4 Flashing the BIOS BMC and LCM firmware see page 5 7 Entering Rescue Mode If you are experiencing problems that prohibit the nor...

Page 126: ...ter rescue mode through the Preconfiguration console 1 Select Reset Device from System Tasks 2 When the device resets a message appears prompting you to enter rescue mode 3 Type r at the prompt The Ne...

Page 127: ...work scan engine network virus pattern file and system programs Note Uploading the program file will restore the Network VirusWall Enforcer 2500 default factory settings To preserve the existing setti...

Page 128: ...liance Firmware Flash Utility Uploading with the Trend Micro Network VirusWall Enforcer 2500 Appliance Firmware Flash Utility performs the same function as uploading through the command line interface...

Page 129: ...o use a static IP address in the range 192 168 252 2 to 192 168 252 254 with a subnet mask 255 255 255 0 Note If you are running PC cillin 2002 or later set the Personal Firewall settings to low or me...

Page 130: ...n the Trend Micro Solutions CD for Network VirusWall Enforcer 2500 Before Running the Appliance Firmware Flash Utility Prepare the following before running the utility Before running the utility ensur...

Page 131: ...version number For example BMS25210 bin denotes that the BMC firmware version is 2 10 Note Remember the location of the directory with the latest firmware If you want to roll back to the factory defa...

Page 132: ...hernet cable to the computer s LAN port and the other end to Port 5 of the Network VirusWall Enforcer 2500 device After completing these tasks you are now ready to run the Network VirusWall Enforcer 2...

Page 133: ...tility detects the Network VirusWall Enforcer 2500 device connected to the computer and lists it in the detection table 5 Click the first row to select the detected device from the detection table 6 C...

Page 134: ...scue mode a Select Yes for Update Boot Block This option is only applicable when flashing the BIOS WARNING If a power loss interrupts the BIOS boot block update BIOS will no longer be able to operate...

Page 135: ...h the device establishes a network connection Note After successfully flashing the BIOS or BMC firmware the device shuts down On the other hand after successfully flashing the LCM firmware the device...

Page 136: ...e section covers the following troubleshooting topics Hardware Issues on page 5 14 Configuration Issues on page 5 15 Control Manager and Network VirusWall Enforcer 2500 Communication Issues on page 5...

Page 137: ...and terminal communications software settings refer to the Getting Started Guide Preconfiguring Network VirusWall Enforcer 2500 Using the Preconfiguration Console 3 Unable to change settings with the...

Page 138: ...e following 1 Install Active Directory on the Windows Server 2003 server so Network VirusWall Enforcer 2500 can synchronize with the Windows Server 2003 time service 2 Disable the Windows Server 2003...

Page 139: ...ectory on the Control Manager management console Remove the Network VirusWall Enforcer 2500 device see the Control Manager Getting Started Guide and online help for information on adding and removing...

Page 140: ...affic from additional endpoints over 4096 whose packets are infected Reconsider your deployment plan to take into consideration the number of endpoints in your network 9 A endpoint that was blocked be...

Page 141: ...affic 14 When Kerberos Authentication is used the User Authentication does not function as expected Check the clock sync between the authentication server and Network VirusWall Enforcer 2500 The authe...

Page 142: ...s to access the update source add the IP address of the update source to the URL Exception List 22 Network VirusWall Enforcer 2500 is either unable to obtain or gets incorrect DNS server information T...

Page 143: ...ceptions ports become disabled To re enable the necessary ports a Go to Windows Security Center Windows Firewall Exceptions File and Printer Sharing b Check to see if TCP 139 Port and UDP 137 Port are...

Page 144: ...on the Network VirusWall Enforcer BIOS screen and I press the arrow keys Discard Changes and Exit displays Different emulation configurations exist between Network VirusWall Enforcer 2500 and the moth...

Page 145: ...ervers Windows NTP may provide some other features for Active Directory Server ADS endpoints In addition Windows NTP does not work unless you have installed ADS To enable NTP 38 Automatically logged o...

Page 146: ...ll not switch roles if the Management device is unable to connect to the Control Manager server In this situation the Management device still works However Network VirusWall Enforcer 2500 cannot deliv...

Page 147: ...ide Choosing a Fiber Optic Media Connector for Fiber based Networks section Where does Network VirusWall Enforcer 2500 store its logs and how can I access them Network VirusWall Enforcer 2500 only use...

Page 148: ...rver Register a device to a Control Manager server through the Network VirusWall Enforcer 2500 preconfiguration Device Settings option Does Network VirusWall Enforcer 2500 support spanning tree protoc...

Page 149: ...he preconfiguration tasks To perform extensive configuration changes use the Web console See Table 1 1 for a comparison of the available Network VirusWall Enforcer 2500 management tools How can I back...

Page 150: ...ed through a HyperTerminal session However importing or exporting the Network VirusWall Enforcer 2500 configuration is not possible when using Minicom available in Linux servers Note Export configurat...

Page 151: ...s be transferred FTP and HTTP blocked files can be transferred again when Network VirusWall Enforcer 2500 drops the connection after time out 10 minutes Why does HTTPS traffic not redirect to the bloc...

Page 152: ...HTTPS each can have 10 concurrent sessions and SSH can have more than 10 concurrent sessions Does the device block uploading to HTTP This version of the device does not support this feature Why was I...

Page 153: ...ounts can only be added using the Web console You can create Administrator Power User and Operator Accounts Can I use another Control Manager account to register and manage Network VirusWall Enforcer...

Page 154: ...Scan install to endpoints with Windows 2003 and Windows 2003 R2 operating systems Real time scan does not support Windows 2003 and Windows 2003 R2 operating systems What happens if there is more than...

Page 155: ...ndows endpoint notification for endpoints with host names in Chinese This version of Network VirusWall Enforcer 2500 does not support Windows endpoint notification for endpoints with host names in Chi...

Page 156: ...ntil the query sends successfully How does Network VirusWall Enforcer 2500 handle FTP transfers when I configure specific ports to assess When you assess and block specific ports the FTP connection an...

Page 157: ...Windows Vista Why can t the endpoint access the Redirect URL If you have configured the Redirect URL in capital letters endpoints are not able to access the URL The URL scan feature is case sensitive...

Page 158: ...gent The following will prevent successful deployment of PEAgent If Network VirusWall Enforcer 2500 and the endpoint do not belong to the same network segment The traffic from the endpoint goes to dir...

Page 159: ...ll non IP traffic Does Network VirusWall Enforcer 2500 ignore Voice Over Internet Protocol VoIP packets in a network with VoIP Yes Network VirusWall Enforcer 2500 scans every packet that passes throug...

Page 160: ...tion on how to get technical support Remember you must register your product to be eligible for support This chapter includes the following topics Before Contacting Technical Support on page 6 2 Conta...

Page 161: ...Micro products The support Web site has answers to previous user inquiries To search the Knowledge Base visit http esupport trendmicro com Contacting Technical Support In addition to phone support Tr...

Page 162: ...you are experiencing Our team of virus engineers will dissect the file to identify and characterize any viruses it may contain and return the cleaned file to you within 48 hours Introducing TrendLabs...

Page 163: ...bs overview htm Other Useful Resources Trend Micro offers a endpoint of services via its Web site www trendmicro com Internet based tools and services include Virus Map monitors virus incidents around...

Page 164: ...NSION L X W X H 33 54 x 22 24 x 8 27 852 x 565 x 210mm SYSTEM WEIGHT 9Kg SYSTEM WEIGHT WITH PACKAGE AND ACCESSORY BOX 16 54Kg 3 9Kg packing 9Kg system 1Kg acces sory box 2 64Kg rails PROCESSOR Nocona...

Page 165: ...l motor system fan X 5 BIOS ROM ST M50FW040 FORM FACTOR 10 5 x 13 5 PCB S25 PCI X RISER BOARD FEA TURE PCI X 64bit Slot X 2 LCD MODULE FEATURE LCD display for server message 5 control panel buttons fo...

Page 166: ...infections security violations or virus entry points System administrators can download and deploy update components throughout the network helping ensure that protection is consistent and up to date...

Page 167: ...can encrypt messages or encrypt them with authentication Secure configuration and component download These features allow you to configure secure management console access and component download Task...

Page 168: ...ity and flexibility in the protocol design the drawbacks of applying XML as the data format standard for the communication protocol consist of the following XML parsing requires more system resources...

Page 169: ...h item is composed of name ID type length and value There will be no strict item order and compliment items can be present in the communication protocol only if needed In addition to applying binary s...

Page 170: ...nly the agent initiates the network connection to the server The server cannot initiate connection to the agent This one way communication works well for log data transfers However the server dispatch...

Page 171: ...e that drastically reduces re connection time Two Way Communication Two way communication is an alternative to one way communication It is still based on one way communication but has an extra channel...

Page 172: ...ime moment by moment reflection of the network s status Control Manager checks the status of each Network VirusWall Enforcer 2500 device in a sequential manner in the background Control Manager change...

Page 173: ...mode the Network VirusWall Enforcer 2500 device applies during the registration process A separate protocol handshake occurs between both parties to determine the mode Aside from simply sending the h...

Page 174: ...t both the device and the Control Manager server belong to the same network segment To register Network VirusWall Enforcer 2500 to Control Manager 1 Log on to the Preconfiguration console 2 On the Mai...

Page 175: ...router or NAT device server in the Port forwarding IP address and Port forwarding port number fields Note The Network VirusWall Enforcer 2500 device uses the Port forwarding IP address and Port forwar...

Page 176: ...rol Manager prompts for the segment of the Product Directory that the user can access Carefully plan the Product Directory since you can only grant access to a single segment For example granting acce...

Page 177: ...gure the Mail folder PRODUCT DIRECTORY TREE ICON DESCRIPTION New entity or user defined folder name InterScan eManager OfficeScan Corporate Edition ServerProtect Information Server ServerProtect Domai...

Page 178: ...s managed products handled by Trend VCS agents under the Trend VCS agents folder The following presents different scenarios for the accessible folders given to the account and the resulting default ma...

Page 179: ...her managed products on demand This is useful especially during virus outbreaks Download new components before deploying updates to specific or groups of Network VirusWall Enforcer 2500 devices or man...

Page 180: ...l to the summary provided by the Product Status tab in the Product Directory Root folder To access through Product Directory 1 Click Products on the main menu 2 On the left hand menu select the desire...

Page 181: ...e settings of other managed products from being overwritten The Configuration tab shows either the product s Web console or a Control Manager generated console To configure a product 1 Click Products...

Page 182: ...he Trend Micro ActiveUpdate server Perform a manual download to ensure that current components are already present in the Control Manager server To issue tasks to Network VirusWall Enforcer 2500 devic...

Page 183: ...Incident Refers to events The options are All events Virus outbreak Module update Service On Service Off Security violation Unusual network virus behavior Product If you select a folder this list sho...

Page 184: ...lete existing records and create a new database option This option creates a new database using the name of the existing one Replacing the corrupted Control Manager database with another database of t...

Page 185: ...efer to Change agent connection re verification frequency to modify the agent verification time Search for Network VirusWall Enforcer 2500 Devices Product Directory Folders or Computers Use the Search...

Page 186: ...t type messaging security web security file storage protection and so on The Directory allows you to create modify or delete folders and move Network VirusWall Enforcer 2500 devices between folders Yo...

Page 187: ...ces in your Control Manager network To use and apply changes in the Directory Manager Right click a folder or Network VirusWall Enforcer 2500 device to open a pop up menu that presents a list of actio...

Page 188: ...ntrol Manager creates a new sub folder under the main folder 4 Type a name for the new folder or use the default name and then press Enter 5 Click Save Except for the New entity folder Control Manager...

Page 189: ...Network VirusWall Enforcer 2500 device to the target new location Cut and paste the folder or Network VirusWall Enforcer 2500 device to the target new location 4 Click Save Delete User Defined Folders...

Page 190: ...Enforcer 2500 devices in Temp the same way you would with Network VirusWall Enforcer 2500 devices in the Product Directory The folders and Network VirusWall Enforcer 2500 devices belonging to Temp ha...

Page 191: ...he last method The Status Summary screen provides information as to which Network VirusWall Enforcer 2500 devices use outdated components It simplifies virus pattern and scan engine updates on groups...

Page 192: ...p To add from the Product Directory 1 Access the Product Directory 2 On the left hand menu select the Network VirusWall Enforcer 2500 device you want to add to Temp 3 Press on the numeric keypad To ad...

Page 193: ...h outdated component 6 Click Back to return to the Status Summary page and then proceed to the next outdated component Repeat the instructions until Control Manager adds all the outdated Network Virus...

Page 194: ...lates Vulnerability Assessment patterns network outbreak rules Pattern Release History and network virus pattern files Anti spam rules refer to import and rule files used for anti spam and content fil...

Page 195: ...This is the Trend Micro recommend method of configuring manual downloads Manually downloading components requires multiple steps Tip Ignore steps 1 and 2 if you have already configured your deploymen...

Page 196: ...he left menu under Update Manager click Deployment Plan The Deployment Plan screen appears 3 On the working area click Add New Plan 4 On the Add New Plan screen type a deployment plan name in the Plan...

Page 197: ...ts Control Manager delays the deployment according to the interval you specify Use the menus to indicate the duration in terms of hours and minutes Start at Performs the deployment at a specific time...

Page 198: ...B 33 1 Click Administration System Settings The System Settings screen appears...

Page 199: ...ate components from the Internet check box in the Download component proxy settings area 3 Type the host name or IP address of the server in the Host name field 4 Type a port number in the Port field...

Page 200: ...load screen appears 2 From the Components area select the components to download a Click the icon to expand the component list for each component group b Select the following components to download Fr...

Page 201: ...e icon to add an additional update source You can configure up to five update sources 2 Select Retry frequency and specify the number or retries and duration between retries for downloading components...

Page 202: ...Control Manager from the Deployment plan list 3 Click Save Step 6 Complete the manual download 1 Click Download Now and then click OK to confirm The download response screen appears The progress bar d...

Page 203: ...re Control Manager supports granular component downloading You can specify the component group and individual component download schedules All schedules are autonomous of each other Scheduling downloa...

Page 204: ...ds and Enable Scheduled Component Downloads Step 1 Configure a Deployment Plan for your components 1 Click Administration on the main menu 2 On the left menu under Update Manager click Deployment Plan...

Page 205: ...owing options Delay After Control Manager downloads the update components Control Manager delays the deployment according to the interval you specify Use the menus to indicate the duration in terms of...

Page 206: ...e Use a proxy server to download update components from the Internet check box in the Download component proxy settings area 3 Type the host name or IP address of the server in the Host name field 4 T...

Page 207: ...ea select the components to download a Click the icon to expand the component list for each component group b Select the following components to download From Pattern files Cleanup templates Virus pat...

Page 208: ...Enable scheduled download check box to enable scheduled download for the component 2 Define the download schedule Select a frequency and use the appropriate drop down menu to specify the desired sche...

Page 209: ...TP proxy server on the network that is the Control Manager server does not have direct Internet access click Edit to configure the proxy settings on the System Settings screen Step 6 Configure the aut...

Page 210: ...If you do not click Save your settings will be lost 2 Select a deployment plan after components download to Control Manager from the Deployment plan list 3 Click Save Step 7 Enable the schedule and s...

Page 211: ...administered by the parent server Local reports do not include reports generated by child servers Use the Global Report options to view reports about managed products administered by child servers re...

Page 212: ...Service Pack 3 The reports added in Service Pack 3 fall into five categories Desktop Fileserver Gateway MailServer and Executive Summary The new reports in Control Manager 3 5 fall into a new 6th cat...

Page 213: ...eX format Note Control Manager cannot send reports in ActiveX format as email attachments RPT Crystal Report format use Crystal Smart Viewer to view RPT reports After generating the report Report Serv...

Page 214: ...file click Create Report Profile Step 2 Configure the Contents tab settings 1 In the working area under the Contents tab type a name for the report in the Report name field to identify the profile on...

Page 215: ...ect the target of the local or global report profile Select the Network VirusWall Enforcer 2500 devices or folders The profile only contains information about the Network VirusWall Enforcer 2500 devic...

Page 216: ...e and segment of the clients you want to include in the report 3 Click Next to proceed to the Frequency tab Step 4 Configure the Frequency tab settings 1 On the working area under the Frequency tab sp...

Page 217: ...our of the first day and end time is the generation hour of the day when generation occurs 2 Under Start the scheduler specify when the Report Server starts collecting information for this report Sele...

Page 218: ...pients from the existing Control Manager users and groups Use to add recipients from the Users and groups list to the Recipient list Use to remove recipients from the Recipient list 2 Click Send the r...

Page 219: ...n click Finish to save the profile Review Report Profile Settings Use the Profile Summary screen to review profile settings To access Profile Summary and review report profiles Access Local or Global...

Page 220: ...available because Control Manager generates these reports only once Generate On demand Scheduled Reports The Report Server generates scheduled reports based on the date and time you specified When th...

Page 221: ...Profile screen to view the available local or global reports To view reports 1 Click Reports on the main menu 2 Do one of the following To create a local report profile click Local Report Profile on t...

Page 222: ...tivirus products for endpoints with Microsoft Windows 98 ME operating systems The tables in this chapter include Supported Products for Endpoints with Windows 98 or ME Operating Systems on page C 2 Su...

Page 223: ...er Associates International Inc eTrust EZ Antivirus 6 4 x Computer Associates International Inc eTrust EZ Antivirus 7 x McAfee Inc McAfee VirusScan 4 5 1 x McAfee Inc McAfee VirusScan 8 x McAfee Inc M...

Page 224: ...Virus 2003 Professional Edition 9 x Symantec Corp Norton AntiVirus 2004 10 x Symantec Corp Norton AntiVirus 2004 Symantec Corporation 10 x Symantec Corp Norton AntiVirus 10 x Symantec Corp Norton Anti...

Page 225: ...Administrator s Guide C 4 Supported Products for Endpoints with Windows XP 2000 or 2003 Operating Systems Refer to the Supported Products screen in the Web console for the latest list for endpoints wi...

Page 226: ...e that the data ends up where the sender intended it to go BPDU messages go back and forth across bridges to detect loops in a network topology The protocol then removes the loops by shutting down sel...

Page 227: ...continuously opera tional for a desirably long length of time Admin istrators usually measure availability relative to 100 operational or never failing IETF Short for Internet Engineering Task Force...

Page 228: ...Display A 5x7 dot dis play LCD on the Network VirusWall Enforcer 2500 front panel that is capable if displaying 2x16 character messages LCM console Also referred to as the LCD module It is com posed o...

Page 229: ...rk of computers Network virus The type of threat that Network VirusWall Enforcer 2500 devices can detect eliminate and contain A virus spreading over a network is not strictly speaking a network virus...

Page 230: ...access vendor companies known collectively as the PPTP Forum Preconfiguration console The console used to preconfigure a Network VirusWall Enforcer 2500 device Preconfiguring a Network VirusWall Enfor...

Page 231: ...paths into a standby or blocked state STP allows only one active path at a time between any two network devices this prevents the loops but establishes the redundant links as a backup if the initial...

Page 232: ...ides rules and sig natures to detect network threats and other vul nerabilities Network VirusWall Enforcer 2500 uses both the Network Virus Scan Engine and Network Virus Pattern to detect known threat...

Page 233: ...46 Control Manager antivirus and content security com ponents Anti spam rules B 29 Engines B 29 Pattern files Cleanup templates B 29 convention document P 4 conventions P 4 creating folders B 23 Creat...

Page 234: ...for B 20 viewing logs B 17 viewing status B 15 management 1 5 manually download components B 30 MCP understanding B 3 MCP benefits HTTPS support B 5 NAT and firewall traversal B 4 one way and two way...

Page 235: ...templates B 47 reports B 46 global B 46 local B 46 on demand scheduled B 55 report profiles B 48 ActiveX B 48 Contents B 49 creating B 48 Frequency B 51 PDF B 48 Recipient B 53 RPT B 48 RTF B 48 Targ...

Page 236: ...ministrator s Guide I 4 V VBScript 1 11 viewing managed products logs B 17 managed products status B 15 viewing generated reports B 56 vulnerability 1 14 5 19 W who should read this document audience...