i-i i-ii Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes and the latest version of the Installation Guide, which are available from Trend Micro’s Web site at: http://www.trendmicro.com/download/documentation/ Trend Micro, the Trend Micro t-ball logo, InterScan, TrendLabs, Trend Micro Control Manager, and Trend Micro Damage Cleanup Services are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright© 2011 Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without the express prior written consent of Trend Micro Incorporated. Release Date: August 2011 Protected by U.S. Patent No. 5,951,698 The Administrator’s Guide for Trend Micro is intended to provide in-depth information about the main features of the software. You should read through it prior to installing or using the software. For technical support, please refer to the Technical Support and Troubleshooting chapter for information and contact details. Detailed information about how to use specific features within the software are available in the online help file and online Knowledge Base at Trend Micro’s Web site. Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at [email protected]. Your feedback is always welcome. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp ii Contents Preface IWSVA Documentation ................................................................................xxii Audience ..........................................................................................................xxiii Document Conventions ...............................................................................xxiii About Trend Micro .......................................................................................xxiv Chapter 1: Introducing Trend Micro™ InterScan™ Web Security Virtual Appliance Web Traffic Security Risk Overview ...........................................................1-2 Smart Search Support ................................................................................1-3 Hardware Specifications ................................................................................1-4 Compatible Directory Servers for End-User Authentication .............1-5 Integration with ICAP 1.0-compliant Caching Devices ......................1-5 X-Authenticated ICAP Headers Support ..........................................1-5 What’s New ....................................................................................................1-6 Application Control ...................................................................................1-6 Application Traffic Statistics and Reporting ..........................................1-6 HTTP Inspection .......................................................................................1-6 Password Override Action for Blocked URL Filtering Categories ....1-6 Time Limit Action for URL Filtering .....................................................1-7 Time Quota Extension for URL Filtering Time Limit Action ...........1-7 Main Features ..................................................................................................1-7 HTTP Malware Scanning .........................................................................1-7 HTTPS Decryption ...................................................................................1-7 Web Reputation .........................................................................................1-8 High Availability .........................................................................................1-8 FTP Scanning .............................................................................................1-8 URL Filtering ..............................................................................................1-9 Content Caching ........................................................................................1-9 iii IP Address, Host Name and LDAP-based Client Identification ........1-9 Hyper-V Installation Support ...................................................................1-9 Notifications ..............................................................................................1-10 Real-time Statistics and Alerts ................................................................1-10 Logs and Reports ......................................................................................1-11 Syslog Support ..........................................................................................1-11 Integration with Cisco WCCP ................................................................1-12 Reverse Proxy Support ............................................................................1-12 Support for Multiple Trend Micro™ InterScan™ Web Security Virtual Appliance Installations ............................................................1-13 Advanced Reporting and Management Integration ............................1-13 Command Line Interface ........................................................................1-13 Chapter 2: Deployment Wizard Overview of the Deployment Wizard ..........................................................2-2 Mode Selection ................................................................................................2-2 Transparent Bridge Mode .........................................................................2-3 Transparent Bridge Mode - High Availability ........................................2-5 About Cluster IP Addresses ................................................................2-6 About Weighted Priority Election ......................................................2-6 Create a New Cluster ............................................................................2-6 Join an Existing Cluster ........................................................................2-8 Forward Proxy Mode .................................................................................2-9 Reverse Proxy Mode ................................................................................2-10 ICAP Mode ...............................................................................................2-11 Deploying IWSVA in ICAP Mode in the Deployment Wizard ...2-12 Simple Transparency Mode ....................................................................2-13 Web Cache Coordination Protocol (WCCP) Mode ............................2-14 Mode-specific Settings ..................................................................................2-15 Proxy Settings ...........................................................................................2-16 Forward Proxy Mode ..........................................................................2-16 Reverse Proxy Settings .......................................................................2-19 ICAP Settings ............................................................................................2-20 Simple Transparency Settings .................................................................2-23 WCCP Settings .........................................................................................2-23 iv Network Interface .........................................................................................2-27 Host Information .....................................................................................2-27 Interface Status ....................................................................................2-27 Data Interface ......................................................................................2-30 Separate Management Interface ........................................................2-32 Miscellaneous Settings .............................................................................2-33 Static Routes ..................................................................................................2-34 Product Activation ........................................................................................2-35 About Licenses .........................................................................................2-35 Third-party Licensing Agreements ...................................................2-36 Registering Online ...................................................................................2-36 About Activation Codes .........................................................................2-37 System Time Settings ...................................................................................2-38 Summary .........................................................................................................2-39 Results .............................................................................................................2-40 Deployment Status ..............................................................................2-40 Post Deployment ..........................................................................................2-41 LAN-bypass Function .............................................................................2-41 Enabling the LAN-bypass Function ................................................2-42 Setting Up IWSVA ICAP .......................................................................2-43 Setting up an ICAP 1.0-compliant Cache Server ...........................2-44 Configuring Virus-scanning Server Clusters ........................................2-50 Deleting a Cluster Configuration or Entry .....................................2-50 Flushing Existing Cached Content from the Appliance ....................2-51 Verifying that InterScan Web Security Virtual Appliance is Listening for ICAP Requests ..............................................2-52 Understanding the Differences between Request Mode and Response Mode ........................................................................2-53 Triggering a Request Mode Action ..................................................2-54 Triggering a Response Mode Action ...............................................2-54 Chapter 3: High Availability and Cluster Management for Transparent Bridge Mode High Availability Overview ...........................................................................3-2 v About Active/Passive Pairs ......................................................................3-3 The HA Agent Handles Status Changes ............................................3-4 Failover vs. Switchover .........................................................................3-4 HA Agent and Interfaces ...............................................................................3-4 About the Deployment Wizard ................................................................3-4 Creating a Cluster ..................................................................................3-5 Joining a Cluster .....................................................................................3-5 About the Application Health Monitor ..................................................3-5 Link Loss Detection ..............................................................................3-5 About Central Management .....................................................................3-6 Centrally Managed and Non-centrally Managed Features ..............3-8 About Cluster Management ....................................................................3-10 Cluster Configuration .........................................................................3-11 Node Configuration ............................................................................3-11 Cluster Logs and Notifications ..........................................................3-12 Accessing the Cluster ..........................................................................3-13 Cluster Management Web Console Page .........................................3-15 Chapter 4: Updates Product Maintenance ......................................................................................4-2 Renewing Your Maintenance Agreement ..............................................4-2 About ActiveUpdate .......................................................................................4-3 Updating From the IWSVA Web Console ............................................4-3 Proxy Settings for Updates ............................................................................4-3 Updatable Program Components .................................................................4-4 Virus Pattern File ........................................................................................4-5 How it Works .........................................................................................4-5 Phish Pattern File .......................................................................................4-6 Page Analysis Pattern .................................................................................4-6 Spyware/Grayware Pattern File ...............................................................4-7 IntelliTrap Pattern and IntelliTrap Exception Pattern Files ................4-7 Scan Engine .................................................................................................4-8 About Scan Engine Updates ................................................................4-9 Web Reputation Database ........................................................................4-9 Incremental Updates of the Pattern Files and Engines ......................4-10 vi Component Version Information .........................................................4-10 Manual Updates ............................................................................................4-10 Forced Manual Updates ..........................................................................4-11 Scheduled Updates ........................................................................................4-12 Maintaining Updates .....................................................................................4-13 Verifying a Successful Update ................................................................4-13 Update Notifications ...............................................................................4-13 Rolling Back an Update ..........................................................................4-13 Deleting Old Pattern Files ......................................................................4-14 Controlled Virus Pattern Releases ..............................................................4-14 Chapter 5: Application Control and Traffic Statistics Application Control Overview .....................................................................5-2 Application Control Policy List ....................................................................5-2 Add Policies: Select Accounts ..................................................................5-4 Adding an Application Control Policy ..............................................5-4 Add or Edit Policies: Specify Rules for Application Control Policies 5-5 Specifying Application Control Policy Rules ....................................5-5 Application Control Settings ....................................................................5-7 Application Control Traffic Statistics Overview ........................................5-8 Chapter 6: HTTP Configuration Enabling the HTTP/HTTPS Traffic Flow ................................................6-2 Specifying a Proxy Configuration and Related Settings ............................6-2 Proxy Configurations ................................................................................6-4 No Upstream Proxy (Stand-alone Mode) .........................................6-4 Upstream Proxy (Dependent Mode) .................................................6-5 Transparent Proxy ................................................................................6-7 Reverse Proxy ........................................................................................6-9 Proxy-related Settings ..............................................................................6-10 HTTP Listening Port .........................................................................6-10 Anonymous FTP Logon Over HTTP Email Address ..................6-11 Network Configuration and Load Handling ............................................6-11 vii Shared Policy after Registering to ARM ...............................................6-12 Configuring Internet Access Control Settings ..........................................6-13 Identifying Clients and Servers ...............................................................6-13 Client IP .....................................................................................................6-14 Server IP White List .................................................................................6-15 Destination Port Restrictions .................................................................6-16 HTTPS Ports ............................................................................................6-17 Chapter 7: Policies and User Identification Method How Policies Work .........................................................................................7-2 Default Global and Guest Policies ...............................................................7-3 About the Guest Policy .............................................................................7-4 Enabling the Guest Port ...........................................................................7-4 Deploying Policies ...........................................................................................7-5 Configuring the User Identification Method ..............................................7-5 IP Address ...................................................................................................7-6 Host Name ..................................................................................................7-7 Client Registration Utility .....................................................................7-9 User/Group Name Authentication .........................................................7-9 LDAP Authentication Method .........................................................7-10 LDAP Communication Flows ...........................................................7-12 LDAP Authentication in Transparent Mode .......................................7-14 Configuring LDAP Settings ...............................................................7-16 LDAP Query Matching Across Main and Referral Servers ..........7-21 Cross Domain Active Directory Object Queries ...........................7-22 Configuring the Scope of a Policy .........................................................7-22 Configuring Policies Using IP Addresses ........................................7-23 Configuring Policies Using Host Names .........................................7-24 Configuring Policies Using LDAP ....................................................7-24 Login Accounts .............................................................................................7-25 About Access Rights ................................................................................7-26 Adding a Login Account .........................................................................7-26 Changing a Login Account .....................................................................7-27 viii