i-i Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 SP2 Administrator’s Guide i-ii Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes and the latest version of the Installation Guide, which are available from Trend Micro’s Web site at: http://www.trendmicro.com/download/documentation/ Trend Micro, the Trend Micro t-ball logo, InterScan, TrendLabs, Trend Micro Control Manager, and Trend Micro Damage Cleanup Services are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright© 2017 Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without the express prior written consent of Trend Micro Incorporated. Release Date: August 2017 Protected by U.S. Patent No. 5,951,698 The Administrator’s Guide for Trend Micro is intended to provide in-depth information about the main features of the software. You should read through it prior to installing or using the software. For technical support, please refer to the Technical Support and Troubleshooting chapter for information and contact details. Detailed information about how to use specific features within the software are available in the Online Help file and online Knowledge Base at Trend Micro’s Web site. Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at [email protected]. Your feedback is always welcome. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp ii-i ii-ii Contents Preface IWSVA Documentation ...............................................................................xxiv Audience ...........................................................................................................xxv Document Conventions ................................................................................xxv About Trend Micro .......................................................................................xxvi Chapter 1: Introducing Trend Micro™ InterScan™ Web Security Virtual Appliance Main Features ..................................................................................................1-2 Application Control ...................................................................................1-2 Bandwidth Control ....................................................................................1-2 HTTP Inspection .......................................................................................1-2 Data Loss Prevention ................................................................................1-2 Data Identifier Types ............................................................................1-3 Expressions .................................................................................................1-3 Predefined Expressions ........................................................................1-4 Keyword Lists .............................................................................................1-4 Predefined Keyword Lists ...................................................................1-4 Data Loss Prevention Templates ............................................................1-4 Data Loss Prevention Policies .................................................................1-5 Advanced Threat Protection ....................................................................1-5 HTTPS Decryption ...................................................................................1-6 Web Reputation .........................................................................................1-6 High Availability .........................................................................................1-6 FTP Scanning .............................................................................................1-7 URL Filtering ..............................................................................................1-7 Content Caching ........................................................................................1-7 IP Address, Host Name and LDAP-based Client Identification .......1-7 Hyper-V Installation Support ..................................................................1-8 Notifications ...............................................................................................1-8 Real-time Statistics and Alerts ..................................................................1-8 iii Logs and Reports ........................................................................................1-9 Syslog Support ............................................................................................1-9 Integration with Cisco WCCP ................................................................1-10 Reverse Proxy Support ............................................................................1-10 Support for Multiple Trend Micro™ InterScan™ Web Security Virtual Appliance Installations ............................................................1-11 Command Line Interface ........................................................................1-11 What’s New? ..................................................................................................1-11 System Specifications ....................................................................................1-11 Web Browser Requirements ...................................................................1-11 Hardware Requirements ..........................................................................1-12 Compatible Directory Servers for End-User Authentication ............1-13 Integration with ICAP 1.0-compliant Caching Devices .....................1-13 X-Authenticated ICAP Headers Support ........................................1-13 System Status ..................................................................................................1-13 Enabling Threshold Alert Settings ....................................................1-14 Concurrent Connections Display ......................................................1-14 Bandwidth Control Display ...............................................................1-15 Interface Status ....................................................................................1-15 Hardware Status ........................................................................................1-16 SNMP Queries and Traps .......................................................................1-17 CPU Usage Display .............................................................................1-17 Physical Memory Usage Display .......................................................1-18 Hard Drive Display .............................................................................1-19 Accessing Additional Web Threat Information ..................................1-19 Dashboard ......................................................................................................1-20 Web Traffic Security Risk Overview ..........................................................1-22 Smart Search Support ..............................................................................1-24 Chapter 2: Deployment Wizard Overview of the Deployment Wizard ..........................................................2-2 Mode Selection ................................................................................................2-2 Transparent Bridge Mode .........................................................................2-3 Transparent Bridge Mode - High Availability ........................................2-4 iv About Cluster IP Addresses ................................................................2-5 About Weighted Priority Election ......................................................2-6 Create a New Cluster ............................................................................2-6 Join an Existing Cluster .......................................................................2-8 Forward Proxy Mode ................................................................................2-9 Reverse Proxy Mode ...............................................................................2-10 ICAP Mode ...............................................................................................2-11 Deploying IWSVA in ICAP Mode in the Deployment Wizard ..2-12 Simple Transparency Mode ....................................................................2-13 Web Cache Coordination Protocol (WCCP) Mode ...........................2-14 Mode-specific Settings .................................................................................2-15 Proxy Settings ...........................................................................................2-16 Forward Proxy Mode .........................................................................2-16 Reverse Proxy Settings .......................................................................2-18 ICAP Settings ...........................................................................................2-19 Simple Transparency Settings ................................................................2-22 WCCP Settings .........................................................................................2-23 Network Interface .........................................................................................2-27 Host Information .....................................................................................2-27 Interface Status ....................................................................................2-28 Data Interface ......................................................................................2-31 Separate Management Interface ........................................................2-33 Miscellaneous Settings (IPv4 and IPv6) ...............................................2-34 Static Routes ..................................................................................................2-35 Product Activation ........................................................................................2-36 About Licenses .........................................................................................2-37 Third-party Licensing Agreements ...................................................2-37 Registering Online ...................................................................................2-38 About Activation Codes .........................................................................2-39 System Time Settings ...................................................................................2-40 Results .............................................................................................................2-40 Deployment Status ..............................................................................2-41 Post Deployment ..........................................................................................2-41 LAN Bypass Function .............................................................................2-42 Enabling the LAN Bypass Function ................................................2-43 v Setting Up IWSVA ICAP .......................................................................2-45 Setting up an ICAP 1.0-compliant Cache Server ...........................2-45 Configuring Virus-scanning Server Clusters ........................................2-49 Deleting a Cluster Configuration or Entry ......................................2-50 Flushing Existing Cached Content from the Appliance ....................2-51 Verifying that InterScan Web Security Virtual Appliance is Listening for ICAP Requests ................................................................2-51 Understanding the Differences between Request Mode and Response Mode ..........................................................................................2-53 Triggering a Request Mode Action ...................................................2-53 Triggering a Response Mode Action ................................................2-54 Chapter 3: High Availability and Cluster Management for Transparent Bridge Mode High Availability Overview ............................................................................3-2 About Active/Passive Pairs ......................................................................3-3 The HA Agent Handles Status Changes ............................................3-4 Failover vs. Switchover .........................................................................3-4 HA Agent and Interfaces ...............................................................................3-4 About the Deployment Wizard ................................................................3-4 Creating a Cluster ..................................................................................3-5 Joining a Cluster .....................................................................................3-5 About the Application Health Monitor ..................................................3-5 Link Loss Detection ..............................................................................3-6 About Central Management .....................................................................3-6 Centrally Managed and Non-centrally Managed Features ..............3-7 About Cluster Management ....................................................................3-10 Cluster Configuration .........................................................................3-10 Node Configuration ............................................................................3-11 Cluster Logs and Notifications ..........................................................3-12 Accessing the Cluster ..........................................................................3-12 Cluster Management Web Console Page .........................................3-15 Chapter 4: Updates Product Maintenance ......................................................................................4-2 vi Renewing Your Maintenance Agreement .............................................4-2 About ActiveUpdate .......................................................................................4-3 Updating From the IWSVA Web Console ............................................4-3 Proxy Settings for Updates ............................................................................4-4 Updatable Program Components .................................................................4-5 Virus Pattern File .......................................................................................4-5 How it Works ........................................................................................4-6 Spyware/Grayware Pattern File ...............................................................4-7 Bot Pattern File ..........................................................................................4-8 IntelliTrap Pattern and IntelliTrap Exception Pattern Files ...............4-8 Smart Scan Agent pattern .........................................................................4-8 Script Analysis (SA) pattern ......................................................................4-8 Protocol Information Extraction Pattern ..............................................4-9 Scan Engine ................................................................................................4-9 About Scan Engine Updates .............................................................4-10 Web Reputation Database ......................................................................4-10 Incremental Updates of the Pattern Files and Engines .....................4-11 Component Version Information .........................................................4-11 Manual Updates ............................................................................................4-11 Forced Manual Updates ..........................................................................4-12 Scheduled Updates ........................................................................................4-12 Maintaining Updates .....................................................................................4-13 Update Notifications ...............................................................................4-13 Rolling Back an Update ..........................................................................4-14 Deleting Old Pattern Files ......................................................................4-14 Controlled Virus Pattern Releases ..............................................................4-15 Chapter 5: Application Control Application Control Overview .....................................................................5-2 Application Control Policy List ....................................................................5-2 Add Policies: Select Accounts ..................................................................5-4 Adding an Application Control Policy ..............................................5-5 Add or Edit Policies: Specify Rules for Application Control Policies 5-5 vii Specifying Application Control Policy Rules ....................................5-6 Application Control Settings ....................................................................5-8 Chapter 6: Bandwidth Control About Bandwidth Control .............................................................................6-2 Bandwidth Control Policy List ......................................................................6-2 Add Policies: Select Accounts ..................................................................6-3 Add Policies: Specify Rules .......................................................................6-4 Adding a Bandwidth Control Policy ............................................................6-5 Specifying the Actual Internet Bandwidth ..................................................6-6 Chapter 7: HTTP Configuration Enabling the HTTP/HTTPS Traffic Flow .................................................7-2 Specifying a Proxy Configuration and Related Settings ............................7-2 Proxy Configurations .................................................................................7-4 No Upstream Proxy (Stand-alone Mode) ..........................................7-4 Upstream Proxy (Dependent Mode) ..................................................7-6 Transparent Proxy .................................................................................7-8 Reverse Proxy ......................................................................................7-10 Proxy-related Settings ..............................................................................7-11 HTTP Listening Port ..........................................................................7-11 Anonymous FTP Logon Over HTTP Email Address ..................7-12 Network Configuration and Load Handling .............................................7-12 Configuring Internet Access Control Settings ..........................................7-13 Identifying Clients and Servers ...............................................................7-13 Client IP .....................................................................................................7-14 Approved Server IP List .........................................................................7-15 Destination Port Restrictions .................................................................7-16 HTTPS Ports ............................................................................................7-17 Chapter 8: Policies and User Identification Method How Policies Work .........................................................................................8-2 viii
Description: