1. Manuals
  2. Brands
  3. Trend Micro Manuals
  4. Firewall
  5. VirusWall 2500
  6. Administrator's manual

Trend Micro VirusWall 2500 Administrator's Manual

Network enforcer
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Network VirusWall
Enforcer
2500
TM
Administrator's Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the VirusWall 2500 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Trend Micro VirusWall 2500

Summary of Contents for Trend Micro VirusWall 2500

  • Page 1 Network VirusWall Enforcer 2500 Administrator's Guide...
  • Page 2 Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes, and the latest version of the applicable user documentation, which are available from the Trend Micro Web site http://www.trendmicro.com/download...
  • Page 3 Detailed information about how to use specific features within the software are available in the online help file and the online Knowledge Base at Trend Micro’s Web site. Trend Micro is always seeking to improve its documentation. Your feedback is always welcome.

  • Page 4: Table Of Contents

    Audience .................... P-4 Document Conventions..............P-4 Chapter 1: Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Trend Micro™ Network VirusWall Enforcer 2500 ......1-2 Functions and Capabilities ..............1-2 Network VirusWall Enforcer 2500 Architecture ....... 1-5 Components ................... 1-5 Device(s) ..................1-5 Management ................
  • Page 5 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Bridge IP Address ..............1-18 Static Routes ................1-20 An Example of When a Bridge IP Address and Static Route is Necessary ............1-20 SNMP ...................1-22 Security ..................1-22 SNMP Trap Limitations ............1-24 SNMP Traps ................1-24 SNMP Agent Messages .............1-25...
  • Page 6 Contents Chapter 2: Configuring Policy Enforcement and Device Settings Getting Started with Network VirusWall Enforcer 2500 ....2-2 Configuring Policy Enforcement Settings ......... 2-2 Configuring Policy Enforcement Settings ........2-3 Configuring Network Zones ............2-12 Configuring the URL List ............2-13 Specifying Global Endpoint Exceptions ........
  • Page 7 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Viewing Supported Products ..............4-3 Understanding Logs ................4-3 Types of Network VirusWall Enforcer 2500 Logs ......4-3 Viewing the Event Log ...............4-3 Endpoint History .................4-4 Configuring Log Settings ...............4-4 LCD Module Log Format and Interpretation .........4-4 Asset Tag Logs ................4-5...
  • Page 8 Contents Appendix B: Introducing Trend Micro Control Manager™ Control Manager Basic Features ............B-2 Understanding Trend Micro Management Communication Protocol ..............B-3 Reduced Network Loading and Package Size .......B-3 NAT and Firewall Traversal Support ..........B-4 HTTPS Support ................B-5 One-Way and Two-Way Communication Support .......B-6 One-Way Communication ............B-6...
  • Page 9 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Refresh the Product Directory ..........B-21 Understanding Directory Manager ..........B-21 Using the Directory Manager Options ........B-22 Access Directory Manager ............B-23 Create Folders ................B-23 Renaming Folders or Network VirusWall Enforcer 2500 Devices ................
  • Page 10 Contents Appendix C: Supported Antivirus Products Supported Products for Endpoints with Windows 98 or ME Operating Systems .............C-2 Supported Products for Endpoints with Windows XP, 2000, or 2003 Operating Systems ..........C-4 Appendix D: Glossary Index...

  • Page 11: Preface

    Enforcer 2500. This book contains information about the tasks you need to configure Network VirusWall Enforcer 2500. This book is intended for novice and experienced users of Trend Micro Network VirusWall Enforcer 2500 who want to quickly configure, administer, and monitor the product.

  • Page 12: Network Viruswall Enforcer 2500 Documentation

    Note: Trend Micro recommends checking the Update Center for updates to the Network VirusWall Enforcer 2500 documentation and program file. You can download the latest versions of the Upgrade Guide and Administrator’s Guide from the following location: http://www.trendmicro.com/en/products/network/nvwe/evaluate/overview.htm...
  • Page 13 • Overview of the product and its architecture, and description of all new features in Network VirusWall Enforcer 2500, see Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 on page 1-1 • Procedures to configure and administer Network VirusWall Enforcer 2500 from...

  • Page 14: Audience

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Audience The Network VirusWall Enforcer 2500 documentation assumes a basic knowledge of security systems, including: • Antivirus and content security protection • Network concepts (such as IP address, netmask, topology, LAN settings) •...
  • Page 15 Chapter 1 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 This chapter introduces Trend Micro Network VirusWall Enforcer 2500 and provides an overview of its technology, capabilities, and hardware connections. The topics discussed in this chapter include: • Trend Micro™ Network VirusWall Enforcer 2500 on page 1-2 •...

  • Page 16: Enforcer 2500

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Trend Micro™ Network VirusWall Enforcer 2500 Trend Micro Network VirusWall Enforcer 2500 is an outbreak prevention appliance that helps organizations stop network viruses (Internet worms), block high-threat vulnerabilities during outbreaks, and quarantine and clean up infection sources including unprotected devices as they enter the network, using threat-specific knowledge from Trend Micro deployed at the network layer.
  • Page 17 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 View a Summary of Your Network’s Protection Against Viruses Use the Summary and Real-time status screens to help you monitor your network’s protection against viruses. View the following from the Summary screen: •...
  • Page 18 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Enforce Antivirus Policies Network VirusWall Enforcer 2500 monitors endpoints and determines the status of their antivirus protection. Based on this information, configure antivirus policy settings to block, monitor, or redirect traffic, including traffic from specified TCP and UDP ports.

  • Page 19: Network Viruswall Enforcer 2500 Architecture

    Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Network VirusWall Enforcer 2500 Architecture This section describes the Network VirusWall Enforcer 2500 components and antivirus defenses, which includes discussion about its antivirus technology and types of network threats. Components Two major components make up a Network VirusWall Enforcer 2500 system: •...
  • Page 20 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Preconfiguration Console The Preconfiguration console allows you to perform the network configuration and set the device settings by directly connecting to the Network VirusWall Enforcer 2500 device using a terminal communication application.
  • Page 21 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Web Console The Network VirusWall Enforcer 2500 Web console provides central management of Network VirusWall Enforcer 2500 devices. You can manage two devices when you configure a failover environment. The Web console gives you the tools to configure and enforce antivirus policies for an entire organization.
  • Page 22 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide LCD Module This document uses the term "LCD module (LCM or LCM console)" to refer to the Liquid Crystal Display (LCD) and the control panel Network VirusWall Enforcer 2500 front panel elements collectively. The best use of the LCM console is for...
  • Page 23 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 The following table lists the differences between the management tools: RECONFIG SAGE URATION ONSOLE ODULE ONSOLE Configure advanced device settings Configure device settings Configure Endpoint Notifications Configure interface speed and duplex mode Configure High Availability settings...

  • Page 24: Antivirus Technology

    Equipped with the Trend Micro™ network scan engine and network virus pattern file, Network VirusWall Enforcer 2500 scans every packet entering and leaving a...

  • Page 25: Understanding Security Risks

    Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Understanding Security Risks Tens of thousands of viruses exist, with more coming into existence each day. Although once most common in DOS or Windows, computer viruses today can cause a great amount of damage by exploiting vulnerabilities in corporate networks, email systems and Web sites.
  • Page 26 Vulnerability Scan helps prevent attacks by detecting major threats associated with vulnerabilities in Microsoft operating systems. Trend Micro assesses the risks posed by vulnerabilities by considering the significance of Internet threats that use them, the vulnerability’s potential and actual impact, and the difficulty or ease by which vulnerability can be used—also known as...

  • Page 27: Protection Principle

    Tip: Trend Micro recommends deploying a Network VirusWall Enforcer 2500 device between switches or routers. Although the exact location of the device depends on the network topology, position the device between level 2 (L2) switches or level 3 (L3) routers.

  • Page 28: Protecting Your Network

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Network VirusWall Enforcer 2500 accomplishes these tasks: • Scan network traffic to and from endpoints • Assess vulnerability on endpoints • Block endpoints they do not conform to the security policies of your organization •...
  • Page 29 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Policy Enforcement assesses the status of endpoint antivirus installations and vulnerabilities by using the following components: • Exception list Network VirusWall Enforcer 2500 does not monitor endpoints belonging to the Policy Enforcement exception list for policy violations. Network VirusWall Enforcer 2500 monitors endpoints that do not belong to the exception list based on the traffic volume and connection rules.
  • Page 30 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide • Network Virus Policy Configure Network Virus Policy to scan for network viruses and to help prevent network outbreaks. If a network virus is detected, Network VirusWall Enforcer 2500 can monitor (allow the packet to reach it’s destination), drop the packet, or quarantine the endpoint computer.

  • Page 31: Understanding Endpoints

    Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Understanding Endpoints A packet source (a machine or a device) can have more than one network interface card (NIC) and therefore can have more than one IP address. Network VirusWall Enforcer 2500 considers each IP and MAC address pair a unique endpoint.

  • Page 32: Ip Address Settings

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide See the following pages to: • Configure Network VirusWall Enforcer 2500 Policy Enforcement setting, page • View Network VirusWall Enforcer 2500 log information, page 4-3 IP Address Settings Configure the Management IP Address, Bridge IP Address, and Static Routes to minimize transfer of data through an external router.
  • Page 33 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 What happens: Network VirusWall Enforcer (NVWE) receives traffic with Endpoint 2’s IP and MAC addresses. The path of the traffic is: Endpoint 2 -> L2 Switch -> NVWE. Network VirusWall Enforcer (NVWE) sends the blocking page and deploys Policy Enforcement Agent to Endpoint 2.

  • Page 34: Static Routes

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide The solution: Add a Bridge IP address and bind the address to a bridge port using the Web console. You can add Bridge IP addresses from Administration -> IP Address Settings | Bridge IP Address(es).
  • Page 35 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 1-6. An Example of When a Bridge IP Address and Static Route is IGURE Necessary What happens and when the Bridge IP address and Static Route are used: Network VirusWall Enforcer (NVWE) receives traffic with Endpoint 1’s IP and Router 1’s MAC addresses.

  • Page 36: Snmp

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide SNMP Simple Network Management Protocol (SNMP) is set of communications specifications for managing network devices, such as bridges, routers, and hubs over a TCP/IP network. In the SNMP management architecture, one or more computers on the network act as a network management station (NMS) and poll the managed devices to gather information about their performance and status.
  • Page 37 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Table 1-2 Table 1-3 enumerate the supported Network VirusWall Enforcer 2500 SNMP specifications: ERSION READ ONLY (the GET command) CCESS PRIVILEGES MIB II, with the following standard ANAGEMENT NFORMATION (MIB) objects: • System group •...

  • Page 38: Snmp Trap Limitations

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide SNMP Trap Limitations The following SNMP traps limitations exist: • Version supported: 2c • Community Names: one community name allowed • Community name character limitations: 1–33 alphanumeric characters (including underscore: "_") •...

  • Page 39: Snmp Agent Messages

    Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 SNMP Agent Messages In addition to the standard SNMP agent messages, Network VirusWall Enforcer 2500 defines the following additional agent messages: • nvwScanCurrConn—Concurrent scan connections. • nvwScanCurrMem—Current memory use for scans. • nvwPolicyCurrConn—Concurrent number of endpoints with Policy Enforcer Agent (PEAgent).

  • Page 40: Native Vlan

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Native VLAN Network VirusWall Enforcer 2500 supports the Native VLAN feature in port group settings. When you have configured a port group with a specific VLAN and Network VirusWall Enforcer receives untagged packets, the device compares the destination MAC address from the packets to the Non-VLAN traffic and specific VLAN traffic MAC address tables.

  • Page 41: Network Viruswall Enforcer 2500

    Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Network VirusWall Enforcer 2500 Network VirusWall Enforcer 2500 is a high capacity, gigabit-capable device added to the Network VirusWall product line. This model provides the following new features: • Network VirusWall Enforcer 2500 Web console •...

  • Page 42: High Availability

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide High Availability Network VirusWall Enforcer 2500 achieves high availability (HA) using the following solutions: • Redundant ports and devices • Failover • Failopen Tip: Refer to the Getting Started Guide > Understanding and Testing the Network VirusWall Enforcer 2500 Deployment section for details on how to apply a failover and failopen solution in a Network VirusWall Enforcer 2500 deployment.

  • Page 43: Failover

    Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Port Redundancy Considerations Consider the following points when implementing a port redundancy deployment: • A redundant group must include two port groups with different ports • Each port group can contain: • Ports and port attribute •...

  • Page 44: Failopen

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Failover Considerations Consider the following points when implementing a failover solution: • A Network VirusWall Enforcer 2500 failover pair must have identical devices—same model and running the same Network VirusWall Enforcer 2500 program file and boot loader.
  • Page 45 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Failopen Considerations Consider the following points when implementing a failopen-based solution: • If the switches on your network do not support auto MDI/MDI-X, use a crossover and non-crossover cable combination to enable failopen. Invalid cable combinations prevent Network VirusWall Enforcer 2500 from using failopen and can result in network issues.
  • Page 46 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide ORTS ORTS TATUS TATUS ROCESS ECONDS AILOPEN AILOPEN ENABLED) DISABLED) Restart the device Disconnected Disconnected BIOS Power-On Self Test (POST) Connected Connected Loading Grand Unified Bootloader Connected Disconnected (GRUB) Rescue Mode Connected...

  • Page 47: Policy Prioritization And Creation

    Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Policy Prioritization and Creation Network VirusWall Enforcer 2500 allows you to create multiple policies directed at different network segments and different types of endpoints and traffic. Network VirusWall Enforcer 2500 follows a first-match rule—once the device matches a policy to an endpoint it stops searching for additional policy matches to the endpoint down the policy list.
  • Page 48 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Priority Endpoint Destination Scan Feature Network Virus Policy RD, Marketing Antivirus Program Scan, Network Virus Policy RD, Marketing Sales Antivirus Program Scan, System Threat Scan, Vulnerability Scan, Network Virus Policy 1-6. Example of incorrectly prioritized policies...
  • Page 49 The ICQ and AIM information listed are from the default settings. However, these ports can be easily changed. • If you enable only the ActiveX and select to only assess Trend Micro products, then the Policy Enforcement Agent (PEAgent) will not install on endpoints.
  • Page 50 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide • If you want to access the URL Exception page, do not type TCP port 80 in Application Protocol Detection. • If you select the Reject packet action in Application Protocol Detection the following occurs for: •...

  • Page 51: Sample Policy Creation

    Sample Policy Creation Network VirusWall Enforcer 2500 architecture is different from previous releases of the Network VirusWall 2500 product line. In Network VirusWall Enforcer 2500, administrators create policies to detect whether any or a group of endpoints sending traffic through the device violate or comply with these policies. Configuring a policy to determine whether any or a group of endpoints violate or comply with security settings is a major feature in Network VirusWall Enforcer 2500.
  • Page 52 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide 1-7. Sample Policy 1: Authenticated users Step 2 IGURE In Step 2: • Select Enable user authentication and Apply policy to authenticated users to apply this policy to authenticated users. • Specify the "Internal Endpoints" network zone as the Source.
  • Page 53 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 1-8. Sample Policy 1: Authenticated users Step 3 IGURE In Step 3: • Select Antivirus Program Scan and all of the antivirus applications in the list. • Select to Block non-compliant endpoints to block endpoints that do not have any of these applications installed.
  • Page 54 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide 1-9. Sample Policy 1: Authenticated users Step 4 IGURE In Step 4: • Select Enable Network Virus Scan. • Select Log policy violation and Notify endpoints about policy violations to record and send a blocking page to the endpoint with a notification message.

  • Page 55: Sample Policy 2: Guest Users

    Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Sample Policy 2: Guest users For the second policy, specify the required registry key if guest users try to access endpoints belonging to the network. 1-10. Sample Policy 2: Guest users Step 2...
  • Page 56 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide 1-11. Sample Policy 2: Guest users Step 3 IGURE In Step3: • Select Registry Key Scan and add the registry key as required. • Select to Block non-compliant endpoints to block endpoints that do not have any of these applications installed.
  • Page 57 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 1-12. Sample Policy 2: Guest users Step 4 IGURE In Step 4: • Select Enable Network Virus Scan. • Select Log policy violation and Notify endpoints about policy violations to record and send a blocking page to the endpoint with a notification message.

  • Page 58: Sample Policy 3: Catchall

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Sample Policy 3: Catchall When you create this policy, do not select Enable user authentication in Step 2 and ensure that settings are configured to Any or All. Select all of the Services from Policy 1 and Policy 2.
  • Page 59 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Policy Scenario 2: Ensure that all endpoints have Windows XP Service Pack 2 installed. This example requires a policy that ensures that endpoints with Windows XP operating systems have Service Pack 2 installed.
  • Page 60 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide For this policy, configure a network zone that includes all IP addresses of endpoints with Windows XP operating systems. You can click Add from Step 2 of the Add Policy screens to configure a new Network Zone.
  • Page 61 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Specify the Windows XP network zone as the Source and the Destination as any to apply this policy to the Windows XP endpoints. 1-16. Policy Scenario 2: Step 2 IGURE...
  • Page 62 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Select the Registry Key Scan service. 1-17. Policy Scenario 2: Step 3 IGURE...
  • Page 63 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Add the registry value for Service Pack 2 as a required registry key. 1-18. Policy Scenario 2: Add the required registry key IGURE Confirm that the required registry key displays in the Registry Key Scan list.

  • Page 64: Sample Deployment Scenarios

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Sample Deployment Scenarios Install Network VirusWall Enforcer 2500 on a network that contains Ethernet devices such as switches, routers, and hubs. Deploy the device between a switch that leads to the public network and an edge switch that protects a segment of the Local Area Network (LAN).
  • Page 65 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 1-19. Standard Network Mode Scenario IGURE...

  • Page 66: Deployment Scenario Ii: Global Site

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Deployment Scenario II: Global Site In this sample deployment scenario, Network VirusWall Enforcer 2500: • Protects the data center—The Network Virus Policy feature scans all traffic and Policy Enforcement applies to remote hosts. Apply a remedy to endpoints that violate the policy.

  • Page 67: Deployment Scenario Iii: Very Large Enterprise Or Internet Service Provider

    Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Deployment Scenario III: Very Large Enterprise or Internet Service Provider In this sample deployment scenario, the network is very large and the WAN protocol may be used. You can place Network VirusWall Enforcer in either of the following: •...

  • Page 68: Sample Policy Configuration

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Sample Policy Configuration This section provides three sample policy configurations for Deployment Scenario I: Standard Network on page 1-50. To protect each area of the network, create different policies based on area and type of access. For this example, we want to do the following: •...
  • Page 69 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 The first policy, Table 1-8, specifically handles all traffic originating from payment processing since the public server farm can be used for billing purposes. Settings Details • Endpoint Policy name: Priority Connection to Farm Settings •...
  • Page 70 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide The second policy, Table 1-9, is necessary to handle all other traffic. Settings Details • Endpoint Policy name: Server farm Settings • Policy comment: The priority of this should always be after "Priority Connection to Farm"...
  • Page 71 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 The last policy, Table 1-10, handles all cases not covered by the other policies. Details • Endpoint Policy name: Catch All Settings • Policy comment: The priority of this should always be last to address all other cases.
  • Page 72 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Distribution Switch and Access Switch Policies This section includes a few sample policies that apply to the distribution switch and access switch. Policies on this device should address endpoint hosts and scan for network viruses.
  • Page 73 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Settings Details • Enforcement Antivirus Program Scan: Policy Action: Block non-compliant endpoints Settings Remedy: Deploy Real-time Scan • Details: 56 Antivirus Products • System Threat Scan Action: Block non-compliant endpoints • Vulnerability Scan...
  • Page 74 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide The second policy, Table 1-12, specifically handles all traffic from Authenticated hosts. These are hosts that regularly access the network. Settings Details • Endpoint Policy name: Authenticated users Settings • Policy comment: This policy should be below guest and above policies that do not use the authentication feature.
  • Page 75 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Settings Details • Enforcement Antivirus Program Scan Policy Action: Block non-compliant endpoints Settings Remedy: Redirect to URL Details: 56 Antivirus Products • Antivirus Version Scan Action, if detected: Monitor Details: 2 versions old •...
  • Page 76 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide The last policy, Table 1-13, handles all cases not covered by the other policies. Settings Details • Endpoint Policy name: Catch All Settings • Policy comment: The priority of this should always be last to address all other cases.
  • Page 77 Understanding Trend Micro™ Network VirusWall™ Enforcer 2500 Settings Details • Network Network Virus Scan Virus Policy Action: Quarantine endpoint Settings Remedy: Start Damage Cleanup • Log policy violations and notify endpoints about policy violations • Network File Transfer Detection Application...

  • Page 78: Chapter 2: Configuring Policy Enforcement And Device Settings

    Chapter 2 Configuring Policy Enforcement and Device Settings This chapter describes the management tools that you can use to take advantage of Network VirusWall Enforcer 2500 virus-scanning capabilities, which include scan options, enforcement policies, settings, and device tasks. Network VirusWall Enforcer 2500 provides three management tools that let you easily configure its settings.

  • Page 79: Getting Started With Network Viruswall Enforcer 2500

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Getting Started with Network VirusWall Enforcer 2500 Trend Micro recommends performing the following tasks after preconfiguring a Network VirusWall Enforcer 2500 device and testing a successful deployment: • Update components (see page 3-1) •...

  • Page 80: Configuring Policy Enforcement Settings

    Configuring Policy Enforcement and Device Settings Configuring Policy Enforcement Settings Create policies to assess the status of endpoint: • antivirus product installations • system folders, vulnerabilities • registry keys • application protocols • instant messaging • file transfers Configure settings to pass, block, or redirect different types of endpoint traffic. Perform the following steps to create and configure a policy: Step 1: Create a New Policy.
  • Page 81 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Specify the Policy Enforcement Agent setting by selecting one of the following: Agentless—a one time install/terminate. b. Persistent agent—an agent that remains on the endpoint computer. Specify the Endpoint installation method by selecting one of the following: Remote login, ActiveX—installs the Policy Enforcement Agent (PEAgent)
  • Page 82 Configuring Policy Enforcement and Device Settings Step 2 : Specify Authentication and Network Zones Specify the Authentication Settings to apply this policy towards authenticated users or guest users. You do not have to enable this feature. However, if you do enable this feature, you must create another policy with the same Trigger (Authentication and Network Zone) settings to ensure that endpoints that do not pass authentication will match a policy.
  • Page 83 To assess Trend Micro products only, select the Assess Trend products only using networking protocols checkbox. (Remote detection is used if you select this option or if you select only Trend Micro products from the list.) Specify the Endpoint Action by selecting one of the following: Monitor—allow traffic to continue to destination...
  • Page 84 Configuring Policy Enforcement and Device Settings ii. Block non-compliant endpoints—you can select a Remedy from None or Redirect to URL to a URL where the endpoint may rectify the violation. If you select Redirect to URL, you have the option of limiting the number of pages, by selecting Allow off-page navigation and Link depth, the endpoint can navigate from the specified URL.
  • Page 85 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide ii. Block non-compliant endpoints—you can select a Remedy from None or Redirect to URL to a URL where the endpoint may rectify the violation. If you select Redirect to URL, you have the option of limiting the number of pages, by selecting Allow off-page navigation and Link depth, the endpoint can navigate from the specified URL.
  • Page 86 Configuring Policy Enforcement and Device Settings Click Next. Step 4: Specify Network Virus Policy Select the Enable Network Virus scan check box to detect network viruses in packets that pass through the device. Specify the Action, when detected by selecting one of the following: Monitor endpoints—allows traffic to continue to destination ii.
  • Page 87 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide iii. Drop packets—drops the packet. Instant messaging detection—Use this feature to assess instant messenger software activity. Select the Instant messaging detection check box. b. Select the instant messaging software to detect by selecting from the following: MSN—you can select to scan File transfer activity or All activity.
  • Page 88 To represent one or more unknown characters, follow these guidelines: • *lock—matches: block, clock, glock, plock, and flock (but not lock) • Trend*Micro—matches: Trend Micro, Trend-Micro, Trend_Micro (but not TrendMicro) • block*—matches: blocking, blocked, blocker, blocks, blockhead, block-point (but not block) To specify policy URL Exceptions: Select URL’s from the list or create new URLs.

  • Page 89: Configuring Network Zones

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Configuring Network Zones Using Network Zones to group IP and MAC addresses with Network VirusWall Enforcer 2500 ports allows you to apply policies to traffic to or from specific segments of your network.

  • Page 90: Configuring The Url List

    Configuring Policy Enforcement and Device Settings Configuring Interfaces / VLAN settings This is the second task to configuring a network zone to help manage network security. To configure Interfaces / VLAN settings: Click the Interfaces / VLAN tab. The Interfaces / VLAN screen displays. Select the ports for the network zone under Customize Interface Settings.

  • Page 91: Specifying Global Endpoint Exceptions

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide To add to the URL List: Click Policy Enforcement from the side menu. The drop down menu displays. Click URL List from the drop down menu. The URL List screen displays. Click Add. The Add URL List screen displays.

  • Page 92: Configuring Officescan Settings

    Configuring Policy Enforcement and Device Settings To configure Endpoint Notifications: Click Policy Enforcement from the side menu. The drop down menu displays. Click Endpoint Notifications from the drop down menu. The Endpoint Notifications screen displays. • Click the notification to configure under Notification Type. The Message screen displays.

  • Page 93: Http Detection Settings

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Click OfficeScan Settings from the Policy Enforcement menu. The OfficeScan Detection screen displays. Type the port number next to Trend Micro OfficeScan port(s). Use a comma to separate ports. Click Save. HTTP Detection Settings Specify the HTTP ports to allow the device to detect HTTP traffic.

  • Page 94: Exporting And Importing Policy Data

    Configuring Policy Enforcement and Device Settings Click Save. Note: You can specify a User ID with [0-9], [a-z], [A-Z], [ @ ], [ - ], [ . ], [_ ], [ \ ], and [ / ]. You can specify a password with all alphanumeric characters and symbols, except [ "...

  • Page 95: Configuring Device And System Settings

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Configuring Device and System Settings This section includes the following topics: • Configuring Access Control on page 2-18 • Using Backup Configuration on page 2-19 • Performing Device Tasks on page 2-21 •...

  • Page 96: Configuring Administrative Accounts

    Configuring Policy Enforcement and Device Settings Configuring Administrative Accounts Configure Administrative Accounts to manage Network VirusWall Enforcer 2500. There are three kinds of accounts in Network VirusWall Enforcer: • Operator accounts—can view configuration information from the Web console, but cannot login to the Preconfiguration console. •...
  • Page 97 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Click Save. To restore the configuration file: Click Administration from the side menu. The drop down menu displays. Click Backup Configuration from the drop down menu. The Backup Configuration screen displays. Click Browse under Restore Configuration File. The Choose File screen displays.

  • Page 98: Performing Device Tasks

    Configuring Policy Enforcement and Device Settings To export the configuration file: Access the Network VirusWall Enforcer 2500 Preconfiguration console (see Getting Started Guide > Logging on to the Preconfiguration Console for instructions). Type in the main menu. The System Tasks submenu appears. Type 4 to export the configuration file.
  • Page 99 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide To turn on the UID LED through the UID button: Press the UID button on the front panel of the device. The UID LED becomes blue. Locking Network VirusWall Enforcer 2500 The Device Tasks screen allows you to lock Network VirusWall Enforcer 2500, which performs the same function as physically disconnecting the device from the network.
  • Page 100 Configuring Policy Enforcement and Device Settings • Importing the configuration file through the Preconfiguration console or the Web console. • Automatically or manually updating the Network VirusWall Enforcer 2500 program file (versions that require a reset) through the Web console. If the device detects any of the above actions and failopen is in use, the device temporarily disconnects ports 1 and 2 for approximately thirty seconds (30s).

  • Page 101: Replacing The Https Certificate

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Replacing the HTTPS Certificate Replace the HTTPS Certification from the Web console’s HTTPS Certificate screen. Click Replace Certificate from Administration > HTTPS Certificate. Use the following command to generate a certificate from a Linux operating system: openssl req -new -x509 -days 365 -nodes -out FILE_NAME.pem -keyout...

  • Page 102: Configuring Ldap Settings

    Configuring Policy Enforcement and Device Settings Type the IP address and Subnet mask under Bridge IP Settings. Select the Port and VLAN ID checkboxes under Bound To. Click Save. To configure the Static Routes settings: Click Administration. The drop down menu displays Click IP Address Settings from the drop down menu.

  • Page 103: Configuring Proxy Settings

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Type the Base distinguished name. (Type the DN setting, for example, dc=trend, dc=com.) Type the KDC server location. (Type an FQDN, such as www.trendmicro.com, or an IP address.) Type the Default realm. (For example, TREND.COM.) 10.
  • Page 104 Configuring Policy Enforcement and Device Settings Select the Enable SNMP Trap checkbox under SNMP Trap. If you enable the SNMP trap feature, Network VirusWall Enforcer 2500 sends an SNMP trap every 60 seconds. Type the Community name and Server IP address under SNMP Trap. Select the Enable SNMP Agent checkbox under SNMP Agent.

  • Page 105: Using Tools

    Use the Case Diagnostic Information from Administration > Tools for troubleshooting purposes. The Case Diagnostic Information feature will download all information required for use with the Case Diagnostic Tool that Trend Micro uses to debug the device. Restoring Default Settings...

  • Page 106: System Recovery

    Configuring Policy Enforcement and Device Settings ETTING EFAULT ALUE Netmask none Default gateway none Primary DNS server none Secondary DNS server none Operation Mode none Interface speed and duplex mode Auto 2-1. Network VirusWall Enforcer 2500 default settings ABLE System Recovery You can perform pattern, engine, and system rollbacks using the Preconfiguration console.

  • Page 107: Chapter 3: Updating Components

    Chapter 3 Updating Components This chapter describes how to access Network VirusWall Enforcer 2500 devices from the Web console, view system information, deploy Network VirusWall Enforcer 2500 components, and modify device settings. The topics discussed in this chapter include: • Understanding Updatable Components on page 3-2 •...

  • Page 108: Understanding Updatable Components

    • Network Virus Pattern– contains a regularly updated database of packet-level network virus patterns. Trend Micro often updates the network virus pattern file to help ensure Network VirusWall Enforcer 2500 can identify any new network viruses. Note: Visit http://www.trendmicro.com/download/ to view the latest Network Virus Pattern information.
  • Page 109 Updating Components Note: Update the program file manually in a failover deployment. When failover is enabled, you must update the program file manually if one of the devices becomes disabled. Depending on the device role in a failover environment, the Management Network VirusWall Enforcer 2500 device always communicates with the update server for updates, logs, and various configuration commands.

  • Page 110: Updating Components

    Use the Manual Update option from the Web console to set this type of update. Tip: Trend Micro recommends updating components manually after finishing with the Network VirusWall Enforcer 2500 preconfiguration. •...

  • Page 111: Updating Components Manually

    Updating Components Updating Components Manually After preconfiguring Network VirusWall Enforcer 2500, download the latest components (Network Virus Pattern, Cleanup templates, Network Virus Engine) to help maintain the highest security protection. To perform a manual update: Click Updates in the side bar. The drop down menu displays. Click Manual.

  • Page 112: Setting The Update Source

    To set the update source: Click Updates. The drop down menu displays. Click Source. The Update Source screen displays. Select the Trend Micro ActiveUpdate Server or select Other update source and type the URL. Click Save. The Network VirusWall Enforcer 2500 Manual and Scheduled Update will obtain the...
  • Page 113 Chapter 4 Viewing Status, Logs, and Summaries This chapter explains how to access antivirus information to evaluate your organization’s virus protection policies and identify endpoints that are at a high risk of infection. Network VirusWall™ Enforcer 2500 logs a wide variety of information about events that occur on your network, such as endpoint infections and policy violations, virus outbreaks, and component updates.

  • Page 114: Viewing Summary Information

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Viewing Summary Information The Summary screen provides an overview of network virus infections, policy violations, and existing Trend Micro antivirus component details. Click Summary from the main menu to view summary information. From this screen you can: •...

  • Page 115: Viewing Supported Products

    Viewing Status, Logs, and Summaries Viewing Supported Products The Supported Products screen provides information on the antivirus products Network VirusWall Enforcer 2500 can detect. Use the information on this screen to determine the products and versions supported by Antivirus Program Scan. Understanding Logs Logs provide information about the performance of managed Network VirusWall Enforcer 2500 devices.

  • Page 116: Endpoint History

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Viewing the Network Virus Log When the device detects a virus or security violation, it creates a Network Virus Log entry. If you register the device to Control Manager, entries from this log send to the Control Manager server immediately.

  • Page 117: Asset Tag Logs

    Viewing Status, Logs, and Summaries • Asset tag error logs • H/W logs • LCD module error logs Asset Tag Logs Asset tag logs refer to logs that record the device validity checking. When booting up or restarting (resetting) the device, Network VirusWall Enforcer 2500 checks whether the device hosting the Network VirusWall Enforcer 2500 software components are valid.
  • Page 118 Having any of the above error codes can only mean that someone has tampered with the device. Someone has altered or replaced the original components included with shipment of the product. The error codes help listed above help Trend Micro engineers to troubleshoot and pinpoint the exact device issue.

  • Page 119: Hardware Logs

    Viewing Status, Logs, and Summaries Hardware Logs Hardware (H/W) logs refer to logs generated by the Network VirusWall Enforcer 2500 devices. An H/W log can pertain to almost anything related to hardware-related events (such as the fan speed, memory capacity, or current temperature). H/W logs have the following format: {hardware component} {critical level} {activity} Where:...

  • Page 120: Lcd Module Error Logs

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide • going low Deassert– the component has started to stop from decrease its activity For example: CPU 1 Temp Upper Critical - going high Assert The above example indicates that the first processor’s temperature is starting to reach the upper critical threshold temperature.
  • Page 121 Viewing Status, Logs, and Summaries Table 4-2 enumerates all possible LCD module error logs: RROR ODE AND AUSE AND OSSIBLE ORKAROUND OLUTION ESSAGE The Network VirusWall firmware is corrupted. Reload the Network Corrupted image VirusWall image. Missing boot file. Network VirusWall will try to boot from the second Missing file partition.
  • Page 122 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide RROR ODE AND AUSE AND OSSIBLE ORKAROUND OLUTION ESSAGE A network interface card (NIC) error occurred. Check the Network Cannot proceed VirusWall Enforcer 2500 port and network card. Contact Trend Micro support if the issue persists.

  • Page 123: Using The Log Viewer

    Use the System Log Viewer to view system debug log entries and save them to a text file. System logs contain information useful for troubleshooting. If you experience problems with Network VirusWall Enforcer 2500 and contact Trend Micro support, you may be asked to view the system log.
  • Page 124 Chapter 5 Troubleshooting and FAQs This chapter addresses troubleshooting issues that may arise and answers frequently asked questions. The topics discussed in this chapter include: • Using Network VirusWall Enforcer 2500 Utilities on page 5-2 • Entering Rescue Mode on page 5-2 •...

  • Page 125: Using Network Viruswall Enforcer 2500 Utilities

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Using Network VirusWall Enforcer 2500 Utilities Network VirusWall Enforcer 2500 provides the Appliance Firmware Flash Utility to update the device BMC firmware, BIOS, LCM, and program file (flash the DOM). The utility is a graphical user interface tool that provides a user-friendly method of uploading the latest program file and boot loader.
  • Page 126 Troubleshooting and FAQs Note: Appliance Firmware Flash Utility will hang and fail to function if any of these settings is not set. Use the Windows Task Manager to close the non-responsive utility. Enter rescue mode through the: • LCD module •...

  • Page 127: Uploading The Program File And Boot Loader

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Note: The difference between a program rescue and a rescue is that the rescue overwrites two systems. In a rescue, the Current system and the Previous system are overwritten and the configuration is changed to default values. Program rescue only updates the partition of the Current system and Previous system.

  • Page 128: Uploading With The Network Viruswall Enforcer 2500 Appliance Firmware Flash Utility

    Windows operating systems. If you are using a Linux-based computer, you can only upload the program and boot files from the command prompt. The utility is included on the Trend Micro Solutions CD for Network VirusWall Enforcer 2500. You can also download the utility from the Control Manager server.
  • Page 129 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide To run the rescue utility from the CD: Insert the Trend Micro Solutions CD for Network VirusWall Enforcer 2500 into your CD-ROM drive. The autorun program loads. Select Network VirusWall Enforcer 2500 Appliance Firmware Flash Utility from the menu on the left.

  • Page 130: Flashing The Bios And Bmc

    BIOS, and program file. The utility is a graphical user interface tool that provides a user-friendly method of uploading the latest program file and boot loader. The utility is included on the Trend Micro Solutions CD for Network VirusWall Enforcer 2500.
  • Page 131 During Rescue Mode, Network VirusWall Enforcer 2500 enables failopen and allows network traffic to pass through the device. Tip: Trend Micro recommends using a standalone Windows 2000 server to run the Appliance Firmware Flash Utility. To prepare the computer: Log on to the computer used when running Appliance Firmware Flash...

  • Page 132: Running The Appliance Firmware Flash Utility

    To run the Appliance Firmware Flash Utility: Insert the Trend Micro Solutions CD for Network VirusWall Enforcer 2500, select the Appliance Firmware Flash Utility, and then click Launch. The main console appears and automatically searches for connected Network...
  • Page 133 2500 device is still connected to the LAN. To prevent this disruption from happening, disconnect the Network VirusWall Enforcer 2500 device from its LAN connection before entering rescue mode. WARNING! If the BMC update is unsuccessful, using the AFFU, will no longer work. Contact Trend Micro support if this issue occurs.
  • Page 134 Troubleshooting and FAQs • Flash LCM The Flash screen displays. 5-2. Sample BIOS dialog box IGURE On the Flash dialog box, perform the following: Note: The "Device" field value corresponds to the fixed Network VirusWall Enforcer 2500 device IP address in rescue mode. Select Yes for Update Boot Block.

  • Page 135: After Running The Appliance Firmware Flash Utility

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Type or click Browse to determine the location of the target firmware with a .rom extension. d. Click OK. On the warning message that displays, click OK to continue and start the Appliance Firmware Flash Utility process.

  • Page 136: Troubleshooting

    Troubleshooting and FAQs Troubleshooting The section covers the following troubleshooting topics: • Hardware Issues on page 5-14 • Configuration Issues on page 5-15 • Control Manager and Network VirusWall Enforcer 2500 Communication Issues on page 5-22 • Frequently Asked Questions (FAQs) on page 5-24...

  • Page 137: Hardware Issues

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Hardware Issues ISSUE CORRECTIVE ACTION LEDs do not Verify secure power cable and network cable connections (see illuminate Network VirusWall Enforcer 2500 Getting Started Guide for more information). If the error persists, there may be a hardware problem. Contact your vendor.

  • Page 138: Configuration Issues

    Troubleshooting and FAQs Configuration Issues ISSUE CORRECTIVE ACTION Issues with Trend Micro Control Manager Network VirusWall Check all network connections and ensure you have correctly performed preconfiguration (refer to the Getting Started Guide > Enforcer 2500 is Preconfiguring Network VirusWall Enforcer 2500 section for more unable to register with information).
  • Page 139 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide ISSUE CORRECTIVE ACTION The Network When Network VirusWall Enforcer 2500 is turned off, or is disconnected from the network, the Control Manager agent for VirusWall Enforcer Network VirusWall Enforcer 2500 is not given the opportunity to 2500 icon on the inform Control Manager that it is going offline.
  • Page 140 Troubleshooting and FAQs ISSUE CORRECTIVE ACTION Network VirusWall Verify whether the FQDN is able to connect to the Control Manager Enforcer is unable to server from a local computer. For example, instead of typing register to Trend https://IPAddress/controlmanager, type Micro Control https://fully.qualify.domain.name/controlmanager.
  • Page 141 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide ISSUE CORRECTIVE ACTION Network VirusWall An HTTP proxy server located between Network VirusWall Enforcer Enforcer 2500 Policy 2500 and endpoints on the network may prevent Network VirusWall Enforcement does not Enforcer 2500 from correctly identify endpoint status. Reconsider...
  • Page 142 Troubleshooting and FAQs ISSUE CORRECTIVE ACTION Windows 98 users Older versions of Internet Explorer do not support secure cannot pass user connections. Upgrade the endpoint’s Internet Explorer to allow a authentication secure connection. An error displays Please locate the %windir%\PEAgent folder and remove the about not being able PEAgentSFX.exe file on the endpoint computer.
  • Page 143 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide ISSUE CORRECTIVE ACTION When a NAT device Set Network VirusWall Enforcer 2500 by static IP address. resides between Control Manager server and BRI port of the device, if the device uses dynamic...
  • Page 144 Troubleshooting and FAQs ISSUE CORRECTIVE ACTION The authentication If the LDAP host name cannot be resolved, then authentication will feature not working as fail. Set the DNS from the Web console to allow the host name of expected the LDAP server to be resolved. Unable to ping If you make changes such as disabling a port, installing a new fiber Network VirusWall...

  • Page 145: Control Manager And Network Viruswall Enforcer 2500 Communication Issues

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide ISSUE CORRECTIVE ACTION Automatically logged If you change the current window size, Network VirusWall Enforcer off the 2500 automatically logs off. preconfiguration console Unable to download Try to use a different DNS server.
  • Page 146 Troubleshooting and FAQs From the Web console, on the Administration > Time Settings screen, select Use a NTP server to update the time. Check Whether the Network Connection Between the Control Manager Server and Network VirusWall Enforcer 2500 Device Is Present In a failover deployment, the failover pair will not switch roles if the Management device is unable to connect to the Control Manager server.

  • Page 147: Frequently Asked Questions (Faqs)

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Frequently Asked Questions (FAQs) This section answers the following common questions about Network VirusWall Enforcer 2500: Does Network VirusWall Enforcer 2500 support gigabit interface speed? Yes, Network VirusWall Enforcer 2500 has five (5) user-configurable Copper Gigabit LAN ports and up to 4 fiber-optic ports.
  • Page 148 Troubleshooting and FAQs Can the length of the network cable affect the failopen functionality of Network VirusWall Enforcer 2500? Yes, the network cable connecting Network VirusWall Enforcer 2500 and other devices must not be longer than 100 meters (328 feet). Otherwise, Network VirusWall Enforcer 2500 failopen will not work.
  • Page 149 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Will changing the Network VirusWall Enforcer 2500 IP address prevent it from communicating with the Control Manager server? Yes, changing the Network VirusWall Enforcer 2500 IP address through the Preconfiguration console Device Settings menu will temporary disconnect the...
  • Page 150 Troubleshooting and FAQs How does Network VirusWall Enforcer 2500 handle ether-channel? This release of Network VirusWall Enforcer 2500 supports ether-channel configurations if Network VirusWall Enforcer 2500 is not configured to failover. Network VirusWall Enforcer 2500 supports trunked gigabit lines. Does Network VirusWall Enforcer 2500 bridge all non-IP address traffic? Yes, Network VirusWall Enforcer 2500 bridges all non-IP address traffic.
  • Page 151 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide How can I pass Windows Active Directory Simple authentication? Configure the User ID as a full UPN (user principle name) such as account@realm or domain\account. Why do I not see a IPMI log when the operating system reboots? There is no log entry added when the operating system reboots.
  • Page 152 Troubleshooting and FAQs Why doesn’t the Remote Login, ActiveX for endpoint installation feature not work? Check for the following: • If the endpoint has a Windows 98, ME, or XP Home, remote login is not supported. • In Windows XP Professional, endpoint users need to disable simple files sharing by deselecting "Simple files sharing"...
  • Page 153 You can use any Control Manager account in lieu of the root account User ID. However, Trend Micro recommends using the root account because if you delete the User ID specified during agent installation, you will have difficulty managing the agent.
  • Page 154 Troubleshooting and FAQs Why doesn’t simple authentication for an OpenLDAP work? Ensure that the DNS server can map the OpenLDAP server IP address and host name. For a DN, please type the full path in the Base Distinguished Name field. (For example, ou = sales, dc = trend, dc = com.) Why does the ICQ status change to offline on endpoint computers? If you select IM Management and select to assess ICQ activity, the ICQ status on...
  • Page 155 Scan for Trend Micro ServerProtect™ 5.58? This version of Network VirusWall Enforcer 2500 supports Antivirus Program Scan for Trend Micro ServerProtect 5.58 English version. Enable Assess Trend Micro products only by using networking protocols to detect multiple language versions of ServerProtect.
  • Page 156 Troubleshooting and FAQs Why do I receive the "Same IP and Port pairs" message when I configure Log Settings? You cannot specify the same IP address and port pair for both primary and secondary Syslog server settings. Does Network VirusWall Enforcer 2500 FTP file assessment support double byte characters? The FTP file assessment feature in Network VirusWall Enforcer does not support double byte characters.
  • Page 157 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide What happens to exception hosts when I import a Network VirusWall Enforcer 2500 1.8 configuration file to Network VirusWall Enforcer 2500 2.0? All groups are converted to Network Zones in Network VirusWall Enforcer 2500 for greater flexibility.
  • Page 158 Troubleshooting and FAQs Why are there multiple copies of the same policy in the policy list? If you select a policy and click Copy multiple times, multiple copies of that policy are added to the list. When I shutdown Network VirusWall Enforcer 2500, the LEDs of the bypass cards are not on, does this mean that the bypass feature does not work? The bypass feature of bypass cards still function as normal even if the LEDs are not...
  • Page 159 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Why did my session terminate while downloading the Case Diagnostic Information? When multiple requests to download the Case Diagnostic Information, the first session terminates when the second session begins the download. No error message displays.
  • Page 160 Chapter 6 Getting Support Trend Micro is committed to providing service and support that exceeds our user’s expectations. This chapter contains information on how to get technical support. Remember, you must register your product to be eligible for support. This chapter includes the following topics: •...

  • Page 161: Before Contacting Technical Support

    Readme- late-breaking product news, installation instructions, known issues, and version specific information • Knowledge Base- technical information procedures provided by the Support team: http://esupport.trendmicro.com • Product updates and patches http://www.trendmicro.com/download/ To locate the Trend Micro office nearest you, open a Web browser to the following URL: http://www.trendmicro.com/en/about/contact/overview.htm...

  • Page 162: Sending Infected Files To Trend Micro

    You can send viruses, infected files, Trojan horse programs, and other malware to Trend Micro. More specifically, if you have a file that you think is some kind of malware but the scan engine is not detecting it or cleaning it, you can submit the suspicious file to Trend Micro using the following Web address: subwiz.trendmicro.com...

  • Page 163: Other Useful Resources

    Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide For more information about TrendLabs, please visit: www.trendmicro.com/en/security/trendlabs/overview.htm Other Useful Resources Trend Micro offers a endpoint of services via its Web site, www.trendmicro.com. Internet-based tools and services include: • Virus Map—monitors virus incidents around the world •...

  • Page 164: Appendix A: Device Specifications

    Appendix A Device Specifications This appendix provides general system and hardware specifications for Network VirusWall Enforcer 2500. OMPONENT PECIFICATIONS 24.43" x 16.73" x 1.70" HASSIS DIMENSION WITH BEZEL (620.6 x 425 x 42.4mm) 33.54" x 22.24" x 8.27" ARTON DIMENSION (852 x 565 x 210mm) YSTEM WEIGHT 16.54Kg...
  • Page 165 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide OMPONENT PECIFICATIONS UID F Indicator LED X 1 UNCTION UID F UID button X 1 indicator LED X 1 UNCTION RONT BMC F Hitachi 2168 UNCTION Dual motor system fan X 5...
  • Page 166 Appendix B Introducing Trend Micro Control Manager™ Trend Micro Control Manager™ is a central management console that manages Trend Micro products and services, third-party antivirus and content security products at the gateway, mail server, file server, and corporate desktop levels. The Control Manager Web-based management console provides a single monitoring point for antivirus and content security products and services throughout the network.

  • Page 167: Control Manager Basic Features

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Control Manager Basic Features Control Manager is designed to manage antivirus and content security products and services deployed across an organization’s local and wide area networks. EATURE ESCRIPTION Using the Product Directory and cascading management...

  • Page 168: Understanding Trend Micro Management Communication Protocol

    ABLE Understanding Trend Micro Management Communication Protocol Trend Micro Management Communication Protocol (MCP) is Trend Micro's next generation agent for managed products. MCP replaces TMI as the way Control Manager communicates with Network VirusWall Enforcer 2500 devices. MCP has several new features: •...

  • Page 169: Nat And Firewall Traversal Support

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide The agent footprint required to transfer information is much larger in XML compared with other data formats. Data processing performance is slower due to the larger data footprint. Packet transmissions take longer and the transmission rate is less than other data formats.

  • Page 170: Https Support

    For products that work with TMCM 2.5/3.0 agents, one pre-condition is assumed. The server relies on the fact that the agent can be reached by initiating a connection from server to the agent. This is a so-called two-way communication product, since both sides can initiate network connection with each other.

  • Page 171: One-Way And Two-Way Communication Support

    Through MCP, Control Manager 3.5 now supports single sign-on (SSO) functionality for Trend Micro products. This feature allows users to sign in to Control Manager and access the resources of other Trend Micro products without having to sign in to those products as well.

  • Page 172: Cluster Node Support

    Cluster Node Support Under varying cases administrators may like to group certain product instances as a logical unit, or cluster (for example products installed under a cluster environment present all installed product instances under one cluster group). However, from the Control Manager server's perspective, each product instance that goes through the formal registration process is regarded as an independent managed unit and each managed unit is no different from another.

  • Page 173: Using The Schedule Bar

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide • In one-way communication mode, the Control Manager agent periodically sends out query commands to Control Manager. This periodical query behavior works like a heartbeat and is treated as such by Control Manager.

  • Page 174: Determining The Right Heartbeat Setting

    Determining the Right Heartbeat Setting When choosing a heartbeat setting, balance between the need to display the latest Communicator status information and the need to manage system resources. Trend Micro's default settings is satisfactory for most situations, however consider the following points when you customize the heartbeat setting: EARTBEAT REQUENCY...
  • Page 175 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Note: Control Manager uses the name specified in the Host name field to identify Network VirusWall Enforcer 2500 devices. The Host name appears in the Product Directory of Control Manager. Use the down arrow to bring the cursor down to Register to Control Manager, then use the spacebar to change the option to [yes].

  • Page 176: Managing Network Viruswall Enforcer 2500 From Control Manager

    Directory. The Control Manager management console represents managed products as icons. These icons represent Network VirusWall Enforcer 2500 devices, other Trend Micro antivirus and content security products, as well as third party products. Indirectly administer the managed products either individually or by groups through the Product Directory.
  • Page 177 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Product Directory icons: RODUCT IRECTORY ESCRIPTION New entity or user-defined folder name InterScan eManager OfficeScan Corporate Edition ServerProtect Information Server ServerProtect Domain ServerProtect for Windows (Normal Server) ServerProtect for NetWare (Normal Server)

  • Page 178: Accessing A Network Viruswall Enforcer 2500 Device's Default Folder

    Accessing a Network VirusWall Enforcer 2500 Device's Default Folder Newly registered Network VirusWall Enforcer 2500 devices usually appear in the New entity folder depending on the user account specified during the agent installation. Control Manager determines the default folder for the Network VirusWall Enforcer 2500 device by the privileges of the user account specified during the product agent installation.

  • Page 179: Manually Deploy New Components Using The Product Directory

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Note: Viewing and accessing the folders in the Product Directory depends on the Account Type and folder access rights used to log on to the management console. To access the Product Directory: Click Products on the main menu.

  • Page 180: View Network Viruswall Enforcer 2500 Devices Status Summaries

    View Network VirusWall Enforcer 2500 Devices Status Summaries The Product Status screen displays the Antivirus, Content Security, and Web Security summaries for all Network VirusWall Enforcer 2500 devices and other managed products present in the Product Directory tree. There are two ways to view the Network VirusWall Enforcer 2500 devices status summary: •...

  • Page 181: Configure Network Viruswall Enforcer 2500 Devices And Managed Products

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Configure Network VirusWall Enforcer 2500 Devices and Managed Products Depending on the product and agent version: • You can configure devices or products either individually or in groups according to folder division Perform group configuration using the folder Configuration tab.

  • Page 182: Issue Tasks To Network Viruswall Enforcer 2500 Devices And Managed Products

    Deploy the latest pattern file, or scan engine to Network VirusWall Enforcer 2500 devices with outdated components. To successfully do so, the Control Manager server must have the latest components from the Trend Micro ActiveUpdate server. Perform a manual download to ensure that current components are already present in the Control Manager server.
  • Page 183 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide On the left-hand menu, select the desired Network VirusWall Enforcer 2500 device or folder. On the working area, click the Logs tab. Select the client log type: Event Logs: Provide the following search parameters:...

  • Page 184: Recover Network Viruswall Enforcer 2500 Devices Removed From The Product Directory

    Provide the following search parameters: ARAMETER ESCRIPTION View all logs, or only those that the managed product generated within a specific interval. For the latter option, you can specify logs for the last 24 hours, day, week, month, or Logs for custom range If you chose Specified range, select the appropriate month, day, and year for the Start date and End date...

  • Page 185: Search For Network Viruswall Enforcer 2500 Devices, Product Directory Folders Or Computers

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide If a Control Manager server’s Network VirusWall Enforcer 2500 devices records are lost, the agents on the products still "know" where they are registered to. The product agent will automatically re-register itself after 8 hours or when the service is restarts.

  • Page 186: Refresh The Product Directory

    ARAMETER ESCRIPTION Select the appropriate connection status, for the Communicator or managed product Managed product status / The options are: All, Active, Inactive, Abnormal, Communicator status Product Active, and Product Inactive. Choose All to search for objects regardless of the connection status.

  • Page 187: Using The Directory Manager Options

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide • User Accounts • Deployment Plans Group Network VirusWall Enforcer 2500 devices according to geographical, administrative, or product specific reasons. In combination with different access rights used to access Network VirusWall Enforcer 2500 devices or folders in the...

  • Page 188: Access Directory Manager

    Access Directory Manager Use Directory Manager to group Network VirusWall Enforcer 2500 devices together. To access the Directory Manager: Access Product Directory. On the left-hand menu, click Directory Manager. Create Folders Group Network VirusWall Enforcer 2500 devices into different folders to suit your organization's Control Manager network administration model.

  • Page 189: Move Folders Or Network Viruswall Enforcer 2500 Devices

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Note: Renaming a Network VirusWall Enforcer 2500 device only changes the name stored in the Control Manager database there are no effects to the product. Move Folders or Network VirusWall Enforcer 2500 Devices...

  • Page 190: Understanding Temp

    Understanding Temp Temp, a collection of Network VirusWall Enforcer 2500 device shortcuts, allows you to focus your attention on specific products without changing the Product Directory organization. Use Temp for deploying updates to groups of products with outdated components. Consider the following issues when using Temp: •...

  • Page 191: Adding Network Viruswall Enforcer 2500 Devices To Temp

    Add Network VirusWall Enforcer 2500 devices with outdated components based on the Status Summary page Trend Micro recommends that you add several Network VirusWall Enforcer 2500 devices at once to Temp using the last method. The Status Summary screen provides information as to which Network VirusWall Enforcer 2500 devices use outdated components.
  • Page 192 Specify a sub-folder name in the Temp sub-folder for managed products field for the Temp sub-folder that will contain the Network VirusWall Enforcer 2500 device shortcuts. Note: Step 4 is optional. If you want to create multiple folder levels belonging to Temp, specify \{folder name level1}\{sub-folder name level2} in the Temp sub-folder for entities field.

  • Page 193: Removing Network Viruswall Enforcer 2500 Devices From Temp

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide the computer name, product name, product version, and outdated component version. Click Add to Temp in the status page. Control Manager organizes the Network VirusWall Enforcer 2500 devices to Temp using folders named after the page from which they were added.

  • Page 194: Download And Deploy New Components From Control Manager

    Control Manager Update Manager is a collection of functions that help you update the antivirus and content security components on your Control Manager network. Trend Micro recommends updating the antivirus and content security components to remain protected against the latest virus and malware threats. By default, Control Manager...

  • Page 195: Understanding Manual Downloads

    Manually Download Components This is the Trend Micro recommend method of configuring manual downloads. Manually downloading components requires multiple steps: Tip: Ignore steps 1 and 2 if you have already configured your deployment plan and configured your proxy settings.
  • Page 196 On the left menu under Update Manager, click Deployment Plan. The Deployment Plan screen appears. On the working area, click Add New Plan. On the Add New Plan screen, type a deployment plan name in the Plan name field.
  • Page 197 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Click Add New Schedule to provide deployment plan details. The Add New Schedule screen appears. On the Add New Schedule screen, choose a deployment time schedule by selecting one the following options: •...
  • Page 198 Click Administration > System Settings. The System Settings screen appears.
  • Page 199 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Select the Use a proxy server to download update components from the Internet check box in the Download component proxy settings area. Type the host name or IP address of the server in the Host name field.
  • Page 200 Step 3: Select the components to update Click Administration > Update Manager > Manual Download. The Manual Download screen appears. From the Components area select the components to download. Click the + icon to expand the component list for each component group. Select the following components to download: From Pattern files/Cleanup templates: •...
  • Page 201 NTKD Step 4: Configure the download settings Select the update source: • Internet: Trend Micro update server: Download components from the official Trend Micro ActiveUpdate server. • Other update source: Type the URL of the update source in the accompanying field.

  • Page 202: Configure Scheduled Download Exceptions

    Configure Scheduled Download Exceptions Download exceptions allow administrators to prevent Control Manager from downloading Trend Micro update components for entire day(s) or for a certain time every day. This feature particularly useful for administrators who prefer not to allow Control Manager to download components on a non-work day or during non-work hours.

  • Page 203: Understanding Scheduled Downloads

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Do the following: • To schedule a daily exception, under Daily schedule exceptions, select the check box of the day(s) to prevent downloads, and then select the Do not download updates on the specified day(s) check box. Every week, all downloads for the selected day(s) are blocked.

  • Page 204: Configure Scheduled Downloads And Enable Scheduled Component Downloads

    Step 7: Enable the schedule and save settings Configure Scheduled Downloads and Enable Scheduled Component Downloads Step 1: Configure a Deployment Plan for your components Click Administration on the main menu. On the left menu under Update Manager, click Deployment Plan. The Deployment Plan screen appears.
  • Page 205 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide On the Add New Plan screen, type a deployment plan name in the Plan name field. Click Add New Schedule to provide deployment plan details. The Add New Schedule screen appears. On the Add New Schedule screen, choose a deployment time schedule by selecting one the following options: •...
  • Page 206 Step 2: Configure your proxy settings, if you use a proxy server Click Administration > System Settings. The System Settings screen appears. Select the Use a proxy server to download update components from the Internet check box in the Download component proxy settings area. Type the host name or IP address of the server in the Host name field.
  • Page 207 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Step 3: Select the components to update Click Administration > Update Manager > Scheduled Download. The Scheduled Download screen appears. From the Components area select the components to download. Click the + icon to expand the component list for each component group.
  • Page 208 The <Component Name> screen appears. Where <Component Name> is the name of the component you selected. Step 4: Configure the download schedule Select the Enable scheduled download check box to enable scheduled download for the component. Define the download schedule. Select a frequency, and use the appropriate drop down menu to specify the desired schedule.
  • Page 209 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Step 5: Configure the download settings Select the update source: • Internet: Trend Micro update server: Download components from the official Trend Micro ActiveUpdate server. • Other update source: Type the URL of the update source in the accompanying field.
  • Page 210 Save Edit Deployment Plan Tip: Click before clicking on this screen. If you do Save not click your settings will be lost. Select a deployment plan after components download to Control Manager, from the Deployment plan list. Click Save. Step 7: Enable the schedule and save settings Click the status button in the Enabled column.

  • Page 211: Use Reports

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Use Reports A Control Manager report is an online collection of figures about virus, spyware/grayware, and content security events that occur on the Control Manager network. The Enterprise edition provides the Control Manager reports.

  • Page 212: Understanding Report Templates

    • Footers Trend Micro Control Manager 3.5 adds 3 new report templates to the 77 previously available since Service Pack 3. The reports added in Service Pack 3 fall into five categories: Desktop, Fileserver, Gateway, MailServer and Executive Summary. The new reports in Control Manager 3.5 fall into a new 6th category: Network Products.

  • Page 213: Understanding Report Profiles

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide <root>\Program Control Manager 3.5 also provides 18 templates stored in Files\Trend Micro\Control Manager\Reports as Crystal Report version 9 files (*.rpt). These templates also apply to Local and Global reports.. Understanding Report Profiles A profile lays out the content (template and format), target, frequency, and recipient of a report.
  • Page 214 Take one of the following actions: • To create a local report profile, click Local Report Profile under Reports. • To create a global report profile, click Global Report Profile under Reports. On the left menu under Local Report Profile or Global Report Profile, click Create Report Profile.
  • Page 215 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Click Next > to proceed to the Targets tab. Step 2: Configure the Contents tab settings On the working area under the Targets tab, select the target of the local or global report profile: •...
  • Page 216 Select the machines that will the report will include: • All clients: All clients the selected Network VirusWall Enforcer 2500 device protects • IP range: Select the IP range of the clients you want to include in the report • Segment: Select the IP range and segment of the clients you want to include in the report Click Next >...
  • Page 217 Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide • Weekly or Bi-weekly: Contains 7 or 14 days worth of information; select the day of the week that will trigger the report server to generate a report • Monthly: Contains 30 days worth of information; select the day of the...
  • Page 218 Click Next > to proceed to the Recipient tab. Step 5: Configure the Recipient tab settings On the working area under the Recipients tab, select recipients from the existing Control Manager users and groups. • to add recipients from the Users and groups list to the Recipient list •...

  • Page 219: Review Report Profile Settings

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide Click Next > to proceed to the Summary tab. On the working area under the Summary tab, review the profile settings and then click Finish to save the profile. Review Report Profile Settings Use the Profile Summary screen to review profile settings.

  • Page 220: Enable Scheduled Report Profiles

    Enable Scheduled Report Profiles By default, Control Manager enables scheduled profiles upon creation. In an event that you disable a profile (for example, during database or agent migration), you can re-enable it via the Scheduled Local Reports or Scheduled Global Reports screen. To enable scheduled report profiles: Access Local or Global Scheduled Reports.

  • Page 221: View Generated Reports

    Trend Micro Network VirusWall™ Enforcer 2500 Administrator’s Guide It may take a few seconds to generate a report, depending on its contents. As soon as Control Manager finishes generating a report, the screen refreshes and the View link adjacent to the report becomes available.

  • Page 222: Or Me Operating Systems

    Appendix C Supported Antivirus Products This appendix provides a list of supported antivirus products for endpoints with Microsoft™ Windows™ 98, ME™ operating systems. The tables in this chapter include: • Supported Products for Endpoints with Windows 98 or ME Operating Systems page C-2 •...
  • Page 223 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Supported Products for Endpoints with Windows 98 or ME Operating Systems Product Vendor Product Version Computer Associates CA eTrust Antivirus International, Inc. Computer Associates eTrust EZ Armor 6.1.x International, Inc. Computer Associates eTrust EZ Antivirus 6.1.x...
  • Page 224 11.0.x Symantec Corp. Norton Internet Security 8.0.x Trend Micro, Inc. Trend Micro Internet Security 11.x Trend Micro, Inc. Trend Micro PC-cillin Internet Security 2005 12.x Trend Micro, Inc. PC-cillin 2003 10.x Trend Micro, Inc. Trend Micro PC-cillin Internet 2004 11.x Trend Micro, Inc.
  • Page 225 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide Supported Products for Endpoints with Windows XP, 2000, or 2003 Operating Systems Refer to the Supported Products screen in the Web console for the latest list for endpoints with Windows XP, 200, or 2003 operating systems.
  • Page 226 Active In a failover solution, it refers to the device that is currently in use. ActiveUpdate ActiveUpdate server. The Trend Micro server hosting the Network VirusWall Enforcer 2500 components. The ActiveUpdate server can be Device role set as the update source.
  • Page 227 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide to the memory chips whereas a DIMM has 64-bit See high availability. path. Because the Pentium processor requires a 64-bit path to memory, you need to install High availability SIMMs two at a time. With DIMMs, you can Refers to the ability of a Network VirusWall install memory one DIMM at a time.
  • Page 228 PING command, for example, uses ICMP to test play LCD on the Network VirusWall Enforcer an Internet connection. 2500 front panel that is capable if displaying 2x16 character messages. IP multicasting Sending out data to distributed servers on the LCM console MBone.
  • Page 229 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide objects. Each object is an essential data about a speaking, a network virus. Only some of the particular aspect of the managed Network known malware programs, such as worms, are VirusWall Enforcer 2500 device, such as the actually network viruses.
  • Page 230 Product Directory The Product Directory is a logical grouping of managed products accessible from the Control Manager management console. Port-based VLAN A type of virtual LAN setup wherein each physi- cal switch port has an access list specifying membership in a set of VLANs. Network VirusWall Enforcer 2500 supports Redundant device pair port-based VLAN through Port Grouping Opera-...
  • Page 231 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide the redundant links as a backup if the initial link should fail. If STP costs change, or if one net- work segment in the STP becomes unreach- able, the spanning tree algorithm reconfigures the spanning tree topology and reestablishes the link by activating the standby path.
  • Page 232 Refers to scan engine used by Trend Micro products running on Windows 95, 98, or ME Traps machines. Notifications sent by managed devices to the NMS when certain events occur, such as a shut- down or authentication error.
  • Page 233 Index Anti-spam rules B-29 Engines B-29 Pattern files/Cleanup templates B-29 convention document P-4 ActiveX 1-11 conventions P-4 administer 1-5 creating Administrator’s Guide P-2 folders B-23 about P-3 Creating exception lists 2-18 architecture 1-5 crossover 1-31, 5-6–5-7, 5-9 audience P-4 auto MDI/MDI-X 1-31 Directory Manager B-21 document conventions P-4 boot sector viruses 1-11...
  • Page 234 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide renaming B-23 manually download components B-30 Frequently Asked Questions (FAQ) 5-24 Functions and capabilities 1-14 understanding B-3 MCP benefits HTTPS support B-5 generating on-demand scheduled reports B-55 NAT and firewall traversal B-4...
  • Page 235 Index traffic lock 2-22 Contents B-49 notifications creating B-48 traps D-7 Frequency B-51 PDF B-48 Recipient B-53 OLH P-2 RPT B-48 OLH See online help RTF B-48 on-demand scheduled reports B-55 Targets B-50 one-way communication B-6 viewing generated reports B-56 online help P-2 Rescue Mode 5-2 Operation D-4...
  • Page 236 Trend Micro™ Network VirusWall™ Enforcer 2500 Administrator’s Guide VBScript 1-11 who should read this document viewing audience P-4 managed products logs B-17 Windows Messenger Service 1-15 managed products status B-15 Worms 1-11 viewing generated reports B-56 vulnerability 1-14, 5-19 I–4...

Table of Contents