DVD-R, and/or documentation at no charge. Proof of purchase must be enclosed with any claim. This warranty is limited to replacement of the product. Norman is not liable for any other form of loss or damage arising from use of the software or documentation or from errors or deficiencies therein, including but not limited to loss of earnings.
Administrator Guide Table of Contents System requirements ..........4 Incident statistics ............37 .............. 37 Functions Obtaining Norman Network Protection ....... 4 Configure ..............38 About this guide ............4 ............ 38 Scanner settings Help and support ............4 ..........42 Network configuration .........
For training or further support issues please do not hesitate to contact your local dealer or a Norman Office. Please see the last page of this document for information on Norman Offices.
Norman Network Protection aims to deliver such a concept, protecting both servers and clients in the network. By placing Network Protection between the Internet and the local network, each computer on the network side is protected, and viruses being downloaded are stopped before they reach their destination.
If the group of packets are clean, they are passed on to the protected zone via NIC2. If the packets contain malicious code, they are effectively blocked from the protected zone and an alert is sent to the network via NIC0. Norman Network Protection is also avail- able as an appliance.
Figure 3: Network Protection - protecting a business enterprise. Functionality Norman Network Protection works at the Data Link Layer within the OSI data transmission model. This allows it to operate on a number of protocols and offers more features than proxy solutions.
Page 9
● NIU signature update ○ Norman Internet Update (NIU) can be set to automatically update the virus scanning engine and signature files at hourly intervals. ● Decompression ○...
Norman Network Protection Administrator Guide Installation | Prerequisites Installation The Norman Network Protection appliance is pre-installed with Norman Network Protection software. The action required from you is to provide your network IP address details and to change the default passwords. Prerequisites To take full advantage of the Network Protection functions, a good understanding of running programs on the Linux platform and network management is recommended.
Administrator Guide Installation | Configuration Figure 10: Installing files from archive. 10. Configuration and installation is now complete. Click Reboot to finish and start Norman Network Protection. Figure 11: Installation complete. 11. After completing the configuration wizard connect the device to the network as described in the next chapter.
Figure 7: Setup Wizard License Key 3. Join Endpoint Manager Realm This option allows you to manage NNP centrally from a Norman Endpoint Manager console. To man- age this NNP centrally, you must enter the IP address, username and password for the Norman Endpoint Manager.
Page 24
Administrator Guide | Setup wizard 10. Reviewing the configuration Once the setup wizard is completed, Norman Network Protection is ready for use. The Setup Wizard’s final dialog presents a summary of the selections you made: Figure 15: Setup Wizard Finished...
Top 20 – Detected with Sandbox Displays the amount of malware stopped by the Network Protection application using the Norman Sandbox, both in numbers and percent of total malware per Norman Sandbox category.
Page 43
Cluster failover is implemented primarily for the purpose of improving the availability of services. The Norman Network Protection (NNP) cluster failover option is a 2-node solution where two NNPs (pri- mary and secondary) are placed in parallel. The primary NNP is always responsible for bridging the traffic.
7. Your failover cluster is now removed. Join Endpoint Manager Realm This option allows you to manage NNP centrally from a Norman Endpoint Manager console. To man- age this NNP centrally, you must enter the IP address, username and password for the Norman Endpoint Manager.
Administration and configuration | Configure Figure 42: Join Endpoint Manager If the NNP is already a member of a Norman Endpoint Manager realm, then a notification is available. See the figure below: Figure 43: Join Endpoint Manager (already a member) Note Please refer to the document ‘Managing NNP from Norman Endpoint Manager’...
Page 49
Message routing Provides the option of sending messages to a central Norman Endpoint Manager. This option is reserved for future use and has not yet been activated. Figure 48: Message routing Messages to send ●...
Administration and configuration | Install and Update Install and Update Provides options to update the scanning engine and definition files on demand, or to configure the automatic update intervals for Norman Internet Update (NIU). Figure 59: Install and Update Note Only scanning engine and definition files are updated automatically without any downtime to the sys- tem.
Allows you to configure the Norman Internet Update intervals. Figure 61: Select Update Method ○ Update manually • Norman Internet Update will never run. All updates must be carried out manually with the Update now option. ○ Automatically at set intervals •...
Click this option to open a new browser window to the Support pages on Norman’s web. Contact information Select this option to open a new browser window to view information on how to contact Norman. Reset to factory defaults If you have lost track of your setup or simply want to start from scratch, this option allows you to reset all your settings to factory defaults.
Network Protection is connected to on the bridged interfaces. You can easily check the speed for your Network Interface Cards on the Network Protection application. ● Log into the console of Norman Network Protection (either remotely via SSH or on local console) ● Type ifconfig to see the Network Interface Card information ●...
Page 61
Protection web interface. ● Direct your browser to the Network Protection web interface and log in. ● Select Norman Network Protection > System Monitor. ● The System Monitor screen displays the CPU and memory use in addition to the Network Interface Card load.
Page 62
If Norman Network Protection continues with such behavior, you should contact your local vendor or nearest Norman office to remedy the situation. You may be asked to provide logs from the Norman Network Protection application to minimize the Support department’s time spent on troubleshooting. The support personnel will ask for specific logs, which reside in the .../opt/norman/logs directory on your Network Protection server.
Appendix A: Accessing the Command Line Interface console Norman Network Protection can be accessed via a Command Line Interface (CLI) console. The CLI console provides many of the most commonly used commands that are provided in the web-based management interface.
Appendix B: Using the Network Protection console Even though Norman Network Protection is a Linux-based application, all configuration and adminis- tration can be done from the web-based administration interface. If you’re more familiar with the Linux command shell, you can also use this to configure most of the application.
Starts the Norman Internet Update client to update the scanner engine and definition files. This is run automatically every day and does not need to be run manually, except when administrator have pur- posely disabled automatic updates.
Adds URL pattern to display URL block list. Supported types are: • EXACT: exact match rule. This is equivalent to what Norman Network Protection does when- ever malware is detected in a data stream. • PREFIX: prefix match rule. This will make all URLs starting with this prefix match.
Page 79
Web: www.norman.com/ch Norman ASA is a world leading company within the field of data security, internet protection and analysis tools. Through its SandBox technology Norman offers a unique and pro active protection unlike any other competitor. While focusing on its proactive antivirus technology, the company has formed alliances which enable Norman to offer a complete range of data security services.