Cisco ASA 5505 Configuration Manual page 1154

Information About the CSC SSM
In this example, the client could be a network user who is accessing a website, downloading files from
an FTP server, or retrieving mail from a POP3 server. SMTP scans differ in that you should configure
the adaptive security appliance to scan traffic sent from the outside to SMTP servers protected by the
adaptive security appliance.
Figure 55-1
Client
You use ASDM for system setup and monitoring of the CSC SSM. For advanced configuration of content
security policies in the CSC SSM software, you access the web-based GUI for the CSC SSM by clicking
links within ASDM. The CSC SSM GUI appears in a separate web browser window. To access the CSC
SSM, you must enter the CSC SSM password. To use the CSC SSM GUI, see the Cisco Content Security
and Control (CSC) SSM Administrator Guide.
ASDM and the CSC SSM maintain separate passwords. You can configure their passwords to be
Note
identical; however, changing one of these two passwords does not affect the other password.
The connection between the host running ASDM and the adaptive security appliance is made through a
management port on the adaptive security appliance. The connection to the CSC SSM GUI is made
through the SSM management port. Because these two connections are required to manage the CSC
SSM, any host running ASDM must be able to reach the IP address of both the adaptive security
appliance management port and the SSM management port.
Figure 55-2
management network. While use of a dedicated management network is not required, we recommend it.
In this configuration, the following items are of particular interest:
• An HTTP proxy server is connected to the inside network and to the management network. This
HTTP proxy server enables the CSC SSM to contact the Trend Micro Systems update server.
• The management port of the adaptive security appliance is connected to the management network.
To allow management of the adaptive security appliance and the CSC SSM, hosts running ASDM
must be connected to the management network.
The management network includes an SMTP server for e-mail notifications for the CSC SSM and a
•
syslog server to which the CSC SSM can send syslog messages.
Cisco ASA 5500 Series Configuration Guide using ASDM
55-2
Chapter 55
Flow of Scanned Traffic with CSC SSM
Security Appliance
Main System
Request sent
inside
Reply forwarded
Diverted Traffic
content security scan
CSC SSM
shows an adaptive security appliance with a CSC SSM that is connected to a dedicated
Configuring the Content Security and Control Application on the CSC SSM
Adaptive
modular
service
policy
Request forwarded
outside
Reply sent
Server
OL-20339-01