Trend Micro Enforcer 1500i Installation And Manual

Network viruswall
Hide thumbs Also See for Enforcer 1500i:
Table of Contents

Advertisement

Network Virus Wall
TM
Enforcer 1500i
(CR100 Series)
Network Security for Enterprise and Medium Business
Installation and Deployment Guide
n
s
Network Security

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Enforcer 1500i and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Trend Micro Enforcer 1500i

  • Page 1 Network Virus Wall Enforcer 1500i (CR100 Series) Network Security for Enterprise and Medium Business Installation and Deployment Guide Network Security...
  • Page 2 Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files, release notes, and the latest version of the applicable user documentation, which are available from the Trend Micro Web site at: http://www.trendmicro.com/download...
  • Page 3 Detailed information about how to use specific features within the product are available in the Online Help and the Knowledge Base at the Trend Micro Web site. Trend Micro is always seeking to improve its documentation. Your feedback is always welcome.
  • Page 4: Table Of Contents

    Contents Preface Network VirusWall Enforcer Documentation ..........viii About This Installation and Deployment Guide .......... ix Audience ......................ix Document Conventions ..................x Chapter 1: Introducing Network VirusWall Enforcer Network VirusWall Enforcer Overview ............. 1-2 Key Concepts ....................1-3 Device Ports ....................1-3 Port Functions ....................
  • Page 5 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Chapter 3: Deploying Network VirusWall Enforcer Planning for Deployment ................3-2 Deployment Overview ................3-2 Phase 1: Plan the Deployment ............3-2 Phase 2: Perform Preconfiguration ............ 3-3 Phase 3: Manage Devices ..............
  • Page 6 Contents Chapter 4: Preconfiguring Network VirusWall Enforcer Before Preconfiguration ................4-2 Verifying Network Support ..............4-2 Preparing for Preconfiguration ..............4-2 Understanding Preconfiguration ..............4-3 The Preconfiguration Console ..............4-3 Performing Preconfiguration ................ 4-4 Logging on the Preconfiguration Console ..........4-4 Configuring Device Settings ..............
  • Page 7 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide...
  • Page 8: Preface

    Preface Preface Welcome to the Trend Micro™ Network VirusWall™ Enforcer 1500i Installation and Deployment Guide. This book contains basic information about the tasks you need to perform to deploy the device. It is intended for novice and advanced users of who want to plan, deploy, and preconfigure Network VirusWall Enforcer.
  • Page 9: Network Viruswall Enforcer Documentation

    • Installation and Deployment Guide (IDG)—PDF documentation that is accessible from the provided USB flash drive or downloadable from the Trend Micro Web site. This IDG contains instructions for deploying the device, a task that includes planning, testing, and preconfiguration. See...
  • Page 10: About This Installation And Deployment Guide

    Preface About This Installation and Deployment Guide The Network VirusWall Enforcer Installation and Deployment Guide discusses the following topics: • Introducing Network VirusWall Enforcer—an overview of the device and its components • Getting Started—details of the actual device and its specifications, including instructions for mounting and powering on the device •...
  • Page 11: Document Conventions

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Document Conventions To help you locate and interpret information easily, this document uses the following conventions. P-1. Conventions used in this document ABLE ONVENTION ESCRIPTION Acronyms, abbreviations, and names of certain...
  • Page 12: Network Viruswall Enforcer Overview

    Chapter 1 Introducing Network VirusWall Enforcer This chapter introduces Trend Micro™ Network VirusWall™ Enforcer 1500i and provides an overview of important concepts and features. This chapter discusses the following topics: • Network VirusWall Enforcer Overview on page 1-2 • Key Concepts on page 1-3 •...
  • Page 13: Network Viruswall Enforcer Overview

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Network VirusWall Enforcer Overview Network VirusWall Enforcer is an outbreak prevention and policy enforcement appliance. It helps stop network viruses (Internet worms), block high-threat vulnerabilities during outbreaks, and quarantine and clean up infection sources. Network VirusWall Enforcer, deployed at the network layer, uses threat intelligence from Trend Micro to protect against threats as they enter the network.
  • Page 14: Key Concepts

    Introducing Network VirusWall Enforcer Key Concepts Before proceeding to the succeeding sections of this document, take note of the following concepts. These concepts are discussed in detail in the Administrator’s Guide. • Ethernet—located on the back panel, these ports link to other devices (usually Layer 2 or Layer 3 devices).
  • Page 15: Port Functions

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Management ports Data ports 3 and 4 1 and 2 1-2. Network VirusWall Enforcer ports IGURE Port Functions Network VirusWall Enforcer ports can be classified based on their function. As described earlier, there are regular data ports and management ports.
  • Page 16 Introducing Network VirusWall Enforcer 1-1. Port types (Continued) ABLE NTERFACE UNCTION EFAULT ESCRIPTION TYPE STATE NUMBER Management Manage- Disabled You can access the Web con- (Copper; ment sole through all regular ports, ports 1 to 2) (MGMT) but you can also dedicate a single port for accessing the Web console and managing the device.
  • Page 17 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide...
  • Page 18: Getting Started

    Chapter 2 Getting Started This chapter guides you through setting up and powering on a Trend Micro™ Network VirusWall™ Enforcer 1500i device. This chapter discusses the following topics: • Package Contents on page 2-2 • Front Panel on page 2-4 •...
  • Page 19: Package Contents

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Package Contents Figure 2-1 illustrates the package contents. Power cord Device with bezel Documents Rack kit and USB drive 2-1. Package contents IGURE Note: The actual items in your package may appear slightly different from those shown in this document.
  • Page 20 Administrator’s Guide • Installation and Deployment Guide • Quick Start Guide • Readme • Trend Micro™ Control Manager™ patches • Syslog and TFTP tools Note: Refer to the troubleshooting section in the Administrator’s Guide for instructions on how to use the provided tools.
  • Page 21: Front Panel

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide 2-1. Network VirusWall Enforcer package contents (Continued) ABLE UANTITY ESCRIPTION 3 printed • Printed documents that provide safety, Security documents licensing, and getting started informa- Appliance tion. Consult these documents before License using Network VirusWall Enforcer.
  • Page 22 Getting Started 2-2. Front panel IGURE 2-2. Front panel features ABLE OMPONENT ESCRIPTION Power-on indi- The power button turns the device on cator, power and off. The indicator lights up when button the device is on. Diagnostic indi- The diagnostic indicators aid in trou- cators (4) bleshooting hardware-related issues with technical support.
  • Page 23 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide 2-2. Front panel features (Continued) ABLE OMPONENT ESCRIPTION USB connectors The connectors accept USB 2.0-com- pliant devices. Use these connectors to attach a keyboard and configure the device.
  • Page 24: Installing The Bezel

    Getting Started A photo of the Network VirusWall Enforcer front panel appears below. USB ports Power button VGA port 2-3. Network VirusWall Enforcer front panel IGURE Installing the Bezel The device is supplied with a removable bezel as shown in Figure 2-4.
  • Page 25 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Keylock Bezel 2-5. Installing and removing the bezel IGURE To install the bezel: Hook the right end of the bezel into the bezel slot on the right side of the device...
  • Page 26: Back Panel

    Getting Started Back Panel Figure 2-6 shows the controls, indicators, and connectors located on the back panel. Power supply Keyboard Mouse connector connector connector USB connectors (2) 5 Serial connector Video connector Network port 1 Network port 2 NIC expansion slot Device status Device indicator...
  • Page 27: Network Port Indicators

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide A dual port server adapter occupies the expansion slot. The two ports in this card correspond to ports 3 and 4, as shown in the image below, for a total of four network ports.
  • Page 28: Indicators On The Copper Expansion Cards

    Getting Started 2-3. Indicator codes for onboard ports ABLE NDICATOR TATUS Link and activity indicators are off. The port is not connected to the network. Link indicator is green. The port is connected to a valid link part- ner on the network. Activity indicator is blinking yellow.
  • Page 29: Installing The Device

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide 2-4. Technical specifications (Continued) ABLE PECIFICATION ETAILS Onboard NIC Two RJ-45 10/100/1000 Mbps Ethernet Network adapter Silicom™ PEG2BPi-SD-RoHS (Dual Port Copper (expansion slot) Gigabit Ethernet PCI Express Bypass Server...
  • Page 30 Getting Started Step 1: Unpack the device Unpack your device. The Network VirusWall Enforcer rack kit is very simple to use but will require a #2 Phillips-head screwdriver. The kit contains two rail assemblies as well as screws and brackets for attaching the device. Step 2: Install the rails and device in a rack Assemble the rails and install the device in the rack.
  • Page 31 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide 2-10. Sliding the inner member out to detach it IGURE Using the provided screws, attach the outer member to the rack frame. 2-11. Attaching the outer member to the rack frame...
  • Page 32 Getting Started 2-12. Attaching the inner member to the device. IGURE Mount the device onto the rack. Press member lock 2-13. Mounting the device IGURE Step 3: Connect the keyboard and monitor (optional) Connect the keyboard and monitor. The connectors on the back of your device have icons indicating which cable to plug into each connector.
  • Page 33 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Step 4: Connect the power cables Connect the power cable(s) to the device and, if using a monitor, connect the monitor’s power cable to the monitor. Step 5: Turn on the device Press the power button on the device and on the monitor (optional).
  • Page 34 Chapter 3 Deploying Network VirusWall Enforcer Before configuring a Network VirusWall Enforcer device, plan how to integrate the device into your network. Determine the topology it will support. This chapter explains how to plan for the deployment. It also provides deployment scenarios to help you understand the various ways the device can protect your network.
  • Page 35: Planning For Deployment

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Planning for Deployment To take advantage of the benefits Network VirusWall Enforcer can bring to your organization, you will need to understand the possible ways to deploy one or more devices.
  • Page 36: Phase 2: Perform Preconfiguration

    Deploying Network VirusWall Enforcer • Plan for network traffic, considering the location of critical computers, such as email, Web, and application servers. • Determine the number of devices needed to meet your security needs and their locations on the network. •...
  • Page 37: Identifying What To Protect

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide To protect an organization from network threats, position the device in a key place on your network segment. The device should be able to scan all network traffic to prevent, detect, or contain threats.
  • Page 38: Remote Access Endpoints

    Deploying Network VirusWall Enforcer Identify segments of your network to protect by considering which kinds of endpoints may introduce security risks or violate security policies. Also, consider the location of resources that are critical to your organization, such as: • Remote endpoints that access your internal network resources •...
  • Page 39 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Figure 3-1 illustrates a dialup connection between a home user and an organization’s internal network. A RAS server, the point where the dialup connection terminates, is connected to a regular port (see...
  • Page 40 Deploying Network VirusWall Enforcer The recommended settings for this scenario are the same as the settings for the dialup user scenario (see Figure 3-1). Business unit A Business unit B VPN tunnel Network A Network B 3-3. Site-to-site VPN deployment scenario IGURE Figure 3-3 illustrates a VPN connection between two business units.
  • Page 41: Guest Endpoints

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Guest Endpoints Guest endpoints are endpoints that do not belong to an internal network domain. They are often visitors who temporarily access your network resources through their portable computers.
  • Page 42: Key Segments And Critical Assets

    Deploying Network VirusWall Enforcer Key Segments and Critical Assets Key network segments need to be protected from network-based threats. This may include a group of endpoint computers or network resources critical to your organization, such as email, Web, or application servers. L2 switch L3 switch Critical hosts...
  • Page 43: Dual-Switch Vlan Environment

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide The device can also guard against attacks that not only originate on the Internet, but also attacks that may originate from within your network. Since traffic first passes through the device before reaching email and Web servers, the device can scan and detect infected packets that come from endpoints on the LAN.
  • Page 44 Deploying Network VirusWall Enforcer 802.1Q Trunk VLAN 10 VLAN 20 VLAN 30 3-6. Multiple VLAN segments with each device protecting one IGURE segment Figure 3-6, the devices are installed on an 802.1Q trunk line between two switches. 3-11...
  • Page 45: Single-Switch Vlan Environment

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide 3-7. Multiple VLAN segments with each device protecting all IGURE segments Single-Switch VLAN Environment A single-switch configuration may have the following properties: • Possible only when using a switch that can be configured to carry individual VLAN traffic on specific physical ports.
  • Page 46: Networks With Ipv6 Addresses

    Threat Management Agent, are not supported on IPv6 environments. These unsupported features include: • Policy enforcement • Cleanup of infected endpoints detected through threat mitigation • Trend Micro™ Control Manager™ support • LDAP authentication 3-13...
  • Page 47: Pure Ipv6 Environments

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Pure IPv6 Environments In environments with purely IPv6 hosts, administrators do not need to perform special deployment tasks. As long as Network VirusWall Enforcer is supplied with a valid IPv6 address, it can function normally.
  • Page 48: Planning For Network Traffic

    Deploying Network VirusWall Enforcer Planning for Network Traffic The scenario presented in Key Segments and Critical Assets on page 3-9 is a good example of how to plan for network traffic. There is a strategic advantage to positioning the device in front of resources that endpoints access regularly, such as an email server or an Internet gateway.
  • Page 49: Conducting A Pilot Deployment

    Creating a Contingency Plan Trend Micro recommends creating a contingency plan in case there are issues with the installation, operation, or upgrade of the device. Consider your network’s vulnerabilities and how you can retain a minimum level of security if issues arise.
  • Page 50: Deployment Scenarios

    Deploying Network VirusWall Enforcer Deployment Scenarios A deployment plan is dependent upon the options you select. This section provides examples of a basic deployment scenario. Performing Preconfiguration Verifying Network Support Tip: on page 4-4 and on page 4-2 for checklists on how to prepare a device for deployment. Basic Deployment Scenario The device can be installed on a network that contains Ethernet devices such as hubs, switches, and routers.
  • Page 51: Failopen Considerations

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Network VirusWall Enforcer protects your network as follows: • Scans traffic to and from endpoints • Prevents endpoints that violate your security policies from gaining access to resources •...
  • Page 52 Chapter 4 Preconfiguring Network VirusWall Enforcer This chapter discusses the following topics: • Before Preconfiguration on page 4-2 • Understanding Preconfiguration on page 4-3 • The Preconfiguration Console on page 4-3 • Performing Preconfiguration on page 4-4 • Connecting to the Network on page 4-10 •...
  • Page 53: Before Preconfiguration

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Before Preconfiguration Complete the following tasks before you preconfigure Network VirusWall Enforcer: • Test the failopen functionality. Network traffic should still pass through the device after a hardware or system error or if the device loses power.
  • Page 54: Understanding Preconfiguration

    Preconfiguring Network VirusWall Enforcer Also, ensure that you can access Network VirusWall Enforcer directly. Before powering on the device, attach the following peripherals: • VGA monitor • Keyboard Installing Tip: For instructions on how to connect peripherals and power on the device, see the Device on page 2-12.
  • Page 55: Performing Preconfiguration

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Performing Preconfiguration You must complete the following tasks to preconfigure the device: Logging on the Preconfiguration Console on page 4-4 Configuring Device Settings on page 4-6 Setting the Interface Speed and Duplex Mode...
  • Page 56 Preconfiguring Network VirusWall Enforcer To log on to the Preconfiguration console To get full access to the Preconfiguration console, type the default administrator user name and password: User name: admin Password: admin Note: Only the accounts can be used to log on to administrator power user the Preconfiguration console.
  • Page 57: Configuring Device Settings

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Configuring Device Settings Immediately after logging on to the Preconfiguration console for the first time, configure the device host name and network settings. To configure the device settings: On the Main Menu of the Preconfiguration console, type 2 to select Device Settings.
  • Page 58: Enabling Ports And Selecting Port Functions

    VirusWall Enforcer as a dual-stack host, provide both IPv4 and IPv6 settings. WARNING! If there is a NAT device in your environment, Trend Micro recom- mends assigning a static IP address to the device. Because different port settings are assigned from your NAT, your device may not work properly if dynamic IP addresses are used.
  • Page 59 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide To enable non-regular ports and modify their function: On the Main Menu of the Preconfiguration console, type 4 to open the Interface Settings screen. 4-4. Interface Settings screen IGURE Type 2 to select Interface setting.
  • Page 60: Setting The Interface Speed And Duplex Mode

    Preconfiguring Network VirusWall Enforcer To modify the function of the selected port depending on your deployment strategy, press the . Disabled management interface (onboard) ports can SPACEBAR be assigned the following functions: • DIS—the port is disabled; this is the default setting •...
  • Page 61: Connecting To The Network

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Type 3 to select Return to Main menu. The Main Menu displays. Select Save and Log Off to make changes take effect. Note: In order to apply the configuration changes made in the Preconfiguration console, you must save and log off.
  • Page 62: Chapter 5: Troubleshooting And Technical Support

    Chapter 5 Troubleshooting and Technical Support This chapter provides troubleshooting information for issues that may arise during the preconfiguration. Tip: Refer to the Administrator’s Guide for answers to frequently asked questions and other troubleshooting tips. This chapter discusses the following topics: •...
  • Page 63: Device Issues

    Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Device Issues SSUE ORRECTIVE CTION XPLANATION admin pass- You have two options: word misplaced 1. If the device has registered to Control Manager, you or forgotten can access the Web console and change the password through the Control Manager console using a Control Manager account.
  • Page 64: Getting Technical Support

    Guide, and Online Help provide comprehensive information about Network VirusWall Enforcer. Search these documents for helpful information. • Knowledge Base—a key part of our technical support Web site, the Trend Micro Knowledge Base contains the latest information about Trend Micro products. To search the Knowledge Base, visit: http://esupport.trendmicro.com...
  • Page 65 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide Having the following information ready before you contact our support staff can help them resolve problems faster: • Device model and image (firmware) version • Deployment setup •...
  • Page 66 Index number of devices 3-15 activation overview 4-10 activity indicator planning 2-10 Administrator’s Guide deployment scenarios viii 3-17 airflow and cooling basic deployment 2-12 3-17 audience deployment strategy 3-16 device identification button device image back panel device ports basic deployment 3-17 device settings –...
  • Page 67 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide fault-tolerance first-match rule LAN bypass freestanding installation LED indicators 2-12 2-11 frequently asked questions (FAQs) link indicator viii 2-10 front panel link-state failover glossary management interface viii guest endpoints...
  • Page 68 Index default – lost passwords Quick Start Guide pilot deployment 3-16 contingency plan 3-16 rack cabinet 2-12 evaluation 3-16 rack kit 2-13 site 3-16 RAS server policy enforcement 4-10 Readme viii policy enforcement scenarios viii port functions – regular port port indicators remote access service copper expansion cards...
  • Page 69 Trend Micro™ Network VirusWall™ Enforcer 1500i (CR100 Series) Installation and Deployment Guide video connector VLAN 3-12 IX-4...

This manual is also suitable for:

Cr100 series

Table of Contents