1. Manuals
  2. Brands
  3. Trend Micro Manuals
  4. Firewall
  5. viruswall enforcer 1500i
  6. Installation & deployment manual

Trend Micro Network VirusWall Enforcer 1500i Installation & Deployment Manual

R210 series
Hide thumbs Also See for Network VirusWall Enforcer 1500i:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, Installation Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Network VirusWall Enforcer 1500i and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Trend Micro Network VirusWall Enforcer 1500i

Summary of Contents for Trend Micro Network VirusWall Enforcer 1500i

  • Page 2 Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files, release notes, and the latest version of the applicable user documentation, which are available from the Trend Micro website at: docs.trendmicro.com...
  • Page 3 Read through it prior to installing or using the product. Detailed information about how to use specific features within the product are available in the Online Help and the Knowledge Base at the Trend Micro website. Trend Micro is always seeking to improve its documentation. Your feedback is always welcome.

  • Page 4: Table Of Contents

    Contents Preface About this Installment and Deployment Guide .........viii Content Overview ..................viii Document Set ..................... ix Documentation and Software Updates .............ix Audience ....................... x Device and Software Version ............... x Document Conventions ..................x Chapter 1: Introducing Network VirusWall Enforcer Network VirusWall Enforcer Overview .............
  • Page 5 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Network Port Indicators .................2-14 Indicators on Onboard Ports ............2-14 Indicators on the Copper Expansion Cards ........2-15 Installing the Device ..................2-15 Chapter 3: Deploying Network VirusWall Enforcer Planning for Deployment ................3-2 Deployment Overview ................3-2...
  • Page 6 Contents Chapter 4: Preconfiguring Network VirusWall Enforcer Before Preconfiguration ................. 4-2 Verifying Network Support ..............4-2 Preparing for Preconfiguration ..............4-2 Understanding Preconfiguration ..............4-3 The Preconfiguration Console ..............4-3 Performing Preconfiguration ................ 4-3 Logging on the Preconfiguration Console ..........4-4 Configuring Device Settings ..............
  • Page 7 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide...

  • Page 8: Preface

    Preface Preface Welcome to the Trend Micro™ Network VirusWall™ Enforcer Installment and Deployment Guide. This book contains basic information about the tasks you need to perform to deploy the device. It is intended for novice and advanced users of who want to plan, deploy, and preconfigure Network VirusWall Enforcer.

  • Page 9: About This Installment And Deployment Guide

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide About this Installment and Deployment Guide This document contains detailed information about getting started with Network VirusWall Enforcer. It provides an overview of the device and how to install it. It also covers initial configuration and deployment to help you prepare the device for use in protecting your network.

  • Page 10: Document Set

    Readme Text Provides late-breaking • USB flash drive news and software build • Trend Micro information Download Center Documentation and Software Updates For the latest documentation and software updates, visit the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/...

  • Page 11: Audience

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Audience This Installment and Deployment Guide is targeted at network administrators who will deploy the device. Network VirusWall Enforcer documentation assumes that readers have networking knowledge and understand antivirus and content security concepts.
  • Page 12 Preface P-4. Conventions used in the documentation (Continued) ABLE ONVENTION ESCRIPTION Actual text, typed commands, file names, and pro- Monospace gram output Important information Note: Recommendations Tip: Critical information WARNING!
  • Page 13 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide...
  • Page 14 Chapter 1 Introducing Network VirusWall Enforcer This chapter introduces Trend Micro™ Network VirusWall™ Enforcer and provides an overview of important concepts and features. This chapter discusses the following topics: • Network VirusWall Enforcer Overview on page 1-2 • Key Concepts on page 1-3 •...

  • Page 15: Network Viruswall Enforcer Overview

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Network VirusWall Enforcer Overview Network VirusWall Enforcer is an outbreak prevention appliance that allows organizations to enforce security policies at the network layer. Network VirusWall Enforcer scans network traffic to help ensure that it is free of fast-spreading network viruses.

  • Page 16: Key Concepts

    Introducing Network VirusWall Enforcer Key Concepts Before proceeding to the succeeding sections of this document, take note of the following concepts. 1-1. Key Concepts in this Document ABLE ONCEPT ESCRIPTION Management port Dedicated for management purposes. You can specify only one management port. Mirror port Sends all traffic passing the device to a computer to capture all data.

  • Page 17: Technical And Environmental Specifications

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Technical and Environmental Specifications The following table lists the technical specifications of Network VirusWall Enforcer: 1-2. Technical specifications ABLE PECIFICATION ETAILS Base unit Dell™ PowerEdge™ R210 Rack Mount Server Processor Intel Celeron™...
  • Page 18 Introducing Network VirusWall Enforcer The following table lists the environmental specifications of Network VirusWall Enforcer: 1-3. Environmental specifications ABLE PECIFICATION ETAILS Temperature 10° to 35°C (50° to 95°F) with a maximum temperature (operating) gradation of 10°C per hour For altitudes above 2950 feet, the maximum operating temperature is de-rated 1°F/550ft.
  • Page 19 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide 1-3. Environmental specifications (Continued) ABLE PECIFICATION ETAILS Altitude (operat- -16 to 3048 m (-50 to 10,000 ft) ing) For altitudes above 2950ft, the maximum operating tem- perature is derated 1ºF/550ft.

  • Page 20: Getting Started

    Chapter 2 Getting Started This chapter guides you through setting up and powering on a Trend Micro™ Network VirusWall™ Enforcer device. This chapter discusses the following topics: • Package Contents on page 2-2 • Front Panel on page 2-4 •...

  • Page 21: Package Contents

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Package Contents Figure 2-1 illustrates the package contents. Device with bezel Power cord Documents Rack kit and USB drive 2-1. Package contents IGURE Note: The actual items in your package may appear slightly different from those shown in this document.
  • Page 22 Administrator’s Guide • Installation and Deployment Guide • Quick Start Guide • Readme • Trend Micro™ Control Manager™ patches • Syslog and TFTP tools Note: Refer to the troubleshooting section in the Administrator’s Guide for instructions on how to use the provided tools.

  • Page 23: Front Panel

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide 2-1. Network VirusWall Enforcer package contents (Continued) ABLE UANTITY ESCRIPTION 3 printed • Printed documents that provide safety, Security documents licensing, and getting started informa- Appliance tion. Consult these documents before License using Network VirusWall Enforcer.
  • Page 24 Getting Started 2-2. Front panel features ABLE NDICATOR UTTON ESCRIPTION ONNECTOR Power-on indicator, The power button turns the device on power button and off. The indicator lights up when the device is on. Tip: To force the device to shut down, press and hold the power button for five seconds.
  • Page 25 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide 2-2. Front panel features (Continued) ABLE NDICATOR UTTON ESCRIPTION ONNECTOR Device identifica- The identification buttons on the front tion button and back panels can be used to locate a particular device within a rack.

  • Page 26: Installing The Bezel

    Getting Started USB ports Power button and indicator VGA port 2-3. Network VirusWall Enforcer front panel IGURE Installing the Bezel The device is supplied with a removable bezel as shown in Figure 2-4. 2-4. Network VirusWall Enforcer with the bezel IGURE...
  • Page 27 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide To replace the bezel, hook the right end of the bezel onto the chassis, and then fit the free end of the bezel onto the device. Secure the bezel with the keylock.

  • Page 28: Back Panel

    Getting Started Back Panel Figure 2-6 shows the controls, indicators, and connectors located on the device's back panel. 8 9 10 11 2-6. Back panel IGURE 2-3. Back panel features ABLE NDICATOR UTTON ESCRIPTION ONNECTOR iDRAC6 Enter- Dedicated management port for the prise port optional iDRAC6 Enterprise card.
  • Page 29 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide 2-3. Back panel features (Continued) ABLE NDICATOR UTTON ESCRIPTION ONNECTOR Video connector Connects a VGA display to the device. eSATA Connects to eSATA devices for addi- tional storage USB connectors Connects USB devices to the device.
  • Page 30 Getting Started Port 1 Port 2 Port 4 Port 3 2-7. Standard four-port configuration IGURE 2-11...

  • Page 31: Device Ports

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Device Ports Network VirusWall Enforcer supports four network ports, with the first two ports (port 1 and 2) providing management functionality. More specifically, these ports can be configured as management (MGMT) or mirror (MIRR) ports. Ports 3 and 4 are regular data ports that connect to the network and provide security functionality.
  • Page 32 Getting Started 2-4. Port types (Continued) ABLE NTERFACE UNCTION EFAULT ESCRIPTION TYPE STATE NUMBER Management Manage- Disabled You can access the web con- (Copper; ment sole through all regular ports, ports 1 to 2) (MGMT) but you can also dedicate a single port for accessing the web console and managing the device.

  • Page 33: Data Port Adapter

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide By using bypass server adapters, Network VirusWall Enforcer data ports provide a fault-tolerance solution known as "failopen" or "LAN bypass". This solution allows the Network VirusWall Enforcer to continue passing network traffic even if other device components fail or when the device loses power.

  • Page 34: Indicators On The Copper Expansion Cards

    Getting Started Link indicator Activity indicator 2-9. Onboard port indicators IGURE 2-5. Indicator codes for onboard ports ABLE NDICATOR TATUS Link and activity indicators are off. The port is not connected to the network. Link indicator is green. The port is connected to a valid link part- ner on the network.
  • Page 35 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide • Mounted to a standard 19-inch four-post rack cabinet The device requires 1 rack unit (RU) of vertical space in the rack. Tip: If mounting more than one device, position and mount the devices in close proximity.
  • Page 36 Getting Started Installing the device involves performing the following tasks. WARNING! Before performing the following tasks, review the safety instructions in the Product Information Guide that came with the device. Step 1: Unpack the device Unpack your device. The Network VirusWall Enforcer rack kit does not require screws and is very simple to use.
  • Page 37 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Step 3: Connect the keyboard and monitor (optional) 2-11. Connecting the keyboard and the monitor IGURE Connect the keyboard and monitor. The connectors on the back of your device have icons indicating which cable to plug into each connector.
  • Page 38 Getting Started Connect the power cable(s) to the device and, if using a monitor, connect the monitor’s power cable to the monitor. Step 5: Secure the power cables 2-13. Securing the power cables IGURE Bend the power cable(s) of the device into a loop as shown in the illustration and secure the cable to the bracket using the provided strap.
  • Page 39 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Step 6: Turn on the device 2-14. Powering the device and the monitor IGURE Press the power button on the device and on the monitor (optional). The power indicators should light up.
  • Page 40 Chapter 3 Deploying Network VirusWall Enforcer Before configuring a Network VirusWall Enforcer device, plan how to integrate the device into your network. Determine the topology it will support. This chapter explains how to plan for the deployment. It also provides deployment scenarios to help you understand the various ways the device can protect your network.

  • Page 41: Planning For Deployment

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Planning for Deployment To take advantage of the benefits Network VirusWall Enforcer can bring to your organization, you will need to understand the possible ways to deploy one or more devices.

  • Page 42: Phase 2: Perform Preconfiguration

    Deploying Network VirusWall Enforcer • Plan for network traffic, considering the location of critical computers, such as email, web, and application servers. • Determine the number of devices needed to meet your security needs and their locations on the network. •...

  • Page 43: Identifying What To Protect

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide To protect an organization from network threats, position the device in a key place on your network segment. The device should be able to scan all network traffic to prevent, detect, or contain threats.

  • Page 44: Remote Access Endpoints

    Deploying Network VirusWall Enforcer Identify segments of your network to protect by considering which kinds of endpoints may introduce security risks or violate security policies. Also, consider the location of resources that are critical to your organization, such as: • Remote endpoints that access your internal network resources •...
  • Page 45 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Figure 3-1 illustrates a dialup connection between a home user and an organization’s internal network. A RAS server, the point where the dialup connection terminates, is connected to a regular port (see...
  • Page 46 Deploying Network VirusWall Enforcer The recommended settings for this scenario are the same as the settings for the dialup user scenario (see Figure 3-1). Business unit A Business unit B VPN tunnel Network A Network B 3-3. Site-to-site VPN deployment scenario IGURE Figure 3-3 illustrates a VPN connection between two business units.

  • Page 47: Guest Endpoints

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Guest Endpoints Guest endpoints are endpoints that do not belong to an internal network domain. They are often visitors who temporarily access your network resources through their portable computers. Guest endpoints represent a major risk because they are typically outside the scope of the network security infrastructure.

  • Page 48: Key Segments And Critical Assets

    Deploying Network VirusWall Enforcer Key Segments and Critical Assets Key network segments need to be protected from network-based threats. This may include a group of endpoint computers or network resources critical to your organization, such as email, web, or application servers. L2 switch L3 switch Critical hosts...

  • Page 49: Dual-Switch Vlan Environment

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide The device can also guard against attacks that not only originate on the Internet, but also attacks that may originate from within your network. Since traffic first passes through the device before reaching email and web servers, the device can scan and detect infected packets that come from endpoints on the LAN.
  • Page 50 Deploying Network VirusWall Enforcer 802.1Q Trunk VLAN 10 VLAN 20 VLAN 30 3-6. Multiple VLAN segments with each device protecting one IGURE segment Figure 3-6, the devices are installed on an 802.1Q trunk line between two switches. 3-11...

  • Page 51: Single-Switch Vlan Environment

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide 3-7. Multiple VLAN segments with each device protecting all IGURE segments Single-Switch VLAN Environment A single-switch configuration may have the following properties: • Possible only when using a switch that can be configured to carry individual VLAN traffic on specific physical ports.

  • Page 52: Networks With Ipv6 Addresses

    Deploying Network VirusWall Enforcer • The upstream network is connected to port 2 on the switch. • The regular port on Network VirusWall Enforcer is connected to port 1 on the switch. • Endpoints are connected to other regular ports on Network VirusWall Enforcer. 3-8.

  • Page 53: Pure Ipv6 Environments

    IPv6 Limitations on page 3-13. Note: Many resources on the Internet, including the Trend Micro™ ActiveUpdate™ and product registration servers, are accessible only through IPv4 traffic. When configured as an IPv6-only host, Network VirusWall Enforcer traffic to and from the Internet can be translated using a dual-stack proxy.

  • Page 54: Planning For Network Traffic

    Deploying Network VirusWall Enforcer Planning for Network Traffic The scenario presented in Key Segments and Critical Assets on page 3-9 is a good example of how to plan for network traffic. There is a strategic advantage to positioning the device in front of resources that endpoints access regularly, such as an email server or an Internet gateway.

  • Page 55: Failopen

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Failopen Failopen or LAN bypass involves one Network VirusWall Enforcer device. Failopen is a fault-tolerance solution that allows a Network VirusWall Enforcer to continue passing network traffic even when other device components fail or when the device loses power.

  • Page 56: Conducting A Pilot Deployment

    Connected Conducting a Pilot Deployment Trend Micro recommends conducting a pilot deployment in a controlled environment to help you understand how the device features work. A pilot deployment also helps you determine how the device can be used to accomplish your security goals and the level of support you will likely need after a full deployment.

  • Page 57: Creating A Contingency Plan

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Creating a Contingency Plan Trend Micro recommends creating a contingency plan in case there are issues with the installation, operation, or upgrade of the device. Consider your network’s vulnerabilities and how you can retain a minimum level of security if issues arise.
  • Page 58 Deploying Network VirusWall Enforcer Router Network VirusWall Enforcer Switch Console Protected Segment 3-9. Basic Deployment IGURE Network VirusWall Enforcer protects your network as follows: • Scans traffic to and from endpoints • Prevents endpoints that violate your security policies from gaining access to resources •...
  • Page 59 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide 3-20...
  • Page 60 Chapter 4 Preconfiguring Network VirusWall Enforcer This chapter discusses the following topics: • Before Preconfiguration on page 4-2 • Understanding Preconfiguration on page 4-3 • The Preconfiguration Console on page 4-3 • Performing Preconfiguration on page 4-3 • Connecting to the Network on page 4-10 •...

  • Page 61: Before Preconfiguration

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Before Preconfiguration Complete the following tasks before you preconfigure Network VirusWall Enforcer: • Test the failopen functionality. Network traffic should still pass through the device after a hardware or system error or if the device loses power.

  • Page 62: Understanding Preconfiguration

    Preconfiguring Network VirusWall Enforcer Understanding Preconfiguration Ensure that the tasks in Preparing for Preconfiguration on page 4-2 have been completed before starting preconfiguration. To perform preconfiguration: Plan and determine the deployment strategy (see Deploying Network VirusWall Enforcer on page 3-1). Perform preconfiguration (see instructions in The Preconfiguration Console on page...

  • Page 63: Logging On The Preconfiguration Console

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Logging on the Preconfiguration Console A few minutes after powering on the device, the attached monitor will display the Preconfiguration console. If this screen does not display, press CTRL+R. 4-1.
  • Page 64 Preconfiguring Network VirusWall Enforcer To log on to the Preconfiguration console To get full access to the Preconfiguration console, type the default administrator user name and password: User name: admin Password: admin Note: Only the accounts can be used to log on to administrator power user the Preconfiguration console.

  • Page 65: Configuring Device Settings

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Configuring Device Settings Immediately after logging on to the Preconfiguration console for the first time, configure the device host name and network settings. To configure the device settings: On the Main Menu of the Preconfiguration console, type 2 to select Device Settings.

  • Page 66: Enabling Ports And Selecting Port Functions

    VirusWall Enforcer as a dual-stack host, provide both IPv4 and IPv6 settings. WARNING! If there is a NAT device in your environment, Trend Micro recom- mends assigning a static IP address to the device. Because different port settings are assigned from your NAT, your device may not work properly if dynamic IP addresses are used.
  • Page 67 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide To enable non-regular ports and modify their function: On the Main Menu of the Preconfiguration console, type 4 to open the Interface Settings screen. 4-4. Interface Settings screen IGURE Type 2 to select Interface setting.

  • Page 68: Setting The Interface Speed And Duplex Mode

    Preconfiguring Network VirusWall Enforcer To modify the function of the selected port depending on your deployment strategy, press the . Disabled management interface (onboard) ports can SPACEBAR be assigned the following functions: • DIS—the port is disabled; this is the default setting •...

  • Page 69: Connecting To The Network

    4-9. Configuring Network VirusWall Enforcer After preconfiguring Network VirusWall Enforcer, you can configure the device and start protecting your network. Trend Micro recommends performing the following tasks after preconfiguring a device: • Change the password for the default accounts •...

  • Page 70: Chapter 5: Troubleshooting And Technical Support

    Chapter 5 Troubleshooting and Technical Support This chapter provides troubleshooting information for issues that may arise during the preconfiguration. Tip: Refer to the Administrator’s Guide for answers to frequently asked questions and other troubleshooting tips. This chapter discusses the following topics: •...

  • Page 71: Device Issues

    Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Device Issues SSUE ORRECTIVE CTION XPLANATION admin pass- You have two options: word misplaced 1. If the device has registered to Control Manager, you or forgotten can access the web console and change the password through the Control Manager console using a Control Manager account.

  • Page 72: Getting Technical Support

    Troubleshooting and Technical Support Getting Technical Support Trend Micro is committed to providing service and support that exceeds your expectations. You must register your product to qualify for support. Before Contacting Technical Support Before contacting technical support, see if these resources can help you address your problem: •...
  • Page 73 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide Having the following information ready before you contact our support staff can help them resolve problems faster: • Device model and image (firmware) version • Deployment setup • Interface speed and duplex mode settings •...
  • Page 74 Index delayed packets activation Dell PowerEdge R610 4-10 deployment ActiveUpdate 3-13 identifying what to protect activity indicator 2-15 number of devices 3-15 Administrator’s Guide overview airflow and cooling 2-16 planning altitude deployment planning application policy 3-13 deployment scenarios audience basic deployment 3-18 auto MDI/MDI-X 3-16...
  • Page 75 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide DVD drive connecting the power cable 2-18 installing the bezel 2-20 keyboard and monitor 2-18 endpoint notifications 3-13 rack mounting 2-17 – environmental specifications rail assembly 2-17 eSATA securing the power cable...
  • Page 76 Index MDI/MDI-X policy enforcement 3-16 4-10 media slot port activity 3-13 memory port functions 2-12 – port indicators MGMT 2-12 2-13 – copper expansion cards 2-15 MIRR 2-12 2-13 – onboard ports 2-14 mirror port 2-12 2-13 ports 2-12 monitor 2-10 default state 2-12...
  • Page 77 Trend Micro™ Network VirusWall™ Enforcer 1500i Installment and Deployment Guide RAS server Third-party License Attributions Readme threat mitigation 3-13 troubleshooting 2-12 regular port 2-12 relative humidity unpacking 2-17 remote access service update source 3-14 remote clients updates 4-10 remote detection...

Table of Contents