Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
ICAP AV scanning—This method forwards traffic to an Internet Content Adaptation
Protocol (ICAP) server for examination. To forward traffic to an ICAP server, create an
ICAP server object, create an ICAP profile, and then specify that profile in a policy.
Configuring External AV Profiles
External AV profiles define the external Trend Micro AV scanner server that a security
device uses to detect viruses in specific protocols. This feature describes the external
scanner supported by ScreenOS 5.0 — 5.3. For ScreenOS 5.4 and later, use an ICAP AV
profile as described in "Configuring ICAP AV Profiles" on page 374
You must configure an AV profile when using external AV for virus protection on your
security device. After you have configured an AV profile, you can use the profile within a
firewall rule.
NOTE: You can configure additional settings for external antivirus protection on the
security device itself. For details, refer to Network and Security Manager Configuring
ScreenOS and IDP Devices Guide.
External AV profiles contain the following information:
Server Name and Port—You must specify the IP address and port number of the external
antivirus server that contains your virus definitions.
Protocols and Timeouts—You must specify the protocols (HTTP and SMTP) that the
external AV server scans for viruses. The default protocol timeout is 180 seconds, but
you can edit this default to meet your networking requirements.
You must use the AV profile in a firewall rule and install that rule on a security device
before the external scanner can begin inspecting traffic for viruses. For information about
using AV profiles in rules.
In this example, you configure an AV profile that sends all HTTP traffic to an external
antivirus server at 1.2.2.20 for virus checking. Because you anticipate heavy HTTP loads
on the network, you increase the timeout from 180 seconds (the default setting) to 300
seconds.
In the main navigation tree, select
1.
>
Objects
External.
In the main display area, click the Add icon. The New AntiVirus Profile dialog box
2.
appears.
Configure the following:
3.
For Name, scanner1_HTTP
For Server Name, enter 1.2.2.20.
For Server Port, leave the default port number of 3300.
Select HTTP, then configure the timeout as 300 seconds.
4.
Click OK to save the new profile.
5.
Chapter 8: Configuring Objects
>
>
Object Manager
UTM
ScreenOS
>
AV
371
Advertisement
Table of Contents
