TrendMicro gateway products. . . (Full Version)

All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons


TechFan -> TrendMicro gateway products. . . (9.Dec.2004 3:59:00 AM)

We are considering ISA 2004 and will be getting TrendMicro for antivirus. We have the ability to get their Gateway products as well under contract, but I am trying to see how they might work with ISA server. . .anyone used them? Thanks.

Ara.A -> RE: TrendMicro gateway products. . . (9.Dec.2004 4:39:00 AM)

There is a guy in mailing list, can't remeber the name but I think they use trendmicro products [Wink]

charlie66 -> RE: TrendMicro gateway products. . . (11.Dec.2004 1:21:00 AM)

We have been using Trend's InterScan Web Security Suite 2.0 for Windows for some months now.

With about 400 users, 100.000 http requests daily and a total traffic of app. 1 GB daily, it works nicely.

IWSS seems to be stopping all virus, a good deal of phishing sites and some spyware. We have not implemented the URL filtering.

So far I have seen no incidences and heard very few complaints (pop-up blockers and download managers should not be used though).

If you want to use IWSS in conjunction with ISA 2004 they should be set up on two separate servers and ISA 2004 configured as upstream proxy and IWSS in dependent mode.

Ara.A -> RE: TrendMicro gateway products. . . (11.Dec.2004 3:29:00 AM)

Is trend micro definition is also including spy ware like kaspersky does? [Confused]

charlie66 -> RE: TrendMicro gateway products. . . (11.Dec.2004 10:03:00 PM)

Trend Micro uses separate definition files for virus, phishtraps and spyware.

You can enable two different forms of spyware protection.

Either through actual file scanning comparable to scanning for virus, or through URL blocking where a list of known, malicious websites is maintained.

Obviously you should use both in combination if you want to filter out spyware to the greatest extent.

I believe the scanning definitions are updated with the spyware definition file, whereas the URL blocking list is updated though the phishtrap definition (a list of urls). Both definition files are updated app. once a week.

tjcarst -> RE: TrendMicro gateway products. . . (13.Dec.2004 5:32:00 PM)

I have some questions on your configuration:

I have IWSS as the upstream proxy so that I have authentication on ISA 2004. This was the configuration recommended by Trend 19397

CLIENT (HTTP request) > ISA server > IWSS > WEB SERVER

However, none of my applications that use the firewall client work. This seems to be the opposite of your configuration. If I understand correctly, you have it like this and your clients are directed to use the IWSS server in their proxy settings:

CLIENT (HTTP request) > IWSS > ISA server > WEB SERVER

If I set up IWSS to listen on port 8080 and then have ISA 2004 as the upstream proxy, changing the port, how do I get authentication logs on ISA? ISA is on my trusted network and I planned on putting the IWSS in the DMZ. I think I will need IWSS in the trusted network to make it work, correct?



[ December 13, 2004, 08:08 PM: Message edited by: tjcarst ]

charlie66 -> RE: TrendMicro gateway products. . . (14.Dec.2004 12:14:00 AM)

My configuration is as you assume:

CLIENT (HTTP request) > IWSS > ISA server > WEB SERVER.

I use web proxy, and clients are pointed to IWSS in their proxy settings.

The following is copied from the install and config guide (p. 41):

"If you are using the HTTP proxy, you can configure it to function in stand-alone mode (no upstream proxy) or in dependent mode (with upstream proxy)."

Actually, I tested your configuration also a while ago - it's more intelligent since you scan content once and serve it to many users. The downside is that in order to have max. security, you need to clear the ISA cache whenever the pattern files are updated (several times a week, sometimes several times a day). Trend does offer the ICAP mode for this scenario (but ISA 2004 is not ICAP compliant).

I didn't see any issues with this config though, but again using web proxy only, and having the client proxy point to ISA 2004 (or using wpad entry).

Authentication and logging would have to take place on the IWSS (we don't use authentication and logging is done only on the IP address). Logging on ISA 2004 would have all requests to come from the IWSS server (but still usable for performance, cache hit ratio etc.).

But you should be able to use e.g. LDAP for authentication on the IWSS. I think the KB article deals with v. 1.0.1 where this feature was not available (but I haven't tested it). And IWSS does have some very nice and extensive logging and reporting facilities.

And I too would assume the IWSS box would have to be on your secured network, mine certainly is.

[ December 14, 2004, 12:15 AM: Message edited by: soren ]

Ara.A -> RE: TrendMicro gateway products. . . (14.Dec.2004 1:15:00 AM)

Are you happy with price,performance and support? I am thinking to put a new server on anew location so if I can pick GFI,McAfee or trendmicro [Confused]
It doesn't support 2004? [Wink]

[ December 14, 2004, 01:17 AM: Message edited by: Ara ]

TechFan -> RE: TrendMicro gateway products. . . (14.Dec.2004 4:14:00 AM)

Wow. . .lots of replies. . .I am not sure why I didn't get an email notification though. . .maybe that isn't an option here. . .hm.

So, in order to use the trendmicro products with ISA 2004, you must you two boxes? There is/was a plugin for ISA 2000 and the trend techs say that a ISA 2004 plugin should be available Q2 2005.

I was hoping to use ISA as my edge firewall and do the filtering on the same box. Gets expensive to have to have two win2k+ servers (and hardware) just to do that filtering. . .

We chose ISA server because we wanted to control access based on AD users and groups. We just received it yesterday and I am going to try starting to set it up. We are needing to purchase our trendmicro antivirus protection soon since our norton corporate is just running out. . .and getting neatsuite (with licenses for the gateway products) is a better deal - if I can make use of IWSS and IMSS(?). Otherwise it is better to just buy Officescan and ServerProtect. . .

tjcarst -> RE: TrendMicro gateway products. . . (14.Dec.2004 7:18:00 PM)

I want the logging at the ISA server, not the IWSS server. So I am guessing that I must have

Client -> ISA -> IWSS -> internet

For some reason, when I have IWSS set to standalone mode and point the ISA 2004 server at an upstream proxy (IWSS), my winsock apps do not work.

If I do it the other way, configure IWSS in dependent mode, the winsock apps do work. To enable logging using LDAP, users are prompted by IWSS to login. I do not want this prompt, so I cannot use LDAP. IP or hostname should not prompt.

[ December 16, 2004, 03:02 AM: Message edited by: tjcarst ]

Page: [1]