We are considering ISA 2004 and will be getting TrendMicro for antivirus. We have the ability to get their Gateway products as well under contract, but I am trying to see how they might work with ISA server. . .anyone used them? Thanks.
Trend Micro uses separate definition files for virus, phishtraps and spyware.
You can enable two different forms of spyware protection.
Either through actual file scanning comparable to scanning for virus, or through URL blocking where a list of known, malicious websites is maintained.
Obviously you should use both in combination if you want to filter out spyware to the greatest extent.
I believe the scanning definitions are updated with the spyware definition file, whereas the URL blocking list is updated though the phishtrap definition (a list of urls). Both definition files are updated app. once a week.
CLIENT (HTTP request) > ISA server > IWSS > WEB SERVER
However, none of my applications that use the firewall client work. This seems to be the opposite of your configuration. If I understand correctly, you have it like this and your clients are directed to use the IWSS server in their proxy settings:
CLIENT (HTTP request) > IWSS > ISA server > WEB SERVER
If I set up IWSS to listen on port 8080 and then have ISA 2004 as the upstream proxy, changing the port, how do I get authentication logs on ISA? ISA is on my trusted network and I planned on putting the IWSS in the DMZ. I think I will need IWSS in the trusted network to make it work, correct?
CLIENT (HTTP request) > IWSS > ISA server > WEB SERVER.
I use web proxy, and clients are pointed to IWSS in their proxy settings.
The following is copied from the install and config guide (p. 41):
"If you are using the HTTP proxy, you can configure it to function in stand-alone mode (no upstream proxy) or in dependent mode (with upstream proxy)."
Actually, I tested your configuration also a while ago - it's more intelligent since you scan content once and serve it to many users. The downside is that in order to have max. security, you need to clear the ISA cache whenever the pattern files are updated (several times a week, sometimes several times a day). Trend does offer the ICAP mode for this scenario (but ISA 2004 is not ICAP compliant).
I didn't see any issues with this config though, but again using web proxy only, and having the client proxy point to ISA 2004 (or using wpad entry).
Authentication and logging would have to take place on the IWSS (we don't use authentication and logging is done only on the IP address). Logging on ISA 2004 would have all requests to come from the IWSS server (but still usable for performance, cache hit ratio etc.).
But you should be able to use e.g. LDAP for authentication on the IWSS. I think the KB article deals with v. 1.0.1 where this feature was not available (but I haven't tested it). And IWSS does have some very nice and extensive logging and reporting facilities.
And I too would assume the IWSS box would have to be on your secured network, mine certainly is.
Wow. . .lots of replies. . .I am not sure why I didn't get an email notification though. . .maybe that isn't an option here. . .hm.
So, in order to use the trendmicro products with ISA 2004, you must you two boxes? There is/was a plugin for ISA 2000 and the trend techs say that a ISA 2004 plugin should be available Q2 2005.
I was hoping to use ISA as my edge firewall and do the filtering on the same box. Gets expensive to have to have two win2k+ servers (and hardware) just to do that filtering. . .
We chose ISA server because we wanted to control access based on AD users and groups. We just received it yesterday and I am going to try starting to set it up. We are needing to purchase our trendmicro antivirus protection soon since our norton corporate is just running out. . .and getting neatsuite (with licenses for the gateway products) is a better deal - if I can make use of IWSS and IMSS(?). Otherwise it is better to just buy Officescan and ServerProtect. . .
From: Lincoln, NE
I want the logging at the ISA server, not the IWSS server. So I am guessing that I must have
Client -> ISA -> IWSS -> internet
For some reason, when I have IWSS set to standalone mode and point the ISA 2004 server at an upstream proxy (IWSS), my winsock apps do not work.
If I do it the other way, configure IWSS in dependent mode, the winsock apps do work. To enable logging using LDAP, users are prompted by IWSS to login. I do not want this prompt, so I cannot use LDAP. IP or hostname should not prompt.