Information About the CSC SSM
Some ASA models support the CSC SSM, which runs Content Security and Control software. The CSC SSM provides protection against viruses, spyware, spam, and other unwanted traffic by scanning the FTP, HTTP/HTTPS, POP3, and SMTP packets that you configure the ASA to send to it.
For more information about the CSC SSM, see the following URL:
http://www.cisco.com/en/US/products/ps6823/index.html
Figure 32-1 shows the flow of traffic through an ASA that has the following:
-
A CSC SSM installed and configured.
-
A service policy that determines what traffic is diverted to the CSC SSM for scanning.
In this example, the client could be a network user who is accessing a website, downloading files from an FTP server, or retrieving mail from a POP3 server. SMTP scans differ in that you should configure the ASA to scan traffic sent from the outside to SMTP servers protected by the ASA.
Figure 32-1 Flow of Scanned Traffic with the CSC SSM
You use ASDM for system setup and monitoring of the CSC SSM. For advanced configuration of content security policies in the CSC SSM software, you access the web-based GUI for the CSC SSM by clicking links within ASDM. The CSC SSM GUI appears in a separate web browser window. To access the CSC SSM, you must enter the CSC SSM password. To use the CSC SSM GUI, see the
Cisco Content Security and Control SSM Administrator Guide
.
Note ASDM and the CSC SSM maintain separate passwords. You can configure their passwords to be identical; however, changing one of these two passwords does not affect the other password.
The connection between the host running ASDM and the ASA is made through a management port on the ASA. The connection to the CSC SSM GUI is made through the SSM management port. Because these two connections are required to manage the CSC SSM, any host running ASDM must be able to reach the IP address of both the ASA management port and the SSM management port.
Figure 32-2 shows an ASA with a CSC SSM that is connected to a dedicated management network. While use of a dedicated management network is not required, we recommend it. In this configuration, the following items are of particular interest:
-
An HTTP proxy server is connected to the inside network and to the management network. This HTTP proxy server enables the CSC SSM to contact the Trend Micro Systems update server.
-
The management port of the ASA is connected to the management network. To allow management of the ASA and the CSC SSM, hosts running ASDM must be connected to the management network.
-
The management network includes an SMTP server for e-mail notifications for the CSC SSM and a syslog server to which the CSC SSM can send syslog messages.
Figure 32-2 CSC SSM Deployment with a Management Network
Determining What Traffic to Scan
The CSC SSM can scan FTP, HTTP/HTTPS, POP3, and SMTP traffic only when the destination port of the packet requesting the connection is the well-known port for the specified protocol. The CSC SSM can scan only the following connections:
-
FTP connections opened to TCP port 21.
-
HTTP connections opened to TCP port 80.
-
HTTPS connections opened to TCP port 443.
-
POP3 connections opened to TCP port 110.
-
SMTP connections opened to TCP port 25.
You can choose to scan traffic for all of these protocols or any combination of them. For example, if you do not allow network users to receive POP3 e-mail, do not configure the ASA to divert POP3 traffic to the CSC SSM. Instead, block this traffic.
To maximize performance of the ASA and the CSC SSM, divert only the traffic to the CSC SSM that you want the CSC SSM to scan. Diverting traffic that you do not want scanned, such as traffic between a trusted source and destination, can adversely affect network performance.
Note When traffic is first classified for CSC inspection, it is flow-based. If traffic is part of a pre-existing connection, the traffic goes directly to the service policy set for that connection.
You can apply service policies that include CSC scanning globally or to specific interfaces; therefore, you can choose to enable CSC scans globally or for specific interfaces. For more information, see the “Determining Service Policy Rule Actions for CSC Scanning” section.
Based on the configuration shown in Figure 32-3, configure the ASA to divert to the CSC SSM only requests from clients on the inside network for HTTP, FTP, and POP3 connections to the outside network, and incoming SMTP connections from outside hosts to the mail server on the DMZ network. Exclude from scanning HTTP requests from the inside network to the web server on the DMZ network.
Figure 32-3 Common Network Configuration for CSC SSM Scanning
There are many ways you could configure the ASA to identify the traffic that you want to scan. One approach is to define two service policies: one on the inside interface and the other on the outside interface, each with ACLs that match traffic to be scanned.
Figure 32-4 shows service policy rules that select only the traffic that the ASA should scan.
Figure 32-4 Optimized Traffic Selection for CSC Scans
In the inside-policy, the first class, inside-class1, ensures that the ASA does not scan HTTP traffic between the inside network and the DMZ network. The Match column indicates this setting by displaying the “Do not match” icon. This setting does not mean the ASA blocks traffic sent from the 192.168.10.0 network to TCP port 80 on the 192.168.20.0 network. Instead, this setting exempts the traffic from being matched by the service policy applied to the inside interface, which prevents the ASA from sending the traffic to the CSC SSM.
The second class of the inside-policy, inside-class matches FTP, HTTP, and POP3 traffic between the inside network and any destination. HTTP connections to the DMZ network are exempted because of the inside-class1 setting. As previously mentioned, policies that apply CSC scanning to a specific interface affect both incoming and outgoing traffic, but by specifying 192.168.10.0 as the source network, inside-class1 matches only connections initiated by the hosts on the inside network.
In the outside-policy, outside-class matches SMTP traffic from any outside source to the DMZ network. This setting protects the SMTP server and inside users who download e-mail from the SMTP server on the DMZ network, without having to scan connections from SMTP clients to the server.
If the web server on the DMZ network receives files uploaded by HTTP from external hosts, you can add a rule to the outside policy that matches HTTP traffic from any source to the DMZ network. Because the policy is applied to the outside interface, the rule would only match connections from HTTP clients outside the ASA.
Configuring the CSC SSM
This section describes how to configure the CSC SSM and includes the following topics:
Before Configuring the CSC SSM
Before configuring the ASA and the CSC SSM, perform the following steps:
Step 1 If the CSC SSM did not come preinstalled in a Cisco ASA, install it and connect a network cable to the management port of the SSM. For assistance with installation and connecting the SSM, see the
Cisco ASA 5500 Series Quick Start Guide
.
The management port of the CSC SSM must be connected to your network to allow management of and automatic updates to the CSC SSM software. Additionally, the CSC SSM uses the management port for e-mail notifications and syslog messages.
Step 2 You should have received a Product Authorization Key (PAK) with the CSC SSM. Use the PAK to register the CSC SSM at the following URL.
http://www.cisco.com/go/license
After you register, you receive activation keys by e-mail. The activation keys are required before you can complete Step 6.
Step 3 Obtain the following information for use in Step 6:
-
Activation keys
-
CSC SSM management port IP address, netmask, and gateway IP address
-
DNS server IP address
-
HTTP proxy server IP address (needed only if your security policies require the use of a proxy server for HTTP access to the Internet)
-
Domain name and hostname for the CSC SSM
-
An e-mail address, and SMTP server IP address and port number for e-mail notifications
-
E-mail address(es) for product license renewal notifications
-
IP addresses of hosts or networks that are allowed to manage the CSC SSM
-
Password for the CSC SSM
Step 4 In a web browser, access ASDM for the ASA in which the CSC SSM is installed.
Note If you are accessing ASDM for the first time, see the “Additional References” section.
For more information about enabling ASDM access, see the “Configuring ASA Access for ASDM, Telnet, or SSH” section in the general operations configuration guide.
Step 5 Verify time settings on the ASA. Time setting accuracy is important for logging of security events and for automatic updates of CSC SSM software. Do one of the following:
-
If you manually control time settings, verify the clock settings, including time zone. Choose
Configuration > Properties > Device Administration > Clock
.
-
If you are using NTP, verify the NTP configuration. Choose
Configuration > Properties > Device Administration > NTP
.
Step 6 Open ASDM.
Step 7 Connect to and log in to the CSC SSM. For instructions, see the “Connecting to the CSC SSM” section.
Step 8 Run the CSC Setup Wizard.
-
To access the CSC Setup Wizard, choose
Configuration > Trend Micro Content Security > CSC Setup > Wizard Setup > Launch Setup Wizard
.
-
If you are rerunning the CSC Setup Wizard, perform the same step listed in the previous bullet.
The CSC Setup Wizard appears.
Step 9 Complete the CSC Setup Wizard, which includes configuration of service policies to divert traffic that you want scanned to the CSC SSM.
Note If you create a global service policy to divert traffic for CSC scans, all traffic (inbound and outbound) for the supported protocols is scanned. To maximize performance of the ASA and the CSC SSM, scan traffic only from untrusted sources.
Step 10 To reduce the load on the CSC SSM, configure the service policy rules that send packets to the CSC SSM to support only HTTP/HTTPS, SMTP, POP3, or FTP traffic. For instructions, see the “Determining Service Policy Rule Actions for CSC Scanning” section.
Step 11 (Optional) Review the default content security policies in the CSC SSM GUI, which are suitable for most implementations. You review the content security policies by viewing the enabled features in the CSC SSM GUI. For the availability of features, see the “Licensing Requirements for the CSC SSM” section. For the default settings, see the “Default Settings” section.
Connecting to the CSC SSM
With each session you start in ASDM, the first time you access features related to the CSC SSM, you must specify the management IP address and provide the password for the CSC SSM. After you successfully connect to the CSC SSM, you are not prompted again for the management IP address and password. If you start a new ASDM session, the connection to the CSC SSM is reset and you must specify the IP address and the CSC SSM password again. The connection to the CSC SSM is also reset if you change the time zone on the ASA.
Note The CSC SSM has a password that is maintained separately from the ASDM password. You can configure the two passwords to be identical, but changing the CSC SSM password does not affect the ASDM password.
To connect to the CSC SSM, perform the following steps:
Step 1 In the ASDM main application window, click the
Content Security
tab.
Step 2 In the Connecting to CSC dialog box, click one of the following radio buttons:
-
To connect to the IP address of the management port on the SSM, click
Management IP Address
. ASDM automatically detects the IP address for the SSM in the ASA. If this detection fails, you can specify the management IP address manually.
-
To connect to an alternate IP address or hostname on the SSM, click
Other IP Address or Hostname
.
Step 3 Enter the port number in the Port field, and then click
Continue
.
Step 4 In the CSC Password field, type your CSC password, and then click
OK
.
Note If you have not completed the CSC Setup Wizard (choose Configuration > Trend Micro Content Security > CSC Setup > Wizard Setup), complete the configuration in the CSC Setup Wizard, which includes changing the default password, “cisco.”
For ten minutes after you have entered the password, you do not need to reenter the CSC SSM password to access other parts of the CSC SSM GUI.
Step 5 To access the CSC SSM GUI, choose
Configuration > Trend Micro Content Security
, and then click one of the following tabs:
Web
,
Mail
,
File Transfer
, or
Updates
.
Determining Service Policy Rule Actions for CSC Scanning
The CSC SSM scans only HTTP/HTTPS, SMTP, POP3, and FTP traffic. If your service policy includes traffic that supports other protocols in addition to these four, packets for other protocols are passed through the CSC SSM without being scanned. You should configure the service policy rules that send packets to the CSC SSM to support only HTTP/HTTPS, SMTP, POP3, or FTP traffic.
The CSC Scan
tab in the Add Service Policy Rule Wizard lets you determine whether or not the CSC SSM scans traffic identified by the current traffic class. This tab appears only if a CSC SSM is installed in the ASA.
To configure service policy rules for CSC scanning, perform the following steps:
Step 1 In the ASDM main application window, choose
Configuration > Firewall > Service Policy Rules
.
Step 2 On the toolbar, click
Add
.
The Add Service Policy Rule Wizard screen appears.
Step 3 Click the
Global - applies to all interfaces
option, and then click
Next
.
The Traffic Classification Criteria screen appears.
Step 4 Click the
Create a new traffic class
option, type a name for the traffic class in the adjacent field, check the
Any traffic
check box, and then click
Next
.
The Rule Actions screen appears.
Step 5 Click the
CSC Scan
tab, and then check the
Enable CSC scan for this traffic flow
check box.
Step 6 Choose whether the ASA should permit or deny selected traffic to pass if the CSC SSM is unavailable by making the applicable selection in the area labeled: If CSC card fails, then. When this check box is checked, the other parameters on this tab become active.
Step 7 In the If CSC card fails area, if the CSC SSM becomes inoperable, choose one of the following actions:
-
To allow traffic, check the
Permit traffic
check box.
-
To block traffic, check the
Close traffic
check box.
Step 8 Click
Finish
.
The new service policy rule appears in the Service Policy Rules pane.
Step 9 Click
Apply
.
The ASA begins diverting traffic to the CSC SSM, which performs the content security scans that have been enabled according to the license that you purchased.
CSC SSM Setup Wizard
The CSC Setup Wizard lets you configure basic operational parameters for the CSC SSM. You must complete this wizard at least once before you can configure options in each screen separately. After you complete the CSC Setup Wizard, you can modify each screen individually without using this wizard again.
Additionally, you cannot access the panes under Configuration > Trend Micro Content Security > CSC Setup or under Monitoring > Trend Micro Content Security > Content Security until you complete the CSC Setup Wizard. If you try to access these panes before completing this wizard, a dialog box appears and lets you access the wizard directly to complete the configuration.
To start the CSC Setup Wizard, click
Launch Setup Wizard
.
This section includes the following topics:
Activation/License
The Activation/License pane lets you review or renew activation codes for the CSC SSM Basic License and the Plus License.
You can use ASDM to configure CSC licenses only once each for the two licenses. Renewed license activation codes are downloaded automatically with scheduled software updates. Links to the licensing status pane and the CSC UI home pane appear at the bottom of this window. The serial number for the assigned license is filled in automatically.
To review license status or renew a license, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > CSC Setup > Activation/License.
Step 2 The Activation/License pane shows the following display-only information for the Basic License and the Plus License:
-
The name of the component.
-
The activation code for the corresponding Product field.
-
The status of the license. If the license is valid, the expiration date appears. If the expiration date has passed, this field indicates that the license has expired.
-
The maximum number of network devices that the Basic License supports. The Plus License does not affect the number of network devices supported; therefore, the Nodes field does not appear in the Plus License area. The Basic License includes anti-virus, anti-spyware, and file blocking. The Plus License includes anti-spam, anti-phishing, content filtering, URL blocking and filtering, and web reputation.
Step 3 To review license status or renew your license, click the link provided.
Step 4 To go to the CSC home pane in ASDM, click the link provided.
IP Configuration
The IP Configuration pane lets you configure management access for the CSC SSM, the DNS servers it should use, and a proxy server for retrieving CSC SSM software updates.
To configure management access and other related details for the CSC SSM, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > CSC Setup > IP Configuration
.
Step 2 Set the following parameters for management access to the CSC SSM:
-
Enter the IP address for management access to the CSC SSM.
-
Enters the netmask for the network containing the management IP address of the CSC SSM.
-
Enter the IP address of the gateway device for the network that includes the management IP address of the CSC SSM.
Step 3 Set parameters of the DNS servers for the network that includes the management IP address of the CSC SSM.
-
Enter the IP address of the primary DNS server.
-
(Optional) Enter the IP address of the secondary DNS server, if configured.
Step 4 (Optional) Enter parameters for an HTTP proxy server, used by the CSC SSM to contact a CSC SSM software update server. If your network configuration does not require the CSC SSM to use a proxy server, leave the fields in this group blank.
-
Enter the IP address of the proxy server, if configured.
-
Enter the listening port of the proxy server, if configured.
Host/Notification Settings
The Host/Notification Settings pane lets you configure details about hostname, domain name, e-mail notifications, and a domain name for e-mail to be excluded from detailed scanning.
To configure host and notification settings, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > CSC Setup > Host/Notification Settings
.
Step 2 In the Host and Domain Names area, set the hostname and domain name of the CSC SSM.
Step 3 In the Incoming E-mail Domain Name area, set the trusted incoming e-mail domain name for SMTP-based e-mail. The CSC SSM scans SMTP e-mail sent to this domain. The types of threats that the CSC SSM scans for depend on the license that you purchased for the CSC SSM and the configuration of the CSC SSM software.
Note CSC SSM lets you configure a list of many incoming e-mail domains. ASDM displays only the first domain in the list. To configure additional incoming e-mail domains, access the CSC SSM interface. To do so, choose Configuration > Trend Micro Content Security > CSC Setup > Mail, and then click one of the links. After logging in to the CSC SSM, choose Mail (SMTP) > Configuration, and then click the Incoming Mail tab.
Step 4 Configure the following settings for e-mail notification of events:
-
The administrator e-mail address for the account to which notification e-mails should be sent.
-
The IP address of the SMTP server.
-
The port to which the SMTP server listens.
-
The e-mail address(es) for the product license renewal to which notification e-mails should be sent. Separate multiple e-mail addresses with semicolons. The maximum number of characters allowed for e-mail addresses is 1024. Make sure that the specified e-mail addresses are valid.
Management Access Host/Networks
The Management Access Host/Networks pane lets you specify the hosts and networks for which management access to the CSC SSM is permitted. You must specify at least one permitted host or network, up to a maximum of eight permitted hosts or networks.
To specify hosts and networks for which management access to the CSC SSM is allowed, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > CSC Setup > Management Access Host/Networks
.
Step 2 Enter the IP address of a host or network that you want to add to the Selected Hosts/Network list.
Step 3 Enter the netmask for the host or network that you specified in the IP Address field.
Note To allow all hosts and networks, enter 0.0.0.0 in the IP Address field, and choose 0.0.0.0 from the Mask list.
The Selected Hosts/Networks list displays the hosts or networks trusted for management access to the CSC SSM.
Step 4 To add the host or network that you specified in the IP Address field in the Selected Hosts/Networks list, click
Add
.
The Selected Hosts/Networks table lists the IP addresses of networks and hosts whose connection to the CSC SSM you have added.
Step 5 To remove a host or network from the Selected Hosts/Networks list, choose an entry from the list and click
Delete
.
Password
The Password pane lets you change the password required for management access to the CSC SSM. The CSC SSM has a password that is maintained separately from the ASDM password. You can configure them to be identical; however, changing the CSC SSM password does not affect the ASDM password.
If ASDM is connected to the CSC SSM and you change the CSC SSM password, the connection to the CSC SSM is dropped. As a result, ASDM displays a confirmation dialog box that you must respond to before the password is changed.
Tip Whenever the connection to the CSC SSM is dropped, you can reestablish it. To do so, click the Connection to Device icon on the status bar to display the Connection to Device dialog box, and then click Reconnect. ASDM prompts you for the CSC SSM password, which is the new password that you have defined.
Passwords must be 5 - 32 characters long.
Passwords appears as asterisks when you type them.
Note The default password is “cisco.”
To change the password required for management access to the CSC SSM, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > CSC Setup > Password
.
Step 2 In the Old Password field, enter the current password for management access to the CSC SSM.
Step 3 In the New Password field, enter the new password for management access to the CSC SSM.
Step 4 In the Confirm New Password field, reenter the new password for management access to the CSC SSM.
Restoring the Default Password
You can use ASDM to reset the CSC SSM password. You can reset this password to the default value, which is “cisco” (excluding quotation marks). If the CSC password-reset policy has been set to “Denied,” then you cannot reset the password through the ASDM CLI. To change this policy, you must access the CSC SSM through the ASA CLI by entering the
session
command. For more information, see the
Cisco Content Security and Control SSM Administrator Guide
.
Note This option does not appear in the menu if an SSM is not installed.
To reset the CSC SSM password to the default value, perform the following steps:
Step 1 Choose
Tools > CSC Password Reset
.
The CSC Password Reset confirmation dialog box appears.
Step 2 Click
OK
to reset the CSC SSM password to the default value.
A dialog box appears, indicating the success or failure of the password reset. If the password was not reset, make sure you are using Version 8.0(2) software on the ASA and the most recent Version 6.1.x software on the CSC SSM.
Step 3 Click
Close
to close the dialog box.
Step 4 After you have reset the password, you should change it to a unique value.
Wizard Setup
The Wizard Setup screen lets you start the CSC Setup Wizard. To start the CSC Setup Wizard, click
Launch Setup Wizard
. To access the Wizard Setup screen, choose
Configuration > Trend Micro Content Security > CSC Setup > Wizard Setup
.
Before you can directly access any of the other screens under CSC Setup, you must complete the CSC Setup Wizard. This wizard includes the following screens:
After you complete the CSC Setup Wizard once, you can change any settings in screens related to the CSC SSM without using the CSC Setup Wizard again.
CSC Setup Wizard Activation Codes Configuration
To display the activation codes that you have entered to enable features on the CSC SSM, perform the following steps:
Choose
Configuration > Trend Micro Content Security > CSC Setup > Activation/License
.
The activation code settings that you have made appear on this screen, according to the type of license you have, as follows:
-
The activation code for the Basic License appears. The Basic License includes anti-virus, anti-spyware, and file blocking.
-
The activation code for the Plus License appears, if you have entered one. If not, this field is blank. The Plus License includes anti-spam, anti-phishing, content filtering, URL blocking and filtering, and web reputation.
CSC Setup Wizard IP Configuration
To display the IP configuration settings that you have entered for the CSC SSM, perform the following steps:
Choose
Configuration > Trend Micro Content Security > CSC Setup > IP Configuration
.
The IP configuration settings that you have entered for the CSC SSM appear, including the following:
-
The IP address for the management interface of the CSC SSM.
-
The network mask for the management interface of the CSC SSM that you have selected from the drop-down list.
-
The IP address of the gateway device for the network that contains the CSC SSM management interface.
-
The primary DNS server IP address.
-
The secondary DNS server IP address (if configured).
-
The proxy server (if configured).
-
The proxy port (if configured).
CSC Setup Wizard Host Configuration
To display the host configuration settings that you have entered for the CSC SSM, perform the following steps:
Choose
Configuration > Trend Micro Content Security > CSC Setup > Host Configuration
.
The host configuration settings that you have entered for the CSC SSM appear, including the following:
-
The hostname of the CSC SSM.
-
The name of the domain in which the CSC SSM resides.
-
The domain name for incoming e-mail.
-
The e-mail address of the domain administrator.
-
The IP address of the SMTP server.
-
The port to which the SMTP server listens.
-
The e-mail address(es) for the product license renewal notification.
CSC Setup Wizard Management Access Configuration
To display the subnet and host settings that you have entered to grant access to the CSC SSM, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > CSC Setup > Management Access Configuration
.
The management access configuration settings that you have entered for the CSC SSM appear, including the following:
-
The IP address for networks and hosts that are allowed to connect to the CSC SSM.
-
The network mask for networks and hosts that are allowed to connect to the CSC SSM that you have selected from the drop-down list.
Step 2 To add the IP address of the networks and hosts that you want to allow to connect to the CSC SSM, click
Add
.
Step 3 To remove the IP address of a network or host whose ability to connect to the CSC SSM you no longer want, click
Delete
.
The Selected Hosts/Networks table lists the IP addresses of networks and hosts whose connection to the CSC SSM you have added.
CSC Setup Wizard Password Configuration
To change the password required for management access to the CSC SSM, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > CSC Setup > Password
.
Step 2 In the Old Password field, enter the current password for management access to the CSC SSM.
Step 3 In the New Password field, enter the new password for management access to the CSC SSM.
Step 4 In the Confirm New Password field, reenter the new password for management access to the CSC SSM.
CSC Setup Wizard Traffic Selection for CSC Scan
To display the settings that you have made to select traffic for CSC scanning, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > CSC Setup > Traffic Selection for CSC Scan
.
The traffic selection for CSC scanning configuration settings that you have entered for the CSC SSM appear, including the following:
-
The interface to the CSC SSM that you have chosen from the drop-down list.
-
The source of network traffic for the CSC SSM to scan.
-
The destination of network traffic for the CSC SSM to scan.
-
The source or destination service for the CSC SSM to scan.
Step 2 Do one of the following:
Specifying Traffic for CSC Scanning
To define, modify, or remove additional settings for selecting traffic for CSC scanning, perform the following steps:
Step 1 In the Traffic Selection for CSC Scan screen, click
Specify traffic for CSC Scan
.
The Specify traffic for CSC Scan dialog box appears.
Step 2 Choose the type of interface to the CSC SSM from the drop-down list. Available settings are global (all interfaces), inside, management, and outside.
Step 3 Choose the source of network traffic for the CSC SSM to scan from the drop-down list.
Step 4 Choose the destination of network traffic for the CSC SSM to scan from the drop-down list.
Step 5 Choose the type of service for the CSC SSM to scan from the drop-down list.
Step 6 Enter a description for the network traffic that you define for the CSC SSM to scan.
Step 7 Specify whether or not to allow the CSC SSM to scan network traffic if the CSC card fails. Choose one of the following options:
-
To allow traffic through without being scanned, click
Permit
.
-
To prevent traffic from going through without being scanned, click
Close
.
Step 8 Click
OK
to save your settings.
The added traffic details appear on the CSC Setup Wizard Traffic selection for CSC Scan screen.
Step 9 Click
Cancel
to discard these settings and return to the CSC Setup Wizard Traffic selection for CSC Scan screen. If you click
Cancel
, ASDM displays a dialog box to confirm your decision.
CSC Setup Wizard Summary
To review the settings that you have made with the CSC Setup Wizard, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > CSC Setup > Summary
.
The CSC Setup Wizard Summary screen shows the following display-only settings:
-
The settings that you made in the Activation Codes Configuration screen, including the Base License activation code and the Plus License activation code, if you entered one. If not, this field is blank.
-
The settings that you made in the IP Configuration screen, including the following information:
– IP address and netmask for the management interface of the CSC SSM.
– IP address of the gateway device for the network that includes the CSC SSM management interface.
– Primary DNS server IP address.
– Secondary DNS server IP address (if configured).
– Proxy server and port (if configured).
-
The settings that you made in the Host Configuration screen, including the following information:
– Hostname of the CSC SSM.
– Domain name for the domain that includes the CSC SSM.
– Domain name for incoming e-mail.
– Administrator e-mail address.
– E-mail server IP address and port number.
– E-mail address(es) for product licensing renewal notifications.
-
The settings that you made in the Management Access Configuration screen. The drop-down list includes the hosts and networks from which the CSC SSM allows management connections.
-
Indicates whether or not you have changed the password in the Password Configuration screen.
Step 2 (Optional) Click
Back
to return to the previous screens of the CSC Setup Wizard to change any settings.
Note The Next button is dimmed; however, if you click Back to access any of the preceding screens in this wizard, click Next to return to the Summary screen.
Step 3 Click
Finish
to complete the CSC Setup Wizard and save all settings that you have specified. After you click
Finish
, you can change any settings related to the CSC SSM without using the CSC Setup Wizard again.
A summary of the status of commands that were sent to the device appears.
Step 4 Click
Close
to close this screen, and then click
Next
.
A message appears indicating that the CSC SSM has been activated and is ready for use.
Step 5 (Optional) Click
Cancel
to exit the CSC Setup Wizard without saving any of the selected settings. If you click
Cancel
, a dialog box appears to confirm your decision.
Using the CSC SSM GUI
This section describes how to configure features using the CSC SSM GUI, and includes the following topics:
Web
Note To access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open.
To view whether or not web-related features are enabled and access the CSC SSM GUI for configuring these features, perform the following steps:
Step 1 Choose
Configuration > Trend Micro Content Security > Web
.
The URL Blocking and Filtering area is display-only and shows whether or not URL blocking is enabled on the CSC SSM.
Step 2 Click
Configure URL Blocking
to open a screen for configuring URL blocking on the CSC SSM.
The URL Filtering area is display-only and shows whether or not URL filtering is enabled on the CSC SSM.
Step 3 Click
Configure URL Filtering
to open a screen for configuring URL filtering rules on the CSC SSM.
The File Blocking area is display-only and shows whether or not URL file blocking is enabled on the CSC SSM.
Step 4 Click
Configure File Blocking
to open a screen for configuring file blocking settings on the CSC SSM.
The HTTP Scanning area is display-only and shows whether or not HTTP scanning is enabled on the CSC SSM.
Step 5 Click
Configure Web Scanning
to open a screen for configuring HTTP scanning settings on the CSC SSM.
The Web Reputation area is display-only and shows whether or not the Web Reputation service is enabled on the CSC SSM.
Step 6 Click
Configure Web Reputation
to open a screen for configuring the Web Reputation service on the CSC SSM.
Mail
The Mail pane lets you see whether or not e-mail-related features are enabled and lets you access the CSC SSM GUI to configure these features. To configure e-mail related features, choose
Configuration > Trend Micro Content Security > Mail
.
This section includes the following topics:
SMTP Tab
Note To access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open.
To configure SMTP scanning, perform the following steps:
Step 1 Click the
SMTP
Tab.
Step 2 The Incoming Scan area is display-only and shows whether or not the incoming SMTP scanning feature is enabled on the CSC SSM. Click
Configure Incoming Scan
to open a screen for configuring incoming SMTP scan settings on the CSC SSM.
Step 3 The Outgoing Scan area is display-only and shows whether or not the outgoing SMTP scanning feature is enabled on the CSC SSM. Click
Configure Outgoing Scan
to open a screen for configuring outgoing SMTP scan settings on the CSC SSM.
Step 4 The Incoming Filtering area is display-only and shows whether or not content filtering for incoming SMTP e-mail is enabled on the CSC SSM. Click
Configure
Incoming Filtering
to open a screen for configuring incoming SMTP e-mail content filtering settings on the CSC SSM.
Step 5 The Outgoing Filtering area is display-only and shows whether or not content filtering for outgoing SMTP e-mail is enabled on the CSC SSM. Click
Configure
Outgoing Filtering
to open a screen for configuring outgoing SMTP e-mail content filtering settings on the CSC SSM.
Step 6 The Anti-spam area is display-only and shows whether or not the SMTP anti-spam feature is enabled on the CSC SSM. Click
Configure
Anti-spam
to open a screen for configuring SMTP anti-spam settings, including E-mail Reputation, on the CSC SSM.
Step 7 The Global Approved List area is display-only and shows whether or not the SMTP global approved list feature is enabled on the CSC SSM. Click
Configure Global Approved List
to open a screen for configuring SMTP global approved list settings on the CSC SSM.
POP3 Tab
Note To access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open.
To configure POP3 scanning, perform the following steps:
Step 1 Click the
POP3
Tab.
Step 2 The Scanning area is display-only and shows whether or not POP3 e-mail scanning is enabled on the CSC SSM. Click
Configure Scanning
to open a window for configuring POP3 e-mail scanning on the CSC SSM.
Step 3 The Anti-spam area is display-only and shows whether or not the POP3 anti-spam feature is enabled on the CSC SSM. Click
Configure Anti-spam
to open a window for configuring the POP3 anti-spam feature on the CSC SSM.
Step 4 The Content Filtering area is display-only and shows whether or not POP3 e-mail content filtering is enabled on the CSC SSM. Click
Configure Content Filtering
to open a window for configuring POP3 e-mail content filtering on the CSC SSM.
Step 5 The Global Approved List area is display-only and shows whether or not the POP3 global approved list feature is enabled on the CSC SSM. Click
Configure Global Approved List
to open a screen for configuring POP3 global approved list settings on the CSC SSM.
File Transfer
The File Transfer pane lets you view whether or not FTP-related features are enabled and lets you access the CSC SSM for configuring FTP-related features.
Note To access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open.
To view the status or configure FTP-related features, perform the following steps:
Step 1 Click the
File Transfer
tab.
The File Scanning area is display-only and shows whether or not FTP file scanning is enabled on the CSC SSM.
Step 2 Click
Configure File Scanning
to open a window for configuring FTP file scanning settings on the CSC SSM.
The File Blocking area is display-only and shows whether or not FTP blocking is enabled on the CSC SSM.
Step 3 Click
Configure File Blocking
to open a window for configuring FTP file blocking settings on the CSC SSM.
Updates
The Updates pane lets you view whether or not scheduled updates are enabled and lets you access the CSC SSM for configuring scheduled updates.
Note To access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open.
To view the status or configure scheduled update settings, perform the following steps:
Step 1 Click the
Updates
tab.
The Scheduled Updates area is display-only and shows whether or not scheduled updates are enabled on the CSC SSM.
The Scheduled Update Frequency area displays information about when updates are scheduled to occur, such as “Hourly at 10 minutes past the hour.”
The Component area displays names of parts of the CSC SSM software that can be updated.
In the Components area, the Scheduled Updates area is display-only and shows whether or not scheduled updates are enabled for the corresponding components.
Step 2 Click
Configure Updates
to open a window for configuring scheduled update settings on the CSC SSM.
Note If you restart the ASA, the SSM is not automatically restarted. For more information, see the “Managing SSMs and SSCs” section in the CLI configuration guide.
Monitoring the CSC SSM
ASDM lets you monitor the CSC SSM statistics as well as CSC SSM-related features.
Note If you have not completed the CSC Setup Wizard in Configuration > Trend Micro Content Security > CSC Setup, you cannot access the panes under Monitoring > Trend Micro Content Security. Instead, a dialog box appears and lets you access the CSC Setup Wizard directly from Monitoring > Trend Micro Content Security.
This section includes the following topics:
Threats
To view information about various types of threats detected by the CSC SSM in a graph, perform the following steps:
Step 1 Choose
Monitoring > Trend Micro Content Security > Threats
.
The Available Graphs area lists the components whose statistics you can view in a graph. You can include a maximum of four graphs in one frame. The graphs display real-time data in 12-second intervals for the following:
-
Viruses detected
-
URLs filtered, URLs blocked
-
Spam detected
-
Files blocked
-
Spyware blocked
-
Damage Cleanup Services
Step 2 The Graph Window Title lists the types of statistics available for monitoring. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time. The statistics already included in the graph window appear in the Selected Graphs list.
Step 3 To move the selected statistics type in the Available Graphs For list to the Selected Graphs list, click
Add
.
Step 4 To remove the selected statistics type from the Selected Graphs list, click
Remove
. The button name changes to
Delete
if the item you are removing was added from another pane, and is not being returned to the Available Graphs pane.
Step 5 To display a new window that shows a Graph tab and an updated graph with the selected statistics, click
Show Graphs
. Click the
Table
tab to display the same information in tabular form.
Step 6 From the Graph or Table tab, click
Export
in the menu bar or choose
File > Export
to save the graph or tabular information as a file on your local PC.
Step 7 From the Graph or Table tab, click
Print
in the menu bar or choose
File > Print
to print the information displayed in the window.
Live Security Events
To view live, real-time security events in a separate window, perform the following steps:
Step 1 Choose
Monitoring > Trend Micro Content Security > Live Security Events
.
The Buffer Limit field shows the maximum number of log messages that you may view. The default is 1000.
Step 2 Click
View
to display the Live Security Events Log dialog box. You can pause incoming messages, clear the message window, and save event messages. You can also search messages for specific text.
Live Security Events Log
To view live security events messages that are received from the CSC SSM, perform the following steps:
Step 1 To filter security event messages from the Filter By drop-down list, choose one of the following:
-
Filter by Text, type the text, then click
Filter
.
-
Show All, to display all messages or remove the filter.
Step 2 To use the Latest CSC Security Events pane, in which all columns are
display-only
, choose one of the following options:
-
The time an event occurred.
-
The IP address or hostname from which the threat came.
-
The type of threat, or the security policy that determines event handling, or in the case of a URL filtering event, the filter that triggered the event.
-
The subject of e-mails that include a threat, or the names of FTP files that include a threat, or blocked or filtered URLs.
-
The recipient of e-mails that include a threat, or the IP address or hostname of a threatened node, or the IP address of a threatened client.
-
The type of event (such as Web, Mail, or FTP), or the name of a user or group for HTTP or FTP events, which include a threat.
-
The action taken upon the content of a message, such as cleaning attachments or deleting attachments.
-
The action taken on a message, such as delivering it unchanged, delivering it after deleting the attachments, or delivering it after cleaning the attachments.
Step 3 To search security event messages based on the text that you enter, choose one of the following:
-
In the Text field, enter the text to search for in the security event messages log, then click
Find Messages
.
-
To find the next entry that matches the text you typed in this field, click
Find
.
Step 4 To pause scrolling of the Latest CSC Security Events pane, click
Pause
. To resume scrolling of the Latest CSC Security Events pane, click
Resume
.
Step 5 To save the log to a file on your PC, click
Save
.
Step 6 To clear the list of messages shown, click
Clear Display
.
Step 7 To close the pane and return to the previous one, click
Close
.
Software Updates
To view information about CSC SSM software updates, choose
Monitoring > Trend Micro Content Security > Software Updates
.
The Software Updates pane displays the following information, which is refreshed automatically about every 12 seconds:
-
The names of parts of the CSC SSM software that can be updated.
-
The current version of the corresponding component.
-
The date and time that the corresponding component was last updated. If the component has not been updated since the CSC SSM software was installed, None appears in this column.
-
The date and time that ASDM last received information about CSC SSM software updates.
Resource Graphs
The ASA lets you monitor CSC SSM status, including CPU resources and memory usage. This section includes the following topics:
CSC CPU
To view CPU usage by the CSC SSM in a graph, perform the following steps:
Step 1 Choose
Monitoring > Trend Micro Content Security > Resource Graphs > CSC CPU
.
The CSC CPU pane displays the components whose statistics you can view in a graph, including statistics for CPU usage on the CSC SSM.
Step 2 To continue, go to Step 2 of the “Threats” section.
CSC Memory
To
view information about memory usage on the CSC SSM in a graph, perform the following steps:
Step 1 Choose
Monitoring > Trend Micro Content Security > Resource Graphs > CSC Memory
.
The Available Graphs area lists the components whose statistics you can view in a graph, including the following:
-
The amount of memory not in use.
-
The amount of memory in use.
Step 2 To continue, go to Step 2 of the “Threats” section.