Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

29-3

Cisco ASDM User Guide

OL-16647-01

Chapter 29 Configuring Trend Micro Content Security

Managing the CSC SSM

• A service policy that determines which traffic is diverted to the SSM for scans.

In this example, the client could be a network user who is accessing a website, downloading files from

an FTP server, or retrieving e-mail from a POP3 server. SMTP scans differ in that you should configure

the adaptive security appliance to scan traffic sent from outside to SMTP servers protected by the

adaptive security appliance.

Note The CSC SSM can scan FTP file transfers only when FTP inspection is enabled on the adaptive security

appliance. By default, FTP inspection is enabled.

Figure 29-1 Flow of Scanned Traffic with CSC SSM

You use ASDM for system setup and monitoring of the CSC SSM. To configure content security policies

in the CSC SSM software, you click links within ASDM to access the web-based GUI for the CSC SSM.

The CSC SSM GUI appears in a separate web browser window. To access the CSC SSM, you must enter

the CSC SSM password. To use the CSC SSM GUI, see the Trend Micro InterScan for Cisco CSC SSM

Administrator Guide.

Note ASDM and the CSC SSM maintain separate passwords. You can configure their passwords to be

identical; however, changing one of these two passwords does not affect the other password.

The connection between the host running ASDM and the adaptive security appliance is made through a

management port on the adaptive security appliance. The connection to the CSC SSM GUI is made

through the SSM management port. Because these two connections are required to manage the CSC

SSM, any host running ASDM must be able to reach the IP address of both the adaptive security

appliance management port and the SSM management port.

Figure 29-2 shows an adaptive security appliance with a CSC SSM that is connected to a dedicated

management network. Although a dedicated management network is not required, we recommend that

you use one. This figure includes the following:

• An HTTP proxy server is connected to the inside network and to the management network to enable

the CSC SSM to contact the Trend Micro Update Server.

191296

Adaptive

Security Appliance

Main System

Request sent

Client

Reply forwarded

inside

modular

service

policy

Request forwarded

Reply sent

CSC SSM

Server

Diverted Traffic

content security scan

outside

previous next