Filter
Top Products
29-5
Cisco ASDM User Guide
OL-16647-01
Chapter 29 Configuring Trend Micro Content Security
Managing the CSC SSM
• Activation keys, received after completing Step 2.
• The SSM management port IP address, netmask, and gateway IP address. The SSM management
port IP address must be accessible by the hosts used to run ASDM. The IP addresses for the SSM
management port and the adaptive security appliance management interface can be in different
subnets.
• DNS server IP address.
• HTTP proxy server IP address (necessary only if your security policies require use of a proxy server
for HTTP access to the Internet).
• Domain name and hostname for the SSM.
• An e-mail address and an SMTP server IP address and port number, for e-mail notifications.
• IP addresses of hosts or networks that are allowed to manage the CSC SSM.
• Password for the CSC SSM.
Step 4 In ASDM, verify time settings on the security appliance. Time setting accuracy is important for logging
of security events and for automatic updates of the CSC SSM software.
• If you manually control time settings, verify the clock settings, including time zone. Choose
Configuration > > Device Setup > System Time > Clock.
• If you are using NTP, verify the NTP configuration. Choose Configuration > Device Setup >
System Time > NTP.
Step 5 Complete the CSC Setup Wizard.
• Choose Configuration > Trend Micro Content Security. Connect to and log in to the CSC SSM.
Choose CSC Setup > Wizard Setup, and then click Launch Setup Wizard.
• If you are rerunning the CSC Setup Wizard, perform the same steps listed in the previous bullet:
For assistance with the CSC Setup Wizard, click Help.
Step 6 Configure service policies to divert to the CSC SSM the traffic that you want scanned.
If you create a global policy to divert traffic for scans, all traffic (inbound and outbound) for the
supported protocols is scanned. To maximize performance of the adaptive security appliance and the
CSC SSM, scan traffic only from untrusted sources.
To view best practices for diverting traffic to the CSC SSM, see Determining What Traffic to Scan,
page 29-6.
If you want to create a global policy that diverts traffic for scans, perform the following steps:
a. Choose Configuration > Firewall > Service Policy Rules, and then click Add.
The Add Service Policy Rule Wizard screen appears.
b. Click the Global - applies to all interfaces option, and then click Next.
The Traffic Classification Criteria screen appears.
c. Click the Create a new traffic class option, type a name for the traffic class in the adjacent field,
check the Any traffic check box, and then click Next.
The Rule Actions screen appears.
d. Click the CSC Scan tab, and then check the Enable CSC scan for this traffic flow check box.
e. Choose whether the adaptive security appliance should permit or deny selected traffic to pass if the
CSC SSM is unavailable by making the applicable selection in the area labeled: If CSC card fails,
then.
f. Click Finish.