Filter
Top Products
29-6
Cisco ASDM User Guide
OL-16647-01
Chapter 29 Configuring Trend Micro Content Security
Managing the CSC SSM
The new service policy appears in the Service Policy Rules pane.
g. Click Apply.
The adaptive security appliance begins diverting traffic to the CSC SSM, which performs the content
security scans that have been enabled according to the license that you purchased.
Step 7 (Optional) Review the default content security policies in the CSC SSM GUI. The default content
security policies are suitable for most implementations. Modifying them requires advanced
configuration that you should perform only after reading the Trend Micro InterScan for Cisco CSC SSM
Administrator Guide.
Note You review the content security policies by viewing the enabled features in the CSC SSM GUI.
The availability of features depends on the license that you purchased. By default, all features
included in the license that you purchased are enabled.
With a Base License, the features enabled by default are SMTP virus scanning, POP3 virus
scanning and content filtering, webmail virus scanning, HTTP file blocking, FTP virus scanning
and file blocking, logging, and automatic updates.
With a Plus License, the additional features enabled by default are SMTP anti-spam, SMTP
content filtering, POP3 anti-spam, URL blocking, and URL filtering.
To access the CSC SSM GUI in ASDM, choose Configuration > Trend Micro Content
Security, and then click one of the following links: Web, Mail, File Transfer, or Updates. To
open the CSC SSM GUI, click one of the links in these panes.
Determining What Traffic to Scan
The CSC SSM can scan FTP, HTTP, POP3, and SMTP traffic; however, it supports these protocols only
when the destination port of the packet requesting the connection is the established port for the protocol.
The CSC SSM can scan only the following connections:
• FTP connections opened to TCP port 21.
• HTTP connections opened to TCP port 80.
• POP3 connections opened to TCP port 110.
• SMTP connections opened to TCP port 25.
You can choose to scan traffic for all of these protocols or any combination of them. For example, if you
do not allow network users to receive POP3 e-mail, you would not want to configure the adaptive
security appliance to divert POP3 traffic to the CSC SSM. You would want to block POP3 traffic instead.
To maximize performance of the adaptive security appliance and the CSC SSM, divert to the CSC SSM
only the traffic that you want the CSC SSM to scan. Diverting traffic that you do not want to scan, such
as traffic between a trusted source and destination, can adversely affect network performance.
Note When traffic is first classified for CSC inspection, it is flow-based. If traffic is part of a pre-existing
connection, the traffic goes directly to the policy set for that connection.