Cisco Asdm 7 User Guide
Have a look at the manual Cisco Asdm 7 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
32-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard Activation/License The Activation/License pane lets you review or renew activation codes for the CSC SSM Basic License and the Plus License. You can use ASDM to configure CSC licenses only once each for the two licenses. Renewed license activation codes are downloaded automatically with scheduled software updates. Links to the licensing status pane and the CSC UI home pane appear at the bottom of this window. The serial number for the assigned license is filled in automatically. To review license status or renew a license, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > CSC Setup > Activation/License. Step 2The Activation/License pane shows the following display-only information for the Basic License and the Plus License: The name of the component. The activation code for the corresponding Product field. The status of the license. If the license is valid, the expiration date appears. If the expiration date has passed, this field indicates that the license has expired. The maximum number of network devices that the Basic License supports. The Plus License does not affect the number of network devices supported; therefore, the Nodes field does not appear in the Plus License area. The Basic License includes anti-virus, anti-spyware, and file blocking. The Plus License includes anti-spam, anti-phishing, content filtering, URL blocking and filtering, and web reputation. Step 3To review license status or renew your license, click the link provided. Step 4To go to the CSC home pane in ASDM, click the link provided. What to Do Next See the “IP Configuration” section on page 32-11. IP Configuration The IP Configuration pane lets you configure management access for the CSC SSM, the DNS servers it should use, and a proxy server for retrieving CSC SSM software updates. To configure management access and other related details for the CSC SSM, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > CSC Setup > IP Configuration. Step 2Set the following parameters for management access to the CSC SSM: Enter the IP address for management access to the CSC SSM. Enters the netmask for the network containing the management IP address of the CSC SSM. Enter the IP address of the gateway device for the network that includes the management IP address of the CSC SSM.
32-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard Step 3Set parameters of the DNS servers for the network that includes the management IP address of the CSC SSM. Enter the IP address of the primary DNS server. (Optional) Enter the IP address of the secondary DNS server, if configured. Step 4(Optional) Enter parameters for an HTTP proxy server, used by the CSC SSM to contact a CSC SSM software update server. If your network configuration does not require the CSC SSM to use a proxy server, leave the fields in this group blank. Enter the IP address of the proxy server, if configured. Enter the listening port of the proxy server, if configured. What to Do Next See the “Host/Notification Settings” section on page 32-12. Host/Notification Settings The Host/Notification Settings pane lets you configure details about hostname, domain name, e-mail notifications, and a domain name for e-mail to be excluded from detailed scanning. To configure host and notification settings, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > CSC Setup > Host/Notification Settings. Step 2In the Host and Domain Names area, set the hostname and domain name of the CSC SSM. Step 3In the Incoming E-mail Domain Name area, set the trusted incoming e-mail domain name for SMTP-based e-mail. The CSC SSM scans SMTP e-mail sent to this domain. The types of threats that the CSC SSM scans for depend on the license that you purchased for the CSC SSM and the configuration of the CSC SSM software. NoteCSC SSM lets you configure a list of many incoming e-mail domains. ASDM displays only the first domain in the list. To configure additional incoming e-mail domains, access the CSC SSM interface. To do so, choose Configuration > Trend Micro Content Security > CSC Setup > Mail, and then click one of the links. After logging in to the CSC SSM, choose Mail (SMTP) > Configuration, and then click the Incoming Mail tab. Step 4Configure the following settings for e-mail notification of events: The administrator e-mail address for the account to which notification e-mails should be sent. The IP address of the SMTP server. The port to which the SMTP server listens. The e-mail address(es) for the product license renewal to which notification e-mails should be sent. Separate multiple e-mail addresses with semicolons. The maximum number of characters allowed for e-mail addresses is 1024. Make sure that the specified e-mail addresses are valid.
32-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard What to Do Next See the “Management Access Host/Networks” section on page 32-13. Management Access Host/Networks The Management Access Host/Networks pane lets you specify the hosts and networks for which management access to the CSC SSM is permitted. You must specify at least one permitted host or network, up to a maximum of eight permitted hosts or networks. To specify hosts and networks for which management access to the CSC SSM is allowed, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > CSC Setup > Management Access Host/Networks. Step 2Enter the IP address of a host or network that you want to add to the Selected Hosts/Network list. Step 3Enter the netmask for the host or network that you specified in the IP Address field. NoteTo allow all hosts and networks, enter 0.0.0.0 in the IP Address field, and choose 0.0.0.0 from the Mask list. The Selected Hosts/Networks list displays the hosts or networks trusted for management access to the CSC SSM. Step 4To add the host or network that you specified in the IP Address field in the Selected Hosts/Networks list, click Add. The Selected Hosts/Networks table lists the IP addresses of networks and hosts whose connection to the CSC SSM you have added. Step 5To remove a host or network from the Selected Hosts/Networks list, choose an entry from the list and click Delete. What to Do Next See the “Password” section on page 32-13. Password The Password pane lets you change the password required for management access to the CSC SSM. The CSC SSM has a password that is maintained separately from the ASDM password. You can configure them to be identical; however, changing the CSC SSM password does not affect the ASDM password. If ASDM is connected to the CSC SSM and you change the CSC SSM password, the connection to the CSC SSM is dropped. As a result, ASDM displays a confirmation dialog box that you must respond to before the password is changed.
32-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard TipWhenever the connection to the CSC SSM is dropped, you can reestablish it. To do so, click the Connection to Device icon on the status bar to display the Connection to Device dialog box, and then click Reconnect. ASDM prompts you for the CSC SSM password, which is the new password that you have defined. Passwords must be 5 - 32 characters long. Passwords appears as asterisks when you type them. NoteThe default password is “cisco.” To change the password required for management access to the CSC SSM, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > CSC Setup > Password. Step 2In the Old Password field, enter the current password for management access to the CSC SSM. Step 3In the New Password field, enter the new password for management access to the CSC SSM. Step 4In the Confirm New Password field, reenter the new password for management access to the CSC SSM. What to Do Next If required, see the “Restoring the Default Password” section on page 32-14. See the “Wizard Setup” section on page 32-15. Restoring the Default Password You can use ASDM to reset the CSC SSM password. You can reset this password to the default value, which is “cisco” (excluding quotation marks). If the CSC password-reset policy has been set to “Denied,” then you cannot reset the password through the ASDM CLI. To change this policy, you must access the CSC SSM through the ASA CLI by entering the session command. For more information, see the Cisco Content Security and Control SSM Administrator Guide. NoteThis option does not appear in the menu if an SSM is not installed. To reset the CSC SSM password to the default value, perform the following steps: Step 1Choose Tools > CSC Password Reset. The CSC Password Reset confirmation dialog box appears. Step 2Click OK to reset the CSC SSM password to the default value. A dialog box appears, indicating the success or failure of the password reset. If the password was not reset, make sure you are using Version 8.0(2) software on the ASA and the most recent Version 6.1.x software on the CSC SSM. Step 3Click Close to close the dialog box.
32-15 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard Step 4After you have reset the password, you should change it to a unique value. What to Do Next See the “Password” section on page 32-13. Wizard Setup The Wizard Setup screen lets you start the CSC Setup Wizard. To start the CSC Setup Wizard, click Launch Setup Wizard. To access the Wizard Setup screen, choose Configuration > Trend Micro Content Security > CSC Setup > Wizard Setup. Before you can directly access any of the other screens under CSC Setup, you must complete the CSC Setup Wizard. This wizard includes the following screens: CSC Setup Wizard Activation Codes Configuration, page 32-15 CSC Setup Wizard IP Configuration, page 32-16 CSC Setup Wizard Host Configuration, page 32-16 CSC Setup Wizard Management Access Configuration, page 32-17 CSC Setup Wizard Password Configuration, page 32-17 CSC Setup Wizard Traffic Selection for CSC Scan, page 32-17 CSC Setup Wizard Summary, page 32-19 After you complete the CSC Setup Wizard once, you can change any settings in screens related to the CSC SSM without using the CSC Setup Wizard again. CSC Setup Wizard Activation Codes Configuration To display the activation codes that you have entered to enable features on the CSC SSM, perform the following steps: Choose Configuration > Trend Micro Content Security > CSC Setup > Activation/License. The activation code settings that you have made appear on this screen, according to the type of license you have, as follows: The activation code for the Basic License appears. The Basic License includes anti-virus, anti-spyware, and file blocking. The activation code for the Plus License appears, if you have entered one. If not, this field is blank. The Plus License includes anti-spam, anti-phishing, content filtering, URL blocking and filtering, and web reputation. What to Do Next See the “CSC Setup Wizard IP Configuration” section on page 32-16.
32-16 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard CSC Setup Wizard IP Configuration To display the IP configuration settings that you have entered for the CSC SSM, perform the following steps: Choose Configuration > Trend Micro Content Security > CSC Setup > IP Configuration. The IP configuration settings that you have entered for the CSC SSM appear, including the following: The IP address for the management interface of the CSC SSM. The network mask for the management interface of the CSC SSM that you have selected from the drop-down list. The IP address of the gateway device for the network that contains the CSC SSM management interface. The primary DNS server IP address. The secondary DNS server IP address (if configured). The proxy server (if configured). The proxy port (if configured). What to Do Next See the “CSC Setup Wizard Host Configuration” section on page 32-16. CSC Setup Wizard Host Configuration To display the host configuration settings that you have entered for the CSC SSM, perform the following steps: Choose Configuration > Trend Micro Content Security > CSC Setup > Host Configuration. The host configuration settings that you have entered for the CSC SSM appear, including the following: The hostname of the CSC SSM. The name of the domain in which the CSC SSM resides. The domain name for incoming e-mail. The e-mail address of the domain administrator. The IP address of the SMTP server. The port to which the SMTP server listens. The e-mail address(es) for the product license renewal notification. What to Do Next See the “CSC Setup Wizard Management Access Configuration” section on page 32-17.
32-17 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard CSC Setup Wizard Management Access Configuration To display the subnet and host settings that you have entered to grant access to the CSC SSM, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > CSC Setup > Management Access Configuration. The management access configuration settings that you have entered for the CSC SSM appear, including the following: The IP address for networks and hosts that are allowed to connect to the CSC SSM. The network mask for networks and hosts that are allowed to connect to the CSC SSM that you have selected from the drop-down list. Step 2To add the IP address of the networks and hosts that you want to allow to connect to the CSC SSM, click Add. Step 3To remove the IP address of a network or host whose ability to connect to the CSC SSM you no longer want, click Delete. The Selected Hosts/Networks table lists the IP addresses of networks and hosts whose connection to the CSC SSM you have added. What to Do Next See the “CSC Setup Wizard Password Configuration” section on page 32-17. CSC Setup Wizard Password Configuration To change the password required for management access to the CSC SSM, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > CSC Setup > Password. Step 2In the Old Password field, enter the current password for management access to the CSC SSM. Step 3In the New Password field, enter the new password for management access to the CSC SSM. Step 4In the Confirm New Password field, reenter the new password for management access to the CSC SSM. What to Do Next See the “CSC Setup Wizard Traffic Selection for CSC Scan” section on page 32-17. CSC Setup Wizard Traffic Selection for CSC Scan To display the settings that you have made to select traffic for CSC scanning, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > CSC Setup > Traffic Selection for CSC Scan.
32-18 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard The traffic selection for CSC scanning configuration settings that you have entered for the CSC SSM appear, including the following: The interface to the CSC SSM that you have chosen from the drop-down list. The source of network traffic for the CSC SSM to scan. The destination of network traffic for the CSC SSM to scan. The source or destination service for the CSC SSM to scan. Step 2Do one of the following: To specify additional traffic details for CSC scanning, click Add. For more information, see “Specifying Traffic for CSC Scanning” section on page 32-18. To modify additional traffic details for CSC scanning, click Edit. For more information, see “Specifying Traffic for CSC Scanning” section on page 32-18. To remove additional traffic details for CSC scanning, click Delete. Specifying Traffic for CSC Scanning To define, modify, or remove additional settings for selecting traffic for CSC scanning, perform the following steps: Step 1In the Traffic Selection for CSC Scan screen, click Specify traffic for CSC Scan. The Specify traffic for CSC Scan dialog box appears. Step 2Choose the type of interface to the CSC SSM from the drop-down list. Available settings are global (all interfaces), inside, management, and outside. Step 3Choose the source of network traffic for the CSC SSM to scan from the drop-down list. Step 4Choose the destination of network traffic for the CSC SSM to scan from the drop-down list. Step 5Choose the type of service for the CSC SSM to scan from the drop-down list. Step 6Enter a description for the network traffic that you define for the CSC SSM to scan. Step 7Specify whether or not to allow the CSC SSM to scan network traffic if the CSC card fails. Choose one of the following options: To allow traffic through without being scanned, click Permit. To prevent traffic from going through without being scanned, click Close. Step 8Click OK to save your settings. The added traffic details appear on the CSC Setup Wizard Traffic selection for CSC Scan screen. Step 9Click Cancel to discard these settings and return to the CSC Setup Wizard Traffic selection for CSC Scan screen. If you click Cancel, ASDM displays a dialog box to confirm your decision. What to Do Next See the “CSC Setup Wizard Summary” section on page 32-19.
32-19 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module CSC SSM Setup Wizard CSC Setup Wizard Summary To review the settings that you have made with the CSC Setup Wizard, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > CSC Setup > Summary. The CSC Setup Wizard Summary screen shows the following display-only settings: The settings that you made in the Activation Codes Configuration screen, including the Base License activation code and the Plus License activation code, if you entered one. If not, this field is blank. The settings that you made in the IP Configuration screen, including the following information: –IP address and netmask for the management interface of the CSC SSM. –IP address of the gateway device for the network that includes the CSC SSM management interface. –Primary DNS server IP address. –Secondary DNS server IP address (if configured). –Proxy server and port (if configured). The settings that you made in the Host Configuration screen, including the following information: –Hostname of the CSC SSM. –Domain name for the domain that includes the CSC SSM. –Domain name for incoming e-mail. –Administrator e-mail address. –E-mail server IP address and port number. –E-mail address(es) for product licensing renewal notifications. The settings that you made in the Management Access Configuration screen. The drop-down list includes the hosts and networks from which the CSC SSM allows management connections. Indicates whether or not you have changed the password in the Password Configuration screen. Step 2(Optional) Click Back to return to the previous screens of the CSC Setup Wizard to change any settings. NoteThe Next button is dimmed; however, if you click Back to access any of the preceding screens in this wizard, click Next to return to the Summary screen. Step 3Click Finish to complete the CSC Setup Wizard and save all settings that you have specified. After you click Finish, you can change any settings related to the CSC SSM without using the CSC Setup Wizard again. A summary of the status of commands that were sent to the device appears. Step 4Click Close to close this screen, and then click Next. A message appears indicating that the CSC SSM has been activated and is ready for use. Step 5(Optional) Click Cancel to exit the CSC Setup Wizard without saving any of the selected settings. If you click Cancel, a dialog box appears to confirm your decision.
32-20 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 32 Configuring the ASA CSC Module Using the CSC SSM GUI What to Do Next See the “Using the CSC SSM GUI” section on page 32-20. Using the CSC SSM GUI This section describes how to configure features using the CSC SSM GUI, and includes the following topics: Web, page 32-20 Mail, page 32-21 SMTP Tab, page 32-21 POP3 Tab, page 32-22 File Transfer, page 32-22 Updates, page 32-23 Web NoteTo access the CSC SSM, you must reenter the CSC SSM password. Sessions in the CSC SSM browser time out after ten minutes of inactivity. If you close the CSC SSM browser and click another link in ASDM, you are not prompted for the CSC SSM password again, because one session is already open. To view whether or not web-related features are enabled and access the CSC SSM GUI for configuring these features, perform the following steps: Step 1Choose Configuration > Trend Micro Content Security > Web. The URL Blocking and Filtering area is display-only and shows whether or not URL blocking is enabled on the CSC SSM. Step 2Click Configure URL Blocking to open a screen for configuring URL blocking on the CSC SSM. The URL Filtering area is display-only and shows whether or not URL filtering is enabled on the CSC SSM. Step 3Click Configure URL Filtering to open a screen for configuring URL filtering rules on the CSC SSM. The File Blocking area is display-only and shows whether or not URL file blocking is enabled on the CSC SSM. Step 4Click Configure File Blocking to open a screen for configuring file blocking settings on the CSC SSM. The HTTP Scanning area is display-only and shows whether or not HTTP scanning is enabled on the CSC SSM. Step 5Click Configure Web Scanning to open a screen for configuring HTTP scanning settings on the CSC SSM. The Web Reputation area is display-only and shows whether or not the Web Reputation service is enabled on the CSC SSM.