Re: How do you scan for http/ftp virus transparently with no pro

jroyster · ‎09-04-2003

Since switching from checkpoint using a CVP (checkpoing vectoring protocol) based virus scanner for web and ftp traffic to a PIX we've had a lot of difficulty finding a solution. The checkpoint was performing two duties - firewall and transparently handing off web/ftp to a trend mirco virus scanner.

What is the SAFE blueprint or recommendation for transparently scanning web and FTP traffic from in an Enterprise and Internet? Proxy servers are sorta out of the question because users don't want to be bothered with changing their browser settings when not attached to the enterprise network.

Thanks for any suggestions!

John

mostiguy · ‎09-04-2003

I don't know how you could do it with the PIX model - with the PIX, there is no inspection of web content, only URLs can get passed off to a content filtering solution, but those generally only look at URLs and domain names, and not at the entire connection.

With a proxy, isn't using the autoconfiguration option possible?

Can the trend micro product be configured as a transparent firewall? Meaning, so it is unrouted, but wired such that all http/ftp traffic passes through it.

jroyster · ‎09-04-2003

Auto configuration is somewhat possible, but only for certain networks (like ones that have microsoft DHCP services). The proxy-server autoconfiguration gets its proxy server from a DHCP field that is sorta MS specific.

So all of our VPN clients and dial-ups and NON-MS clients would have troubles.

At least that was my understanding.

How do you scan for http/ftp virus transparently with no proxy?