Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How do you scan for http/ftp virus transparently with no proxy?

Since switching from checkpoint using a CVP (checkpoing vectoring protocol) based virus scanner for web and ftp traffic to a PIX we've had a lot of difficulty finding a solution. The checkpoint was performing two duties - firewall and transparently handing off web/ftp to a trend mirco virus scanner.

What is the SAFE blueprint or recommendation for transparently scanning web and FTP traffic from in an Enterprise and Internet? Proxy servers are sorta out of the question because users don't want to be bothered with changing their browser settings when not attached to the enterprise network.

Thanks for any suggestions!



Re: How do you scan for http/ftp virus transparently with no pro

I don't know how you could do it with the PIX model - with the PIX, there is no inspection of web content, only URLs can get passed off to a content filtering solution, but those generally only look at URLs and domain names, and not at the entire connection.

With a proxy, isn't using the autoconfiguration option possible?

Can the trend micro product be configured as a transparent firewall? Meaning, so it is unrouted, but wired such that all http/ftp traffic passes through it.

New Member

Re: How do you scan for http/ftp virus transparently with no pro

Auto configuration is somewhat possible, but only for certain networks (like ones that have microsoft DHCP services). The proxy-server autoconfiguration gets its proxy server from a DHCP field that is sorta MS specific.

So all of our VPN clients and dial-ups and NON-MS clients would have troubles.

At least that was my understanding.

CreatePlease login to create content