Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

ICAP AV Installation

0

0

Article ID: KB9414 KB Last Updated: 11 Aug 2010Version: 4.0
Summary:

Beginning with ScreenOS 5.4.0, the ISG-1000 and ISG-2000 now support anti-virus (AV) using Symantec iCAP server solution. This document describes requirements to run AV on an ISG-1000 and/or ISG-2000.

Symptoms:

Solution:

In order to run AV on an ISG-1000 or ISG-2000, you will need to purchase Symantec Scan Engine 5.0 from your local VAR/reseller.  The way this works is the ISG will determine if a packet needs to be inspected for AV.  If so, then it re-directs the packet to the external AV server.  Based on the results of the AV scanner, the packet will either be forwarded on to its original destination, or it will be dropped.

Server Requirements:

  • Windows 2000 Server (with Service Pack 3)
  • Windows 2003 Server
  • Solaris 8/9
  • Red Hat Linux 9.0
  • Red Hat Enterprisse Linux 3.0
  • Red Hat Linux Advanced Server 2.1
  • SuSE Linux Enterprise Server 8

All servers require a direct connection to the Internet, with Sun Java 2 Run-Time Environment installed.

Once the server is installed (with valid license), configure the ISG for external av scanning.

The steps are as follows:

  • Create the server object
  • Create an AV profile, and bind the server object to the AV profile
  • Create your policies, and bind the AV profile to any policies where AV scanning is required
  1. First, create the server object.  The CLI command for this is:
    set icap server JTAC_ICAP host 172.19.50.138
  2. Create the AV Profile and bind JTAC_ICAP to this profile
    nsisg2000-> set av profile ICAP_AV
    nsisg2000(av:ICAP_AV)->
    set icap JTAC_ICAP
    nsisg2000(av:ICAP_AV)-> exit
    nsisg2000->
  3. Create the policy and bind the AV profile to the policy
    nsisg2000-> set policy from trust to untrust any any http permit
    policy id = 1
    nsisg2000-> set policy id 1
    nsisg2000(policy:1)-> set av ICAP_AV
    nsisg2000(policy:1)-> exit
    nsisg2000->
For additional information, consult: Setting up an iCAP Server for ISG-1000/2000 AV Support [PDF]

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search