Product Guide McAfee® Plugins for Microsoft ISA Server 1.4.
COPYRIGHT Copyright © 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
Contents Preface 5 About this guide . . . . . . . . . . . . . . . . Audience . . . . . . . . . . . . . . . . Conventions . . . . . . . . . . . . . . . What's in this guide . . . . . . . . . . . . Finding product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introducing McAfee Plugins for Microsoft ISA Server 2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 4 McAfee® Plugins for Microsoft ISA Server 1.4.
Preface Contents About this guide Finding product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: • Administrators — People who implement and enforce the company's security program.
Preface Finding product documentation What's in this guide This guide is organized to help you find the information you need.
1 Introducing McAfee Plugins for Microsoft ISA Server The McAfee® plugins for Microsoft ISA Server contains two plugins that integrate McAfee® Web Gateway, McAfee® Data Loss Prevention, or McAfee® SaaS Web Protection with Microsoft ISA Server. McAfee Web Gateway You can use either the ICAP plugin or the proxy chaining plugin to filter web traffic from the Microsoft ISA Server through the McAfee Web Gateway appliance.
1 Introducing McAfee Plugins for Microsoft ISA Server Protection service then sends a response back to the Microsoft ISA Server, which delivers it to the user. For more information about McAfee SaaS Web Protection, see the McAfee SaaS Web Protection product documentation. See also About the ICAP plugin on page 11 About the proxy chaining plugin on page 23 8 McAfee® Plugins for Microsoft ISA Server 1.4.
2 Installation Use the information and tasks in this section to plan for installation, download the installation file, and install the plugins. Contents System requirements Download the installation file Install the plugins Verify the relative path System requirements Follow the guidelines in this section to ensure you have the necessary system setup.
2 Installation Install the plugins Install the plugins Install the plugins on the server. Before you begin You must uninstall any previous versions of the Webwasher ISA ICAP plugins before installing the McAfee Plugins for Microsoft ISA Server. The installer automatically installs both the ICAP plugin and the proxy chaining plugin. If you have an array environment, install the plugins on each member of the array. Task 1 Log on to the operating system as an administrator.
3 ICAP plugin You can use the ICAP plugin to integrate your Microsoft ISA Server with a McAfee Web Gateway or McAfee Data Loss Prevention appliance. This section contains instructions specific for each McAfee product. Be sure to follow the instructions appropriate for your environment. Contents About the ICAP plugin Configure the ICAP plugin for McAfee Web Gateway 6.x appliance Configure the ICAP plugin for a McAfee Web Gateway 7.
3 ICAP plugin Configure the ICAP plugin for McAfee Web Gateway 6.x appliance REQMOD and RESPMOD ICAP has two modes: REQMOD (request mode) and RESPMOD (response mode). Each mode scans a web traffic request between the user and the web. About REQMOD REQMOD scans the user's web request (outbound traffic) as it travels out to the web. When using ICAP, the outbound web traffic request arrives at the Microsoft ISA Server where the ICAP plugin redirects it to the McAfee Web Gateway or McAfee DLP appliance.
ICAP plugin Configure the ICAP plugin for McAfee Web Gateway 6.x appliance 3 Enable logging and debugging on the plugin. 4 Enter hosts that you want to bypass. 5 Configure the ICAP(S) Server on the McAfee Web Gateway 6.x appliance. 3 Enable and configure REQMOD and RESPMOD server settings Configure REQMOD and RESPMOD servers settings on the ICAP plugin. Both REQMOD and RESPMOD are disabled by default, you must configure these settings on the plugin if you want to use them.
3 ICAP plugin Configure the ICAP plugin for McAfee Web Gateway 6.x appliance Configure REQMOD and RESPMOD logging on the McAfee Web Gateway 6.x appliance Enable REQMOD and RESPMOD logging on the McAfee Web Gateway 6.x appliance when you want a record of what traffic is being filtered. Task 1 Log on to the McAfee Web Gateway appliance's user interface. 2 3 Select Reporting | Log File Management | Activate Log Files.
ICAP plugin Configure the ICAP plugin for McAfee Web Gateway 6.x appliance • This setting is not shared across an array. Configure this option on each member of the array when you want debugging enabled on the other members. • Enabling debugging on the plugin does not enable debugging on the ICAP server. 3 Logs stored in the directory are not automatically deleted.
3 ICAP plugin Configure the ICAP plugin for a McAfee Web Gateway 7.x appliance 3 Select one of the following: • Send all categories to the ICAP client • Send only the blocked categories to the ICAP client 4 Select the Send range of values of the 'X-Attribute' header in OPTIONS response checkbox. 5 Click Apply Changes. The McAfee Web Gateway 6.x ICAP(S) Server is configured to send category information and 'X-Attribute' header range values with all ICAP responses.
3 ICAP plugin Configure the ICAP plugin for a McAfee Web Gateway 7.x appliance Task 1 Open the plugin settings: a In the Microsoft ISA Server management console, select Arrays | [your array] | Configuration | Add-ins, then click the Web Filters tab. b Select the appropriate plugin. c Right-click the plugin and select Properties. 2 Click the Config tab. 3 Configure the REQMOD or RESPMOD settings. This setting on the plugin handles only HTTP requests; all HTTPS traffic is ignored.
3 ICAP plugin Configure the ICAP plugin for a McAfee Web Gateway 7.x appliance 3 To log category information, select the Modify 'cs-uri' field checkbox and configure the necessary option or rules on your appliance. This option is available for backwards compatibility with McAfee Web Gateway 6.x appliances when the ICAP(S) Server is configured. If you want to use this option with a McAfee Web Gateway 7.
3 ICAP plugin Configure the ICAP plugin for McAfee DLP Examples: 4 • www.example.com • mail.example.com • 192.168.254.22 • FD4A:A1B2:C3D4:0:0:0:0:E5F6 Click OK to save the configuration. Enable the ICAP server on a McAfee Web Gateway 7.x appliance Enable the ICAP server to allow the McAfee Web Gateway appliance to accept incoming ICAP connections from the ICAP plugin. Before you begin You must have already enabled and configured the ICAP plugin.
3 ICAP plugin Configure the ICAP plugin for McAfee DLP Enable and configure REQMOD settings Configure the plugin to redirect outbound traffic (REQMOD) to a McAfee DLP appliance. REQMOD is disabled by default, you must configure this setting on the plugin if you want to use it. Do not enable or try to use the RESPMOD (inbound requests) settings as this option has no functionality when using the ICAP plugin with a McAfee DLP appliance.
ICAP plugin Configure the ICAP plugin for McAfee DLP 3 3 To log connection debug information, select the Trace Connections checkbox. Information about what the ICAP plugin receives from the McAfee DLP appliance and returns to the Microsoft ISA Server is logged to a file stored in the specified directory. • This setting is not shared across an array. Configure this option on each member of the array when you want debugging enabled on the other members.
3 ICAP plugin Statistics for the ICAP plugin Statistics for the ICAP plugin The ICAP plugin allows you to view and reset statistics about the plugin. Statistics on the Statistics tab display information for REQMOD and RESPMOD requests that have been issued and for connections to the ICAP server. In an array environment, the statistics data relates only to the plugin on the member you are accessing. The following table provides a description for each statistic.
4 Proxy chaining plugin You can use the proxy chaining plugin to integrate McAfee Web Gateway or McAfee SaaS Web Protection into your Microsoft ISA Server-based network environment. This section contains instructions specific for each McAfee product. Be sure to follow the instructions appropriate for your setup.
4 Proxy chaining plugin Configure the proxy chaining plugin for a McAfee Web Gateway appliance Configure the proxy chaining plugin for a McAfee Web Gateway appliance Configure the outbound headers so that each outbound traffic request includes user, group, and IP address information. Configure outbound header settings when using the proxy chaining plugin with a McAfee Web Gateway 6.x or 7.x appliance.
4 Proxy chaining plugin Configure proxy chaining rules on the Microsoft ISA Server 3 Select the Use Web Protection Service checkbox to enable this option. 4 Enter the McAfee SaaS Web Protection customer ID and password. 5 Click OK to save the changes. After you complete the configuration steps, traffic is filtered through the rules and policies that are set up in McAfee SaaS Web Protection.
4 Proxy chaining plugin Configure proxy chaining rules on the Microsoft ISA Server 26 McAfee® Plugins for Microsoft ISA Server 1.4.
Index A ICAP plugin (continued) REQMOD 11, 12 RESPMOD 11, 12 standalone 11 about this guide 5 array 11 statistics 22 ICAP server on McAfee DLP 21 ICAP server on McAfee Web Gateway 7.x 19 ICAP(S) on McAfee Web Gateway 6.
Index REQMOD about 12 enable and configure 13, 16, 20 ICAP plugin 11 REQMOD, RESPMOD logging on McAfee Web Gateway 6.
700-3218A00