Solved

PIX535 with Anti-Virus

Posted on 2006-06-14
13
294 Views
Last Modified: 2010-04-09
Hi Guys,

Has any one integrated the PIX 535 with any Anti-Virus Software.
I need to know some details

thanks
Naren
0
Comment
Question by:r_naren22atyahoo
  • 5
  • 5
  • 2
13 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16908810
No
The new ASA line does have in-line AV integrated, but there is nothing for the PIX
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 16908894
I have seen this document
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a008007d05d.html
 
and I assumed that there could be some integration that can be done
This was the quote from the above link
--------------------------
Integration with Leading Third-Party Solutions | . Supports the broad range of Cisco Technology Developer partner solutions that provide URL filtering,
                                                                   |     content  filtering, virus protection, scalable remote management, and more
                                                                                                   ------------------
------------------------

is there any ?????
 
regards
Nare
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16909567
As far as I know, there is none and even if there is one then it is Trend Micro since they have it for IDS/IPS devices.

Cheers,
Rajesh
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 16916508
I am trying to integrate the

-------------PIX535-----(Cisco ACS4.1)&(AAA-Server)-------------Trend Micro.

Some thing like, if virus found, add an access rule to pix will be added by the policy server(ACS) to restrict the access of infected user to other network.

Any Ideas???

regards
naren
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16917350
It's called Clean Access
http://www.cisco.com/en/US/products/products_security_advisory09186a00804f3127.shtml
It is not yet integrated with PIX/ASA/ACS - at least not that I'm aware of.
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 16917752
Could you look at this please, guys
http://www.experts-exchange.com/Security/Q_21888521.html
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 17066531
sorry for not keeping in touch, i did some research and found of this

PIX 7.2(1) does have NAC.
Trend has some anti-virus solutions integrating with NAC devices
http://cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008066ebb8.html

http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm
 
I have to do some more research on the integration

regards
Naren
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17066978
Integration front right now, I know that CSIDS products with 5.x version of softwares are done with TrendMicro signatures => Outbreak prevention...

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17066979
So if you had an ASA box with IDS integration card, you could do it.

Cheers,
Rajesh
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 17067264
Hi Rajesh,

This is not an ASA Box :(
its PIX 535 Enterprice licence.

have you had any experiance before with this type of integration?????

I am expecting some thing like this but not sure

             Clients/Servers------------Network--------PIX535------Cisco ACS with AAA Server----Trend Micro Server
     with Cisco Clean Access &
         Trend-Micro Client

regards
Naren
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 17067309
Yeah, I know :-) For IDS there is a direct integration and I know that. But what you're looking for is available only as part of NAC introduced fairly recent (In a sense, dev is still going on)

The network diagram you wrote there is exacly how it is; 2 ways basically along with the CSA client, a new component called CTA (Cisco trust agent) also will be pushed to the clients which in turn takes care of of the talking to NAC enabled device for compliance.

Unfortunately I don't have CCO access now (I work for Juniper now :-)). So I don't have a way of looking things.

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17070427
thnx for the points Naren.

Cheers,
Rajesh
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question