Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

PIX535 with Anti-Virus

Posted on 2006-06-14
13
Medium Priority
?
343 Views
Last Modified: 2010-04-09
Hi Guys,

Has any one integrated the PIX 535 with any Anti-Virus Software.
I need to know some details

thanks
Naren
0
Comment
Question by:r_naren22atyahoo
  • 5
  • 5
  • 2
13 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16908810
No
The new ASA line does have in-line AV integrated, but there is nothing for the PIX
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 16908894
I have seen this document
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a008007d05d.html
 
and I assumed that there could be some integration that can be done
This was the quote from the above link
--------------------------
Integration with Leading Third-Party Solutions | . Supports the broad range of Cisco Technology Developer partner solutions that provide URL filtering,
                                                                   |     content  filtering, virus protection, scalable remote management, and more
                                                                                                   ------------------
------------------------

is there any ?????
 
regards
Nare
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16909567
As far as I know, there is none and even if there is one then it is Trend Micro since they have it for IDS/IPS devices.

Cheers,
Rajesh
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 16916508
I am trying to integrate the

-------------PIX535-----(Cisco ACS4.1)&(AAA-Server)-------------Trend Micro.

Some thing like, if virus found, add an access rule to pix will be added by the policy server(ACS) to restrict the access of infected user to other network.

Any Ideas???

regards
naren
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16917350
It's called Clean Access
http://www.cisco.com/en/US/products/products_security_advisory09186a00804f3127.shtml
It is not yet integrated with PIX/ASA/ACS - at least not that I'm aware of.
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 16917752
Could you look at this please, guys
http://www.experts-exchange.com/Security/Q_21888521.html
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 17066531
sorry for not keeping in touch, i did some research and found of this

PIX 7.2(1) does have NAC.
Trend has some anti-virus solutions integrating with NAC devices
http://cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008066ebb8.html

http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm
 
I have to do some more research on the integration

regards
Naren
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17066978
Integration front right now, I know that CSIDS products with 5.x version of softwares are done with TrendMicro signatures => Outbreak prevention...

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17066979
So if you had an ASA box with IDS integration card, you could do it.

Cheers,
Rajesh
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 17067264
Hi Rajesh,

This is not an ASA Box :(
its PIX 535 Enterprice licence.

have you had any experiance before with this type of integration?????

I am expecting some thing like this but not sure

             Clients/Servers------------Network--------PIX535------Cisco ACS with AAA Server----Trend Micro Server
     with Cisco Clean Access &
         Trend-Micro Client

regards
Naren
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 1000 total points
ID: 17067309
Yeah, I know :-) For IDS there is a direct integration and I know that. But what you're looking for is available only as part of NAC introduced fairly recent (In a sense, dev is still going on)

The network diagram you wrote there is exacly how it is; 2 ways basically along with the CSA client, a new component called CTA (Cisco trust agent) also will be pushed to the clients which in turn takes care of of the talking to NAC enabled device for compliance.

Unfortunately I don't have CCO access now (I work for Juniper now :-)). So I don't have a way of looking things.

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17070427
thnx for the points Naren.

Cheers,
Rajesh
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question