Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Computers<br />
Communication Direction<br />
Bi-directional: By default, communications are bi-directional. This means that the Client Plug-in<br />
normally initiates the heartbeat but still listens on the Client Plug-in port for Server Plug-in<br />
connections. The Server Plug-in is still free to contact the Client Plug-in in order to perform<br />
operations as required. This allows the Server Plug-in to apply changes to the security<br />
configuration to the Client Plug-in as they occur.<br />
Server Plug-in Initiated: With this option selected, all Server Plug-in-Client Plug-in<br />
communications are initiated by the Server Plug-in. This includes security configuration updates,<br />
heartbeat operations, and requests for Event logs.<br />
Client Plug-in Initiated: With this option selected, the Client Plug-in does not listen on port<br />
4118. Instead it contacts the Server Plug-in on the heartbeat port (4120 by default) as dictated<br />
by the heartbeat settings. Once the Client Plug-in has established a TCP connection with the<br />
Server Plug-in all normal communication takes place: the Server Plug-in first asks the Client<br />
Plug-in for its status and for any events. (This is the heartbeat operation). If there are<br />
outstanding operations that need to be performed on the Computer (e.g., the Security Profile<br />
needs to be updated), these operations are performed before the connection is closed. In this<br />
mode, communications between the Server Plug-in and the Client Plug-in only occur on every<br />
heartbeat. If a Client Plug-in's security configuration has changed, it will not be updated until the<br />
next heartbeat.<br />
Before configuring a Client Plug-in for Client Plug-in initiated Communication, ensure that the<br />
Server Plug-in URL and heartbeat port can be reached by the Client Plug-in. If the Client Plug-in is<br />
unable to resolve the Server Plug-in URL or is unable to reach the IP and port, Client Plug-in initiated<br />
communications will fail for this Client Plug-in.<br />
Note that Client Plug-ins look for the IDF Server Plug-in on the network by the Server Plug-in's<br />
hostname. Therefore the Server Plug-in hostname must be in your local DNS for Client Plug-in<br />
initiated or bi-directional communication to work.<br />
To enable communications between the Server Plug-in and the Client Plug-ins, the Server Plug-in<br />
automatically implements a (hidden) <strong>Firewall</strong> Rule (priority four, Bypass) which opens port 4118 on<br />
the Client Plug-ins to incoming TCP/IP traffic. The default settings open the port to any IP address and<br />
any MAC address. You can restrict incoming traffic on this port by creating a new priority 4, Force<br />
Allow or Bypass <strong>Firewall</strong> Rule, which only allows incoming TCP/IP traffic from specific IP and/or MAC<br />
addresses. This new <strong>Firewall</strong> Rule will replace the hidden <strong>Firewall</strong> Rule if the settings match the<br />
following:<br />
rule action: force allow or bypass<br />
priority: 4 - highest<br />
packet's direction: incoming<br />
frame type: IP<br />
protocol: TCP<br />
packet's destination port: 4118 (or a list or range that includes 4118)<br />
As long as these settings are in effect, the new rule will replace the hidden rule. You can then enter<br />
Packet Source information for IP and/or MAC addresses to restrict traffic to the Computer.<br />
Hostnames<br />
Update the "Hostname" entry if an IP is used as a hostname and a change in IP is detected on<br />
the Computer after client plug-in initiated communication or discovery: Turn this option on if, for<br />
© Copyright 2010 <strong>Trend</strong> <strong>Micro</strong> Inc. www.trendmicro.com<br />
All rights reserved. - 56 -