NoteIf you configure only one LDAP server, IMSVA
directly queries data from the remote LDAP server. If you have multiple LDAP servers
configured, IMSVA synchronizes all data from
the remote LDAP servers to the local OpenLDAP server. In this case, the LDAP
settings cannot support End-User Quarantine authentication, and performance issues
may occur during data synchronization when there is a large number of LDAP
servers.
Therefore, Trend Micro recommends you configure no more
than 5 LDAP servers. If you want to configure more than 5 LDAP servers, use unified
directory services such as Global Catalog to manage queries so that IMSVA does not need to synchronize data to the
local server.
If more than one LDAP server is enabled, End-User Quarantine using LDAP
authentication and EUQ single sign-on cannot be enabled.
|
LDAP Server
|
LDAP Admin Account (examples)
|
Base Distinguished Name (examples)
|
Authentication Method
|
---|---|---|---|
Active Directory
|
Without Kerberos: user1@domain.com (UPN) or domain\user1
With Kerberos: user1@domain.com
|
dc=domain, dc=com
|
Simple
Advanced (with Kerberos)
|
Active Directory Global Catalog
|
Without Kerberos: user1@domain.com (UPN) or domain\user1
With Kerberos: user1@domain.com
|
dc=domain, dc=com
dc=domain1,dc=com (if mutiple unique domains exist)
|
Simple
Advanced (with Kerberos)
|
OpenLDAP
|
cn=manager, dc=test1, dc=com
|
dc=test1, dc=com
|
Simple
|
Lotus Domino
|
user1/domain
|
Not applicable
|
Simple
|
Sun iPlanet Directory
|
uid=user1, ou=people, dc=domain, dc=com
|
dc=domain, dc=com
|
Simple
|
NoteOnly Active Directory and Active Directory Global Catalog support Kerberos
Authentication.
|
NoteLDAP 1 and LDAP 2 refers to backup servers for each
other. If you select only one check box, the LDAP server status is
enabled, but its backup server is not enabled.
|
TipTo use the POP3 message filter, enable Accept POP3
connection from System Status screen. This
option is not selected by default.
|
NoteThe incoming port on your scanners must be idle or the IMSVA daemon might not function
properly.
|
NoteIf
you do not specify a port number, IMSVA uses
the default value of 110.
|
NoteIf you want to change the password for the admin database, run the
following script:
/opt/trend/imss/script/dbupdate.sh setpw newPassword
|
NoteFor detailed operations, see Managing EUQ Databases.
|
NoteFor additional information about Control Manager, see the Control Manager documentation.
|
Option | Description |
Enable MCP Agent
|
Select the check box to enable the agent.
|
Server
|
Specify the Control Manager IP address or FQDN.
|
Communication protocol
|
Select HTTP or HTTPS and specify the corresponding
port number. The default port number for HTTP access is 80, and the
default port number for HTTPS is 443.
|
Web server authentication
|
Specify the credentials to access the Control Manager web server.
|
Option | Description |
Enable proxy
|
Select the check box to enable the proxy
server.
|
Proxy type
|
Select the protocol that the proxy server uses:
HTTP, SOCKS4, or
SOCKS5.
|
Proxy server
|
Specify the proxy server FQDN or IP address, port
number, and the user name and password.
|
Port
|
Specify the port for the proxy server.
|
User name
|
Specify the user name to access the proxy server.
|
Password
|
Specify the password for the user name.
|
NoteIMSVA detects
suspicious URLs based on Web Reputation Services available through
Smart Protection Servers. Make sure you have properly configured Web
Reputation settings and Smart Protection Servers.
|
NoteIn addition, make sure that your Control Manager version is 6.0 SP3
Patch 1 or later and the Smart Protection Server version is 3.0 Patch 1
or later.
|
NoteTrend Micro recommends that you create a
separate administrator account other than the default "admin" account
for Control Manager to manage IMSVA. The account is required for
authentication on the Control Manager
management console.
|