Trend Micro, Inc.
May 2007
Trend Micro
This readme file is current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at http://www.trendmicro.com/download/.
Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation, or online at http://olr.trendmicro.com.
Trend Micro is always seeking to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: www.trendmicro.com/download/documentation/rating.asp.
1. About Trend Micro Policy Server for Cisco Network Admission Control (NAC)
Cisco Network Admission Control (NAC) provides a means to communicate and evaluate the status of antivirus components of OfficeScan clients. This helps you enforce your organizations antivirus policies by giving you the ability to perform actions on at-risk clients. These actions include instructing clients to update their OfficeScan client components, enable Real-time scan, and perform Scan Now and Cleanup Now.
The document set for Policy Server includes:
Online help: HTML files compiled in WebHelp format that provide "how to's", usage advice, and field-specific information. The online help is accessible from the Policy Server console.
Readme file: Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the online or printed documentation.
Knowledge Base: The Knowledge Base is an online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following Web site: http://esupport.trendmicro.com.
3.1. Policy Server
Operating system:
Microsoft Windows 2000 Professional (Service Pack 2 or above)
Microsoft Windows 2000 Server (Service Pack 2 or above)
Microsoft Windows 2000 Advanced Server (Service Pack 2 or above)
Microsoft Windows XP Professional (Service Pack 1 or above)
Microsoft Windows Server 2003 Standard
Microsoft Windows Server 2003 Enterprise
Microsoft Windows Cluster Server 2000
Hardware:
300MHz Intel Pentium II processor or equivalent
128MB of RAM
300MB of available disk space
Monitor that supports 800 x 600 resolution at 256 colors or higher
Web server:
Microsoft Internet Information Server (IIS) versions 5.0 or 6.0
Apache Web server 2.0 or later (for Windows 2000/XP/Server 2003 only)
Web console:
133MHz Intel Pentium processor or equivalent
64MB of RAM
30MB of available disk space
Monitor that supports 800 x 600 resolution at 256 colors or higher
Microsoft Internet Explorer 5.5 or later
3.2. Cisco Trust Agent
Operating system
Microsoft Windows NT 4.0
Windows 2000 Professional and Server with Service Pack 4
Windows XP Professional (up to Service Pack 2)
Windows 2003
Hardware
200MHz single or multiple Intel Pentium processors
128MB of RAM for Windows NT and 2000
256MB of RAM for Windows XP and 2003
5MB of available disk space (20MB recommended)
Others: Windows Installer 2.0 or later
3.3. Supported platforms and requirements
|
Supported Platform |
Models |
IOS Images |
Minimum Memory/Flash |
|
Routers |
|||
|
Cisco 830, 870 series |
831, 836, 837 |
IOS 12.3(8) or later |
48MB/8MB |
|
Cisco 1700 series |
1701, 1711, 1712, 1721, 1751, 1751-V, 1760 |
IOS 12.3(8) or later |
64MB/16MB |
|
Cisco 1800 series |
1841 |
IOS 12.3(8) or later |
128MB/32MB |
|
Cisco 2600 series |
2600XM, 2691 |
IOS 12.3(8) or later |
96MB/32MB |
|
Cisco 2800 series |
2801, 2811, 2821, 2851 |
IOS 12.3(8) or later |
128MB/64MB |
|
Cisco 3600 series |
3640/3640A, 3660-ENT series |
IOS 12.3(8) or later |
48MB/16MB |
|
Cisco 3700 series |
3745, 3725 |
IOS 12.3(8) or later |
128MB/32MB |
|
Cisco 3800 series |
3845, 3825 |
IOS 12.3(8) or later |
256MB/64MB |
|
Cisco 7200 series |
720x, 75xx |
IOS 12.3(8) or later |
128MB/48MB |
|
|
|||
|
VPN Concentrators |
|||
|
Cisco VPN 3000 Series |
3005 - 3080 |
V4.7 or later |
N/A |
|
|
|||
|
Switches |
|||
|
Cisco Catalyst 2900 |
2950, 2970 |
IOS 12.1(22)EA5 |
N/A |
|
Cisco Catalyst 3x00 |
3550, 3560, 3750 |
IOS 12.2(25)SEC |
N/A |
|
Cisco Catalyst 4x00 |
Supervisor 2+ or higher |
IOS 12.2(25)EWA |
N/A |
|
Cisco Catalyst 6500 |
6503, 6509, Supervisor 2 or higher |
CatOS 8.5 or later |
Sup2 - 128MB |
|
|
|||
|
Wireless Access Points |
|||
|
Cisco AP1200 Series |
1230 |
N/A |
N/A |
To install Policy Server for Cisco NAC using the Policy Server installer:
Log on to the computer to which you will install Policy Server for Cisco NAC.
Locate the Policy Server for Cisco NAC installer package on the Enterprise CD.
Double-click setup.exe to run the installer package.
Follow the installation instructions.
To install Policy Server for Cisco NAC from the OfficeScan server master installer:
Ensure the "Install Other OfficeScan Programs" screen of the OfficeScan server master installer displays.
Select the Policy Server for Cisco NAC check box.
Click Next.
Continue with OfficeScan server master installation.
When the Welcome screen for Trend Micro Policy Server for Cisco NAC appears, click Next. The Policy Server for Cisco NAC License Agreement screen appears.
Read the agreement and click Yes to continue. The Choose Destination Location screen appears.
Modify the default destination location if necessary by clicking Browse and selecting a new destination for the Policy Server installation.
Click Next. The Web Server screen appears.
Choose the Web server for the Policy Server.
Note: If an Apache server is not found on the system, the installation program will install it automatically.
Click Next. The Web Server Configuration screen appears.
Configure the following information:
If you selected to install Policy Server on an IIS server, select one of the following:
IIS default Web site: click to install as an IIS default Web site
IIS virtual Web site: click to install as an IIS virtual Web site
Next to Port, type a port that will serve as the server listening port.
Click Next. The Setup Complete screen appears.
You have completed installing Policy Server. Click Finish.
5. Post-installation Configuration
You can configure the Policy Server settings using the Web console immediately after completing the installation. Access the Policy Server Web console from the OfficeScan Web console or from the Start menu by clicking Programs > Trend Micro Policy server for Cisco NAC > Policy Server Console. For detailed instructions, refer to the OfficeScan Administrator's Guide and the Policy Server online help.
The following are the known issues for this release:
If the computer is running Windows 2003, disable the Internet Explorer Pop-up blocker to view client validation logs from the Policy Server Web console.
Authentication between the ACS server and the Policy Server will fail when Policy Server is installed on IIS 5.0 on a Domain Controller computer with Active Directory.
For Cisco Trust Agent to be set up successfully on Windows NT 4 computers, install Windows Installer 2.0. If Windows Installer is not present, agent installation from the OfficeScan Web console will be unsuccessful and will not display an error message.
If the OfficeScan server and Policy Server are installed on the same computer, and the master installer installs Apache as the Web server, both OfficeScan and Policy Server use the same Apache installation. Therefore, uninstalling either OfficeScan server or Policy Server removes the Apache installation, which renders the remaining server (OfficeScan or Apache) inoperable.
If the client user uninstalls the Cisco Trust Agent through Windows Control Panel > Add/Remove Programs, the Cisco Trust Agent version information of the client still appears in the client tree.
If the you forget the user name and password configured during Policy Server setup for the ACS server to access the Policy Server, the password can not be recovered. You must use IIS or Apache utilities to recreate a user name and password.
The "Policy Server List" that appears on the Policy Server screen of the OfficeScan Web console adds any server you configure without checking whether or not the server information is correct.
When the Cisco Trust Agent (CTA) program needs to be updated, all existing CTAs must be removed and a new package must be deployed again to all the client computers.
Internet Server Application Programming Interface (ISAPI) does not work on Apache Web server versions 2.0.56 to 2.0.59 and versions 2.2.3 to 2.2.4.
A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.
You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.
Evaluation copies of Trend Micro products can be downloaded from our Web site.
Global Mailing Address/Telephone numbers
For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.
The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.
Note: This information is subject to change without notice.
Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop.
Copyright 2004-2007, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
Information about your license agreement with Trend Micro can be viewed at http://www.trendmicro.com/en/purchase/license/.
Third-party licensing agreements can be viewed:
By selecting the "About" option in the application user interface
By referring to the "Legal" page of the Installation and Deployment Guide or Administrator's Guide