Manualshelf

Installation manual

ManualsBrandsESET ManualsPrint & ScanGATEWAY SECURITY - FOR LINUX BSD AND SOLARIS
11121314151617181920
16
ESET Gateway Security
ESET Gateway Security protects the organizations HTTP and FTP services against viruses,
worms, trojans, spyware, phishing and other internet threats. The term 'Gateway Server' refers
to layer 3, or 'router' level of the ISO/OSI model. In this chapter we review the process of ESET
Gateway Security integration with various services.
5.1. Transparent HTTP/FTP proxy con guration
The con guration for transparent proxying is based on a standard routing mechanism as
shown in Figure 5-1 below:
Figure 5-1. Scheme of ESET Gateway Security as a transparent proxy
The con guration is created naturally as kernel IP routing tables are de ned on each local
network client. These routing tables are used to establish static routes to the default network
gateway server (router). On a DHCP network, this is done automatically. All HTTP (or FTP)
communication with outbound servers is then routed via network gateway server, where ESET
Gateway Security must be installed in order to scan the communication for in ltrations. For this
purpose, a generic ESETS HTTP (or FTP) lter has been developed, called esets_http (or esets_
ftp).
To con gure ESET Gateway Security to scan HTTP (or FTP) messages routed through the
network gateway server, enter the command:
/usr/sbin/esets_setup
Follow the instructions provided by the script. When the Available installations/un-installations’
o er appears, choose the ‘HTTP’ (or FTP) option to display the ‘install/uninstall’ options, then
choose ‘install’. This will automatically con gure the module to listen on a prede ned port. It also
redirects IP packets originating from the selected network and with HTTP (or FTP) destination
port to the port where esets_http (or esets_ftp) listens. This means that only requests originally
sent to HTTP (or FTP) destination ports will be scanned. If you also wish to monitor other ports,
equivalent redirection rules must be assigned.
In default mode, the installer shows all steps which will be performed and also creates a
backup of the con guration, which can be restored at any time. The detailed installer utility steps
for all possible scenarios are also described in appendix A of this document.
Client
User Agent
Client
Router
Local Network
User Agent
INTERNET
User Agent
Eset Gateway Security
Client