Installation guide
Preinstallation Planning
1-9
Planning Network Traffic Protection
IWSVA can be deployed in different modes to help secure your network. (See Chapter 2,
Deployment Primer). IWSVA supports the following deployment topologies:
• Transparent Bridge Mode on page 1-9
• Forward Proxy Mode on page 1-10
• Reverse Proxy Mode on page 1-10
• ICAP Mode on page 1-10
• Simple Transparency Mode on page 1-10
• WCCP Mode on page 1-11
Transparent Bridge Mode
IWSVA acts as a bridge between network devices such as routers and switches. IWSVA
scans passing HTTP and FTP traffic without the need to modify the browser or
network settings. This is the easiest deployment mode with traffic being scanned in both
directions.
An additional dependency for this deployment mode is two network interface cards per
transparent bridge segment protected with IWSVA. Trend Micro recommends that the
following network cards be used to ensure maximum compatibility in this deployment
mode:
• Broadcom NetXtreme Series
• Intel Pro/1000 PT Dual Port Server Adapter
• Intel Pro/1000 MF Dual Port Fiber
IWSVA 6.5 features an optional High Availability (HA) deployment mode. In this mode,
two IWSVA 6.5 nodes are configured as an HA cluster. In this configuration one of the
nodes is designated as the parent, or active node, and is connected to a child, or passive
node, through a “heartbeat” link.
In HA deployment mode, the parent node processes all “live” traffic while the child
node remains in a passive state. If a failure in the parent node is detected, the child node
then becomes the active node and the parent node is taken offline.
The HA deployment mode is only supported in Transparent Bridge mode.