Specifications

Trend Micro™ InterScan™ Gateway Security Appliance M-Series Deployment Guide
3-12
Figure 3-8 below illustrates how the appliance processes traffic in fully transparent
proxy mode.
FIGURE 3-8. In fully transparent proxy mode, the IP address of the client is
unchanged
When a client initiates a request, the request passes through the switch that is the
default gateway for clients in this segment. The appliance accepts the request through
the INT port, which redirects traffic to the corresponding proxy handler. After the
proxy handler processes the request, the appliance delivers the packet to the
destination server by way of the router (the default gateway of the appliance).
In this mode, the source IP address is the client’s address and the destination IP
address is that of the server. Bridge netfilter iptables is used to determine the route of
the destination server.
Deployment in a DMZ Environment
To protect both a corporate network and a DMZ (demilitarized zone or perimeter net-
work), you can deploy two appliances:
One deployed to protect the corporate network
One deployed to protect the DMZ
Server
Internet
Router
(Default gateway
of InterScan
appliance)
Operation mode:
Fully transparent proxy
Switch
Client
EXT
port
INT
port
proxy handlers
10.2.211.136
Source IP:
10.2.211.136
10.2.2.23
Source IP:
10.2.211.136
Source IP:
10.2.211.136