Best Practice Transparent Bridge.docx
《Best Practice Transparent Bridge.docx》由会员分享,可在线阅读,更多相关《Best Practice Transparent Bridge.docx(7页珍藏版)》请在冰豆网上搜索。
BestPracticeTransparentBridge
McAfeeWebGateway7BestPracticesSeries
--TransparentBridge
VersionInformation
Ver.No.
Ver.Date
RevisedBy
Description
0.1
01Dec,2011
JunlongLu
Firstdraft
Introduction
Thepurposeofthisdocumentistoprovideabestpracticeguidearoundtransparentdeployment,byfollowthisguide,MWGcanbedeployedintransparentbridgemodein‘Plug-and-Play’manner.
Diagram:
TableofContents
1.Dateandtime:
4
1.1.Timezone4
2.Network:
5
2.1.ibr0ip5
2.2.Relationshipbetweenibr0ipandupstream/downstreamequipment5
2.3.Gatewayip5
3.Advancedproxiesconfig:
7
3.1.Hop-by-hopheaders7
3.2.Timeout:
7
4.CentralManagement:
8
4.1.Define‘noupdatetimewindow’8
5.GlobalWhitelist9
5.1.RemoveVIA,XFF9
6.CommanRules10
6.1.ProgressPage(modifydefaultbehavior)10
6.2.fileremain60Minsafterdownload10
7.GatewayAntimalware12
7.1.Bypasslargefilesthan5Mfromscanning12
1.Dateandtime:
1.1.Timezone
2.Network:
2.1.ibr0ip
"ibr0ip"shouldsamewith"ManagementIP"inProxiesconfig
2.2.Relationshipbetweenibr0ipandupstream/downstreamequipment
ibr0ipneedn’tbeinthesamesubnetwithupstream/downstreamequipment,inthiscircumstance“ipspoofing’MUSTbeenabled.
2.3.Gatewayip
Gatewayipshouldbeinthesamesubnetwithibr0ip,sinceibr0ipisrandomlyselected,sogatewayipalsoafakeip.
3.Advancedproxiesconfig:
3.1.Hop-by-hopheaders
Uncheckthecheckbox“HTTP(S):
RemoveallHop-By-Hopheaders”intheadvancessectionoftheproxyconfig
3.2.Timeout:
Initalconnection:
120;Connectiontimeout:
120
4.CentralManagement:
4.1.Define‘noupdatetimewindow’
Noupdatesshouldbemadeindefinedtimewindow:
08:
00:
00-18:
00:
00
5.GlobalWhitelist
5.1.RemoveVIA,XFF
6.CommanRules
6.1.ProgressPage(modifydefaultbehavior)
6.2.Fileremain60Minsafterdownload
7.GatewayAntimalware
7.1.Bypasslargefilesthan5Mfromscanning
升级会员 