Configuring the ASA CSC Module
This chapter describes how to configure the Content Security and Control (CSC) application that is installed in a CSC SSM in the ASA.
This chapter includes the following sections:
•Information About the CSC SSM
•Licensing Requirements for the CSC SSM
•Prerequisites for the CSC SSM
•Guidelines and Limitations
•Configuring the CSC SSM
•Monitoring the CSC SSM
•Troubleshooting the CSC Module
•Where to Go Next
•Feature History for the CSC SSM
Information About the CSC SSM
Some ASA models support the CSC SSM, which runs Content Security and Control software. The CSC SSM provides protection against viruses, spyware, spam, and other unwanted traffic by scanning the FTP, HTTP/HTTPS, POP3, and SMTP packets that you configure the ASA to send to it.
For more information about the CSC SSM, see the following URL:
Figure 64-1 shows the flow of traffic through an ASA that has the following:
•A CSC SSM installed and configured.
•A service policy that determines what traffic is diverted to the CSC SSM for scanning.
In this example, the client could be a network user who is accessing a website, downloading files from an FTP server, or retrieving mail from a POP3 server. SMTP scans differ in that you should configure the ASA to scan traffic sent from the outside to SMTP servers protected by the ASA.
Flow of Scanned Traffic with the CSC SSM
You use ASDM for system setup and monitoring of the CSC SSM. For advanced configuration of content security policies in the CSC SSM software, you access the web-based GUI for the CSC SSM by clicking links within ASDM. The CSC SSM GUI appears in a separate web browser window. To access the CSC SSM, you must enter the CSC SSM password. To use the CSC SSM GUI, see the Cisco Content Security and Control (CSC) SSM Administrator Guide.
Note ASDM and the CSC SSM maintain separate passwords. You can configure their passwords to be identical; however, changing one of these two passwords does not affect the other password.
The connection between the host running ASDM and the ASA is made through a management port on the ASA. The connection to the CSC SSM GUI is made through the SSM management port. Because these two connections are required to manage the CSC SSM, any host running ASDM must be able to reach the IP address of both the ASA management port and the SSM management port.
Figure 64-2 shows an ASA with a CSC SSM that is connected to a dedicated management network. While use of a dedicated management network is not required, we recommend it. In this configuration, the following items are of particular interest:
•An HTTP proxy server is connected to the inside network and to the management network. This HTTP proxy server enables the CSC SSM to contact the Trend Micro Systems update server.
•The management port of the ASA is connected to the management network. To allow management of the ASA and the CSC SSM, hosts running ASDM must be connected to the management network.
•The management network includes an SMTP server for e-mail notifications for the CSC SSM and a syslog server to which the CSC SSM can send syslog messages.
CSC SSM Deployment with a Management Network
Determining What Traffic to Scan
The CSC SSM can scan FTP, HTTP/HTTPS, POP3, and SMTP traffic only when the destination port of the packet requesting the connection is the well-known port for the specified protocol. The CSC SSM can scan only the following connections:
•FTP connections opened to TCP port 21.
•HTTP connections opened to TCP port 80.
•HTTPS connections opened to TCP port 443.
•POP3 connections opened to TCP port 110.
•SMTP connections opened to TCP port 25.
You can choose to scan traffic for all of these protocols or any combination of them. For example, if you do not allow network users to receive POP3 e-mail, do not configure the ASA to divert POP3 traffic to the CSC SSM. Instead, block this traffic.
To maximize performance of the ASA and the CSC SSM, divert only the traffic to the CSC SSM that you want the CSC SSM to scan. Diverting traffic that you do not want scanned, such as traffic between a trusted source and destination, can adversely affect network performance.
Note When traffic is first classified for CSC inspection, it is flow-based. If traffic is part of a pre-existing connection, the traffic goes directly to the service policy set for that connection.
You can apply service policies that include CSC scanning globally or to specific interfaces; therefore, you can choose to enable CSC scans globally or for specific interfaces. For more information, see the "Determining Service Policy Rule Actions for CSC Scanning" section.
Based on the configuration shown in Figure 64-3, configure the ASA to divert to the CSC SSM only requests from clients on the inside network for HTTP, FTP, and POP3 connections to the outside network, and incoming SMTP connections from outside hosts to the mail server on the DMZ network. Exclude from scanning HTTP requests from the inside network to the web server on the DMZ network.
Figure 64-3 Common Network Configuration for CSC SSM Scanning
There are many ways you could configure the ASA to identify the traffic that you want to scan. One approach is to define two service policies: one on the inside interface and the other on the outside interface, each with access lists that match traffic to be scanned.
Figure 64-4 shows service policy rules that select only the traffic that the ASA should scan.
Figure 64-4 Optimized Traffic Selection for CSC Scans
In the inside-policy, the first class, inside-class1, ensures that the ASA does not scan HTTP traffic between the inside network and the DMZ network. The Match column indicates this setting by displaying the "Do not match" icon. This setting does not mean the ASA blocks traffic sent from the 192.168.10.0 network to TCP port 80 on the 192.168.20.0 network. Instead, this setting exempts the traffic from being matched by the service policy applied to the inside interface, which prevents the ASA from sending the traffic to the CSC SSM.
The second class of the inside-policy, inside-class matches FTP, HTTP, and POP3 traffic between the inside network and any destination. HTTP connections to the DMZ network are exempted because of the inside-class1 setting. As previously mentioned, policies that apply CSC scanning to a specific interface affect both incoming and outgoing traffic, but by specifying 192.168.10.0 as the source network, inside-class1 matches only connections initiated by the hosts on the inside network.
In the outside-policy, outside-class matches SMTP traffic from any outside source to the DMZ network. This setting protects the SMTP server and inside users who download e-mail from the SMTP server on the DMZ network, without having to scan connections from SMTP clients to the server.
If the web server on the DMZ network receives files uploaded by HTTP from external hosts, you can add a rule to the outside policy that matches HTTP traffic from any source to the DMZ network. Because the policy is applied to the outside interface, the rule would only match connections from HTTP clients outside the ASA.
Licensing Requirements for the CSC SSM
•Base License—Supports SMTP virus scanning, POP3 virus scanning and content filtering, web mail virus scanning, HTTP file blocking, FTP virus scanning and file blocking, logging, and automatic updates. Supports two contexts.
Optional licenses: 5 contexts.
•Security Plus License—Supports the Base license features, plus SMTP anti-spam, SMTP content filtering, POP3 anti-spam, URL blocking, and URL filtering. Supports two contexts.
Optional license: 5 contexts.
Base License—Supports all features. Supports two contexts.
Optional licenses: 5, 10, or 20 contexts.
Base License—Supports all features. Supports two contexts.
Optional licenses: 5, 10, 20, or 50 contexts.
All other models
Prerequisites for the CSC SSM
The CSC SSM has the following prerequisites:
•A CSC SSM card must be installed in the ASA.
•A Product Authorization Key (PAK) for use in registering the CSC SSM.
•Activation keys that you receive by e-mail after you register the CSC SSM.
•The management port of the CSC SSM must be connected to your network to allow management and automatic updates of the CSC SSM software.
•The CSC SSM management port IP address must be accessible by the hosts used to run ASDM.
•You must obtain the following information to use in configuring the CSC SSM:
–The CSC SSM management port IP address, netmask, and gateway IP address.
–DNS server IP address.
–HTTP proxy server IP address (needed only if your security policies require the use of a proxy server for HTTP access to the Internet).
–Domain name and hostname for the CSC SSM.
–An e-mail address and an SMTP server IP address and port number for e-mail notifications.
–E-mail address(es) for product license renewal notifications.
–IP addresses of hosts or networks that are allowed to manage the CSC SSM. The IP addresses for the CSC SSM management port and the ASA management interface can be in different subnets.
–Password for the CSC SSM.
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context modes.
Firewall Mode Guidelines
Supported in routed and transparent firewall modes.
Does not support sessions in Stateful Failover. The CSC SSM does not maintain connection information, and therefore cannot provide the failover unit with the required information. The connections that a CSC SSM is scanning are dropped when the ASA in which the CSC SSM is installed fails. When the standby ASA becomes active, it forwards the scanned traffic to the CSC SSM and the connections are reset.
Does not support IPv6.
Supported on the ASA 5510, ASA 5520, and ASA 5540 only.
You cannot change the software type installed on the module; if you purchase a CSC module, you cannot later install IPS software on it.
Table 64-1 lists the default settings for the CSC SSM.
Table 64-1 Default CSC SSM Parameters
FTP inspection on the ASA
All features included in the license(s) that you have purchased
Configuring the CSC SSM
This section describes how to configure the CSC SSM and includes the following topics:
•Before Configuring the CSC SSM
•Connecting to the CSC SSM
•Determining Service Policy Rule Actions for CSC Scanning
Before Configuring the CSC SSM
Before configuring the ASA and the CSC SSM, perform the following steps:
Step 1 If the CSC SSM did not come preinstalled in a Cisco ASA, install it and connect a network cable to the management port of the SSM. For assistance with installation and connecting the SSM, see the Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide.
The management port of the CSC SSM must be connected to your network to allow management of and automatic updates to the CSC SSM software. Additionally, the CSC SSM uses the management port for e-mail notifications and syslog messages.
Step 2 You should have received a Product Authorization Key (PAK) with the CSC SSM. Use the PAK to register the CSC SSM at the following URL.
After you register, you receive activation keys by e-mail. The activation keys are required before you can complete Step 6.
Step 3 Obtain the following information for use in Step 6:
•CSC SSM management port IP address, netmask, and gateway IP address
•DNS server IP address
•HTTP proxy server IP address (needed only if your security policies require the use of a proxy server for HTTP access to the Internet)
•Domain name and hostname for the CSC SSM
•An e-mail address, and SMTP server IP address and port number for e-mail notifications
•E-mail address(es) for product license renewal notifications
•IP addresses of hosts or networks that are allowed to manage the CSC SSM
•Password for the CSC SSM
Step 4 In a web browser, access ASDM for the ASA in which the CSC SSM is installed.
Note If you are accessing ASDM for the first time, see the "Additional References" section.
For more information about enabling ASDM access, see the "Configuring ASA Access for ASDM, Telnet, or SSH" section.
Step 5 Verify time settings on the ASA. Time setting accuracy is important for logging of security events and for automatic updates of CSC SSM software. Do one of the following:
•If you manually control time settings, verify the clock settings, including time zone. Choose Configuration > Properties > Device Administration > Clock.
•If you are using NTP, verify the NTP configuration. Choose Configuration > Properties > Device Administration > NTP.
Step 6 Open ASDM.
Step 7 Connect to and log in to the CSC SSM. For instructions, see the "Connecting to the CSC SSM" section.
Step 8 Run the CSC Setup Wizard.
•To access the CSC Setup Wizard, choose Configuration > Trend Micro Content Security > CSC Setup > Wizard Setup > Launch Setup Wizard.
•If you are rerunning the CSC Setup Wizard, perform the same step listed in the previous bullet.
The CSC Setup Wizard appears.
Step 9 Complete the CSC Setup Wizard, which includes configuration of service policies to divert traffic that you want scanned to the CSC SSM.
Note If you create a global service policy to divert traffic for CSC scans, all traffic (inbound and outbound) for the supported protocols is scanned. To maximize performance of the ASA and the CSC SSM, scan traffic only from untrusted sources.
Step 10 To reduce the load on the CSC SSM, configure the service policy rules that send packets to the CSC SSM to support only HTTP/HTTPS, SMTP, POP3, or FTP traffic. For instructions, see the "Determining Service Policy Rule Actions for CSC Scanning" section.
Step 11 (Optional) Review the default content security policies in the CSC SSM GUI, which are suitable for most implementations. You review the content security policies by viewing the enabled features in the CSC SSM GUI. For the availability of features, see the "Licensing Requirements for the CSC SSM" section. For the default settings, see the "Default Settings" section.
What to Do Next
See the "Connecting to the CSC SSM" section.
Connecting to the CSC SSM
With each session you start in ASDM, the first time you access features related to the CSC SSM, you must specify the management IP address and provide the password for the CSC SSM. After you successfully connect to the CSC SSM, you are not prompted again for the management IP address and password. If you start a new ASDM session, the connection to the CSC SSM is reset and you must specify the IP address and the CSC SSM password again. The connection to the CSC SSM is also reset if you change the time zone on the ASA.
Note The CSC SSM has a password that is maintained separately from the ASDM password. You can configure the two passwords to be identical, but changing the CSC SSM password does not affect the ASDM password.
To connect to the CSC SSM, perform the following steps:
Step 1 In the ASDM main application window, click the Content Security tab.
Step 2 In the Connecting to CSC dialog box, click one of the following radio buttons:
•To connect to the IP address of the management port on the SSM, click Management IP Address. ASDM automatically detects the IP address for the SSM in the ASA. If this detection fails, you can specify the management IP address manually.
•To connect to an alternate IP address or hostname on the SSM, click Other IP Address or Hostname.
Step 3 Enter the port number in the Port field, and then click Continue.
Step 4 In the CSC Password field, type your CSC password, and then click OK.
Note If you have not completed the CSC Setup Wizard (choose Configuration > Trend Micro Content Security > CSC Setup > Wizard Setup), complete the configuration in the CSC Setup Wizard, which includes changing the default password, "cisco."
For ten minutes after you have entered the password, you do not need to reenter the CSC SSM password to access other parts of the CSC SSM GUI.
Step 5 To access the CSC SSM GUI, choose Configuration > Trend Micro Content Security, and then click one of the following tabs: Web, Mail, File Transfer, or Updates.
What to Do Next
See the "Determining Service Policy Rule Actions for CSC Scanning" section.
Determining Service Policy Rule Actions for CSC Scanning
The CSC SSM scans only HTTP/HTTPS, SMTP, POP3, and FTP traffic. If your service policy includes traffic that supports other protocols in addition to these four, packets for other protocols are passed through the CSC SSM without being scanned. You should configure the service policy rules that send packets to the CSC SSM to support only HTTP/HTTPS, SMTP, POP3, or FTP traffic.
The CSC Scan tab in the Add Service Policy Rule Wizard lets you determine whether or not the CSC SSM scans traffic identified by the current traffic class. This tab appears only if a CSC SSM is installed in the ASA.
To configure service policy rules for CSC scanning, perform the following steps:
Step 1 In the ASDM main application window, choose Configuration > Firewall > Service Policy Rules.
Step 2 On the toolbar, click Add.
The Add Service Policy Rule Wizard screen appears.
Step 3 Click the Global - applies to all interfaces option, and then click Next.
The Traffic Classification Criteria screen appears.
Step 4 Click the Create a new traffic class option, type a name for the traffic class in the adjacent field, check the Any traffic check box, and then click Next.
The Rule Actions screen appears.
Step 5 Click the CSC Scan tab, and then check the Enable CSC scan for this traffic flow check box.
Step 6 Choose whether the ASA should permit or deny selected traffic to pass if the CSC SSM is unavailable by making the applicable selection in the area labeled: If CSC card fails, then. When this check box is checked, the other parameters on this tab become active.
Step 7 In the If CSC card fails area, if the CSC SSM becomes inoperable, choose one of the following actions:
•To allow traffic, check the Permit traffic check box.
•To block traffic, check the Close traffic check box.
Step 8 Click Finish.
The new service policy rule appears in the Service Policy Rules pane.
Step 9 Click Apply.
The ASA begins diverting traffic to the CSC SSM, which performs the content security scans that have been enabled according to the license that you purchased.
What to Do Next
See the "Monitoring the CSC SSM" section.
Monitoring the CSC SSM
ASDM lets you monitor the CSC SSM statistics as well as CSC SSM-related features.
Note If you have not completed the CSC Setup Wizard in Configuration > Trend Micro Content Security > CSC Setup, you cannot access the panes under Monitoring > Trend Micro Content Security. Instead, a dialog box appears and lets you access the CSC Setup Wizard directly from Monitoring > Trend Micro Content Security.
This section includes the following topics:
•Live Security Events
•Live Security Events Log
To view information about various types of threats detected by the CSC SSM in a graph, perform the following steps:
Step 1 Choose Monitoring > Trend Micro Content Security > Threats.
The Available Graphs area lists the components whose statistics you can view in a graph. You can include a maximum of four graphs in one frame. The graphs display real-time data in 12-second intervals for the following:
•URLs filtered, URLs blocked
•Damage Cleanup Services
Step 2 The Graph Window Title lists the types of statistics available for monitoring. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time. The statistics already included in the graph window appear in the Selected Graphs list.
Step 3 To move the selected statistics type in the Available Graphs For list to the Selected Graphs list, click Add.
Step 4 To remove the selected statistics type from the Selected Graphs list, click Remove. The button name changes to Delete if the item you are removing was added from another pane, and is not being returned to the Available Graphs pane.
Step 5 To display a new window that shows a Graph tab and an updated graph with the selected statistics, click Show Graphs. Click the Table tab to display the same information in tabular form.
Step 6 From the Graph or Table tab, click Export in the menu bar or choose File > Export to save the graph or tabular information as a file on your local PC.
Step 7 From the Graph or Table tab, click Print in the menu bar or choose File > Print to print the information displayed in the window.
What to Do Next
See the "Live Security Events" section.
Live Security Events
To view live, real-time security events in a separate window, perform the following steps:
Step 1 Choose Monitoring > Trend Micro Content Security > Live Security Events.
The Buffer Limit field shows the maximum number of log messages that you may view. The default is 1000.
Step 2 Click View to display the Live Security Events Log dialog box. You can pause incoming messages, clear the message window, and save event messages. You can also search messages for specific text.
What to Do Next
See the "Live Security Events Log" section.
Live Security Events Log
To view live security events messages that are received from the CSC SSM, perform the following steps:
Step 1 To filter security event messages from the Filter By drop-down list, choose one of the following:
•Filter by Text, type the text, then click Filter.
•Show All, to display all messages or remove the filter.
Step 2 To use the Latest CSC Security Events pane, in which all columns are display-only, choose one of the following options:
•The time an event occurred.
•The IP address or hostname from which the threat came.
•The type of threat, or the security policy that determines event handling, or in the case of a URL filtering event, the filter that triggered the event.
•The subject of e-mails that include a threat, or the names of FTP files that include a threat, or blocked or filtered URLs.
•The recipient of e-mails that include a threat, or the IP address or hostname of a threatened node, or the IP address of a threatened client.
•The type of event (such as Web, Mail, or FTP), or the name of a user or group for HTTP or FTP events, which include a threat.
•The action taken upon the content of a message, such as cleaning attachments or deleting attachments.
•The action taken on a message, such as delivering it unchanged, delivering it after deleting the attachments, or delivering it after cleaning the attachments.
Step 3 To search security event messages based on the text that you enter, choose one of the following:
•In the Text field, enter the text to search for in the security event messages log, then click Find Messages.
•To find the next entry that matches the text you typed in this field, click Find.
Step 4 To pause scrolling of the Latest CSC Security Events pane, click Pause. To resume scrolling of the Latest CSC Security Events pane, click Resume.
Step 5 To save the log to a file on your PC, click Save.
Step 6 To clear the list of messages shown, click Clear Display.
Step 7 To close the pane and return to the previous one, click Close.
What to Do Next
See the "Software Updates" section.
To view information about CSC SSM software updates, choose Monitoring > Trend Micro Content Security > Software Updates.
The Software Updates pane displays the following information, which is refreshed automatically about every 12 seconds:
•The names of parts of the CSC SSM software that can be updated.
•The current version of the corresponding component.
•The date and time that the corresponding component was last updated. If the component has not been updated since the CSC SSM software was installed, None appears in this column.
•The date and time that ASDM last received information about CSC SSM software updates.
What to Do Next
See the "CSC CPU" section.
The ASA lets you monitor CSC SSM status, including CPU resources and memory usage. This section includes the following topics:
To view CPU usage by the CSC SSM in a graph, perform the following steps:
Step 1 Choose Monitoring > Trend Micro Content Security > Resource Graphs > CSC CPU.
The CSC CPU pane displays the components whose statistics you can view in a graph, including statistics for CPU usage on the CSC SSM.
Step 2 To continue, go to Step 2 of the "Threats" section.
What to Do Next
See the "CSC Memory" section.
To view information about memory usage on the CSC SSM in a graph, perform the following steps:
Step 1 Choose Monitoring > Trend Micro Content Security > Resource Graphs > CSC Memory.
The Available Graphs area lists the components whose statistics you can view in a graph, including the following:
•The amount of memory not in use.
•The amount of memory in use.
Step 2 To continue, go to Step 2 of the "Threats" section.
Troubleshooting the CSC Module
This section includes procedures that help you recover or troubleshoot the module and includes the following topics:
•Installing an Image on the Module
•Resetting the Password
•Reloading or Resetting the Module
•Shutting Down the Module
Note This section covers all ASA module types; follow the steps appropriate for your module.
Installing an Image on the Module
If the module suffers a failure, and the module application image cannot run, you can reinstall a new image on the module from a TFTP server.
Note Do not use the upgrade command within the module software to install the image.
Be sure the TFTP server that you specify can transfer files up to 60 MB in size.
Note This process can take approximately 15 minutes to complete, depending on your network and the size of the image.
hw-module module 1 recover configure
hostname# hw-module module 1 recover configure
Image URL [tftp://127.0.0.1/myimage]: tftp://10.1.1.1/ids-newimg
Port IP Address [127.0.0.2]: 10.1.2.10
Port Mask [255.255.255.254]: 255.255.255.0
Gateway IP Address [126.96.36.199]: 10.1.2.254
VLAN ID : 100
Specifies the location of the new image. This command prompts you for the URL for the TFTP server, the management interface IP address and netmask, gateway address, and VLAN ID (ASA 5505 only). These network parameters are configured in ROMMON; the network parameters you configured in the module application configuration are not available to ROMMON, so you must set them separately here.
You can view the recovery configuration using the show module 1 recover command.
In multiple context mode, enter this command in the system execution space.
hw-module module 1 recover boot
hostname# hw-module module 1 recover boot
Transfers the image from the TFTP server to the module and restarts the module.
hostname# show module 1 details
Checks the progress of the image transfer and module restart process.
The Status field in the output indicates the operational status of the module. A module operating normally shows a status of "Up." While the ASA transfers an application image to the module, the Status field in the output reads "Recover." When the ASA completes the image transfer and restarts the module, the newly transferred image is running.
Resetting the Password
You can reset the module password to the default. The default password is cisco. After resetting the password, you should change it to a unique value using the module application.
Resetting the module password causes the module to reboot. Services are not available while the module is rebooting.
If you cannot connect to ASDM with the new password, restart ASDM and try to log in again. If you defined a new password and still have an existing password in ASDM that is different from the new password, clear the password cache by choosing File > Clear ASDM Password Cache, then restart ASDM and try to log in again.
To reset the module password to the default of cisco, perform the following steps.
Step 1 From the ASDM menu bar, choose Tools > CSC Password Reset.
The Password Reset confirmation dialog box appears.
Step 2 Click OK to reset the password to the default.
A dialog box displays the success or failure of the password reset.
Step 3 Click Close to close the dialog box.
Reloading or Resetting the Module
To reload or reset the module, enter one of the following commands at the ASA CLI.
hw-module module 1 reload
hostname# hw-module module 1 reload
Reloads the module software.
hostname# hw-module module 1 reset
Performs a reset, and then reloads the module.
Shutting Down the Module
If you restart the ASA, the module is not automatically restarted. To shut down the module, perform the following steps at the ASA CLI.
hw-module module 1 shutdown
hostname# hw-module module 1 shutdown
Shuts down the module.
Where to Go Next
For instructions about how to use the CSC SSM GUI, see the Cisco Content Security and Control (CSC) SSM Administrator Guide.
For additional information related to implementing the CSC SSM, see the following documents:
Assistance with SSM hardware installation and connection to the ASA.
Accessing ASDM for the first time and assistance with the Startup Wizard.
Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide
Instructions on use of the CSC SSM GUI.
Additional licensing requirements of specific windows available in the CSC SSM GUI.
Reviewing the default content security policies in the CSC SSM GUI before modifying them or entering advanced configuration settings.
Cisco Content Security and Control (CSC) SSM Administrator Guide
Technical Documentation, Marketing, and Support-related information.
See the following URL:
Feature History for the CSC SSM
Table 64-2 lists each feature change and the platform release in which it was implemented. ASDM is backward-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed.
Table 64-2 Feature History for the CSC SSM
The CSC SSM runs Content Security and Control software, which provides protection against viruses, spyware, spam, and other unwanted traffic.
The CSC Setup Wizard enables you to configure the CSC SSM in ASDM.
We introduced the following screen: Configuration > Trend Micro Content Security > CSC Setup.
8.1(1) and 8.1(2)
This feature is not supported on the ASA 5580.
CSC syslog format
CSC syslog format is consistent with the ASA syslog format. Syslog message explanations have been added to the Cisco Content Security and Control (CSC) SSM Administrator Guide. The source and destination IP information has been added to the ASDM Log Viewer GUI. All syslog messages include predefined syslog priorities and cannot be configured through the CSC SSM GUI.
Clearing CSC events
Support for clearing CSC events in the Latest CSC Security Events pane has been added. We modified the following screen: Home > Content Security.
Support for the following features has been added:
•HTTPS traffic redirection: URL filtering and WRS queries for incoming HTTPS connections.
•Configuring global approved whitelists for incoming and outgoing SMTP and POP3 e-mail.
•E-mail notification for product license renewals.
We modified the following screens:
Configuration > Trend Micro Content Security > Mail > SMTP.
Configuration > Trend Micro Content Security > Mail > POP3.
Configuration > Trend Micro Content Security > Host/Notification Settings.
Configuration > Trend Micro Content Security > CSC Setup > Host Configuration.