McAfee Groupshield – Adding Email Disclaimers
KB ID 0000432 Problem With Exchange 2007 and 2010 you can add a disclaimer with a transport rule. But if you are still using Exchange 2003 then you don’t have that luxury. I had a client with a broken Groupshield 6 installation today, and his main concern was his disclaimers. (You can longer get Groupshield 6 so I had to install version 7). Solution 1. Open the Groupshield console. 2. Select Policy Manager > Gateway >...
Cisco Router – Configure Site to Site IPSEC VPN
KB ID 0000933 Problem I’ve done thousands of firewall VPN’s but not many that terminate on Cisco Routers. It’s been a few years since I did one, and then I think I was a wuss and used the SDM. So when I was asked to do one last week thankfully I had the configs ready to go. I’m going to use the IP addresses above, and my tunnel will use the following settings; Encryption: AES. Hashing: SHA. Diffie Hellman:...
VPN Problem Cisco PIX v6 to Cisco ASA 5500
KB ID 0000761 Problem I found this out purely by accident today, while replacing an old PIX 506E that had died with an ASA 5505. The client’s other site still had a PIX 506E (Running 6.3(5)). I was setting up the VPN, and noticed something that WOULD have been a problem if I had not spotted it. Solution Essentially the older PIX firewalls are set for 3DES encryption, MD5 Hashing and Diffie Hellman 2. After version 8.4 the ASA...
Cisco CSC Module – Stop it scanning its own update traffic
KB ID 0000156 Problem The CSC module when it’s installed in your firewall and running, by default scans all traffic in and out including all its own updates and web traffic, this can cause quite a performance hit, to stop this happening exempt the CSC modules traffic from being scanned. NOTE: your access-lists and port groups may well have different names, so I’ll list all the commands to chase them though the...
Cisco ASA 5500 – Install and Configure a CSC Module
KB ID 0000731 Problem The Cisco CSC module provides ‘in line’ scanning of POP3, SMTP, HTTP and FTP traffic, to protect against viruses but also for anti spam and anti phish (with the correct licensing). If you are familiar with Trend products, you will like it, (because that’s what it runs), and the interface is much the same as Trend IWSS. It is a hardware device that plugs into the back of the ASA, and comes in...