About ip routing, About intrusion prevention, About ip routing about intrusion prevention – Symantec Critical System User Manual

24 Planning the installation

About IP routing

About IP routing

As bastion hosts, firewalls traditionally incorporate some form of network
address translation (NAT) between the two networks that the firewall bridges.
For example, the management server may be on an internal network while the
Agents are in a DMZ network, with a firewall between the two networks.
Typically, the internal network IP addresses are hidden from the DMZ network,
and are not routable from the DMZ network.

To allow the agents in the DMZ network to communicate with the management
server on the internal network, use a DMZ IP address to represent the
management server. Then, configure the firewall or router to forward requests
for this IP address and port to the real, internal IP address of the management
server. Open the agent port only if the agents are in a DMZ. Finally, configure
the name database on the DMZ network to return the DMZ IP address for the
management server instead of the internal IP address.

About intrusion prevention

The Symantec Critical System Protection agent installation kit includes an
enable intrusion prevention option. When the enable intrusion prevention
option is selected, the prevention features of Symantec Critical System
Protection are enabled for the agent. The IPS drivers are loaded on the agent
computer, and the agent accepts prevention policies from the management
console.

When the enable intrusion prevention option is not selected, the prevention
features of Symantec Critical System Protection are completely disabled for the
agent. The IPS drivers are not loaded on the agent computer, and the agent does
not accept prevention policies from the management console.

Symantec strongly recommends that you enable the intrusion prevention option
when installing agents. Changing this option after installation (to disable or re-
enable it) requires logging on to the agent computer, running the Agent Config
Tool, and rebooting the agent computer.

If you are only interested in the detection features of Symantec Critical System
Protection, Symantec recommends that you select the enable intrusion
prevention option during agent installation, and use the Null prevention policy
to avoid any blocking. If you later decide to use the prevention features of
Symantec Critical System Protection, then you simply apply one of the
prevention policies that are included with the product. Applying a policy
requires no logging onto the agent computer, no running the agent config tool,
no rebooting the agent computer.