The NextGen Firewall X-Series scans web traffic for malware on a per-access-rule basis when Virus Protection is enabled. If a user downloads a file containing malware, the firewall detects and discards the infected file and redirects the user to a customizable block page. You can combine Virus Protection with SSL Inspection to also scan HTTPS connections.
Before you begin
- To scan HTTPS traffic, enable SSL Inspection. For more information, see How to Configure SSL Inspection.
Step 1. Enable Virus Protection in the firewall
Enable Application Control and Virus Protection.
Go to the FIREWALL > Settings page.
- In the Firewall Policy Settings section, enable TCP Stream Reassembly.
Make sure that Application Control is enabled.
In the Virus Protection section,
Set Enable Virus Protection to Yes.
Set Enable for HTTP & HTTPS to Yes.
(optional) Click Show to configure Advanced Options:
Change the default behavior If Virus Scanner is not available.
Block All – (default) Block all files.
Allow All – All pages will be allowed.
- Configure the following settings:
- Block Large Files / Large File Limit – To block files that exceed the Large File Limit, enable Block Large Files.The large file policy is set to a sensible value for your appliance. The maximum value is 1024 MB. If disabled, large files will not be scanned. Instead, they will be delivered directly to the client.
- Scanned MIME Types – If applicable, you can add MIME types of files you want the X-Series Firewall to scan to the Scanned MIME Types list. To add a file type, enter the file path and click +. To remove a file type, click - next to the file entry in the list. Click Reset to Defaults to restore the default list. For more information, see Default MIME Types in Virus Protection in the Firewall.
- Exemptions – Define exemptions from scanning based on IP addresses and hostnames.
- Archives – Enable, to scan archives and block archive files that are encrypted and cannot be scanned.
- Data Trickling – Change how fast and how much data is transmitted. Change these settings if your browser times out while waiting for the file to be scanned.
- Click Save.
Click Save.
Step 2. Enable Virus Protection in access rules
Create or edit an access rule for the HTTP / HTTPS connections that you want to apply Virus Protection to. Virus Protection can be enabled for all Allow and DNAT rules.
- Go to FIREWALL > Firewall Rules.
- Create an access rule with the following settings:
- Action – Select Allow.
- Connection – Select Dynamic SNAT.
- Source – Select Trusted LAN, and click +.
- Network Services – Select HTTP+S, and click +.
- Destination – Select Internet, and click +.
Enable Application Control and Virus Protection.
(optional) Enable SSL Inspection.
- Click Save.
Monitoring and testing
You can test the virus scanner setup by downloading EICAR test files from http://www.eicar.com. The block page is customizable. For more information, see Custom Block Pages.
To monitor detected viruses and malware, go to the BASIC > Recent Threats page.