The Barracuda NextGen Firewall X-Series can transparently scan HTTP, HTTPS, FTP, SMTP, and SMTPS traffic for malware. For in-depth scanning of more advanced malware for which there are no virus scanner patterns available, the X-Series Firewall can also scan traffic using Advanced Threat Detection. The following subscriptions are required to use Virus Scanning and ATP in the firewall:
- Energize Updates – Needed for virus scanner pattern updates.
- Web Security – Required for the virus scanning service.
- Advanced Threat Protection – This subscription is required to use ATP.
Virus protection for web traffic
To scan HTTP and HTTPS traffic for malware, configure an access rule to match your web traffic and enable Application Control, SSL Inspection (optional), and Virus Protection. If malware is detected, the file is discarded and the user is redirected to a customizable block page. SSL-encrypted HTTP and SMTP connections can be scanned only if SSL Inspection is enabled.
For more information, see How to Configure Virus Protection in the Firewall for Web Traffic.
Virus protection for FTP
To scan FTP traffic for malware, configure an access rule to match your web traffic and enable Application Control and Virus Protection. Since the FTP protocol does not include MIME-type information, all files are scanned. If malware is detected, the file is discarded and the file transfer is terminated. When malware in a FTP transfer is found, a local file is created by the FTP client before the transfer starts, so the user may see a file with 0 bytes or a small, partially downloaded file.
For more information, see How to Configure Virus Scanning in the Firewall for FTP Traffic.
Virus protection for mail traffic
The X-Series can scan incoming and outgoing SMTP and SMTPS mail traffic. To scan mail traffic, you must configure mail security in the firewall.
For more information, see Mail Security in the Firewall.
Advanced Threat Protection (ATP)
ATP scans HTTP, HTTPS, FTP, SMTP and SMTPS traffic for advanced malware on a per-access-rule basis. Malicious files are treated according to configurable policies. When malware is detected in HTTP and FTP traffic, the user/IP address who downloaded the malware is placed in quarantine. To use ATP you must have an Energize Updates, Web Security and Advanced Threat Protection subscription.
For more information, see Advanced Threat Protection (ATP/ATD).
Default MIME types
Only the MIME types listed in the Virus Protection configuration are scanned. The X-Series Firewall comes with a preconfigured list of MIME types: