It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

How to Configure Virus Protection in the Firewall for Web Traffic

  • Last updated on

The NextGen Firewall X-Series scans web traffic for malware on a per-access-rule basis when Virus Protection is enabled. If a user downloads a file containing malware, the firewall detects and discards the infected file and redirects the user to a customizable block page. You can combine Virus Protection with SSL Inspection to also scan HTTPS connections.

virus_protection_http_68_01.png

Before you begin

Step 1. Enable Virus Protection in the firewall

Enable Application Control and Virus Protection.

  1. Go to the FIREWALL > Settings page.

  2. In the Firewall Policy Settings section, enable TCP Stream Reassembly.
  3. Make sure that Application Control is enabled.

  4. In the Virus Protection section, 

    1. Set Enable Virus Protection to Yes.

    2. Set Enable for HTTP & HTTPS to Yes.
      virus_protection_http_68_02.png 

  5. (optional) Click Show to configure Advanced Options:

    Changing settings for the virus scanner also affects virus scanning for mail traffic.

    1. Change the default behavior If Virus Scanner is not available.

      • Block All – (default) Block all files.

      • Allow All –  All pages will be allowed.

    2. Configure the following settings:
      • Block Large Files / Large File Limit – To block files that exceed the Large File Limit, enable Block Large Files.The large file policy is set to a sensible value for your appliance. The maximum value is 1024 MB. If disabled, large files will not be scanned. Instead, they will be delivered directly to the client.
      • Scanned MIME TypesIf applicable, you can add MIME types of files you want the X-Series Firewall to scan to the Scanned MIME Types list.  To add a file type, enter the file path and click +. To remove a file type, click - next to the file entry in the list. Click Reset to Defaults to restore the default list. For more information, see Default MIME Types in Virus Protection in the Firewall.
      • ExemptionsDefine exemptions from scanning based on IP addresses and hostnames.
      • Archives – Enable, to scan archives and block archive files that are encrypted and cannot be scanned.
      • Data Trickling – Change how fast and how much data is transmitted. Change these settings if your browser times out while waiting for the file to be scanned.
    3. Click Save.
  6. Click Save.

Step 2. Enable Virus Protection in access rules

Create or edit an access rule for the HTTP / HTTPS connections that you want to apply Virus Protection to. Virus Protection can be enabled for all Allow and DNAT rules.

  1. Go to FIREWALL > Firewall Rules.
  2. Create an access rule with the following settings:
    • Action – Select Allow.
    • Connection – Select Dynamic SNAT.
    • Source – Select Trusted LAN, and click +.
    • Network Services – Select HTTP+S, and click +.
    • Destination –  Select Internet, and click +.
  3. Enable Application Control and Virus Protection.

  4. (optional) Enable SSL Inspection.
    virus_protection_http_68_03.png 

  5. Click Save.

Monitoring and testing

You can test the virus scanner setup by downloading EICAR test files from http://www.eicar.com. The block page is customizable. For more information, see Custom Block Pages.

virus_protection_http_68_04.png

To monitor detected viruses and malware, go to the BASIC > Recent Threats page.

virus_protection_http_68_05.png