3. Select the TCP in the Type dropdown list
4. Enter 80 in the Destination Port textbox
5. Select the HTTP ALG just created in the ALG dropdown list
6. Click OK
C. Finally, modify the NAT rule (called NATHttp in this example) to use the new service:
1. Go to: Policies
2. Select the NAT rule handling the traffic between lannet and all-nets
3. Click the Service tab
4. Select the new service, http_anti_virus, in the predefined Service dropdown list
5. Click OK
Anti-virus scanning is now activated for all web traffic from lannet to all-nets.
Activating Anti-Virus Scanning with IP Policies
Anti-virus scanning can be enabled for an IP Policy object without using an ALG. This provides a
more direct method of activation which can be combined with the other options available in an
IP policy such as traffic shaping and file control. When setting up the IP policy, the anti-virus
option can be enabled in one of two ways:
• The anti-virus scanning options can be configured directly as properties of the IP policy.
• An Anti-Virus Profile object can first be created which defines the properties for anti-virus
scanning. This profile can then be used repeatedly with different IP policies.
Note: The service object needs the protocol property defined
Whenever anti-virus is to be used with an IP policy, the service object selected for the IP
policy must have a value assigned to its Protocol property. The protocol assigned must
support anti-virus scanning.
A custom or predefined service could be used with the IP policy. Only some predefined
service objects in NetDefendOS have this property already set. If this property is not set,
the anti-virus controls will be disabled in the Web Interface.
IP policies are described further in Section 3.6.7, “IP Policy”.
Example 6.29. Activating Anti-Virus with an IP Policy
In this example, HTTP connections will be allowed from the internal lan_net network on the lan
interface to the public Internet via the wan interface. HTTP downloads will be scanned for viruses
but only in audit mode so no files will be dropped.
Chapter 6: Security Mechanisms
548
To Next Page
Loading...
