Address translation will use the default automatic setting so that NAT will be automatically
selected and an Anti-Virus Profile object will be used to define the virus scanning.
The Service object http is used in this example. If a configuration was upgraded from a
NetDefendOS version prior to 11.01, then the http service can be used if its protocol property is
set to HTTP but the predefined service http-outbound could also be used instead if it is still
present.
Command-Line Interface
First, set up an Anti-Virus Policy object:
gw-world:/> add Policy AntiVirusPolicy Name=av_audit_profile AuditMode=Yes
Next, define the IP Policy object:
gw-world:/> add IPPolicy SourceInterface=lan
SourceNetwork=lan_net
DestinationInterface=wan
DestinationNetwork=all-nets
Service=http
Name=lan_to_wan
Action=Allow
AntiVirus=Yes
AV_Policy=av_audit_profile
Web Interface
First, set up an Anti-Virus Profile object:
1. Go to: Policies > Firewalling > Anti-Virus > Add > Anti-Virus Profile
2. Now enter:
• Name: av_audit_profile
• Enable the setting Audit Mode
3. Select OK
Next, define the IP Policy object:
1. Go to: Policies > Firewalling > Add > IP Policy
2. Now enter:
• Name: lan_to_wan
• Action: Allow
• Source Interface: lan
• Source Network: lan_net
• Destination Interface: wan
• Destination Network: all-nets
• Service: http-outbound
Chapter 6: Security Mechanisms
549
To Next Page
Loading...
