5.
This second reconfiguration causes another failover so the passive unit reverts back to being
active again.
These steps result in both NetDefend Firewalls in a cluster having updated databases and with the
original active/passive roles. For more information about HA clusters refer to Chapter 11, High
Availability.
Anti-Virus with ZoneDefense
Anti-Virus triggered ZoneDefense is a feature for isolating virus infected hosts and servers on a
local network. While the virus scanning firewall takes care of blocking inbound infected files from
reaching the local network, ZoneDefense can be used for stopping viruses to spread from an already
infected local host to other local hosts. When the NetDefendOS virus scanning engine has detected a
virus, the NetDefend Firewall will upload blocking instructions to the local switches and instruct
them to block all traffic from the infected host or server.
Since ZoneDefense blocking state in the switches is a limited resource, the administrator has the
possibility to configure which hosts and servers that should be blocked at the switches when a virus
has been detected.
For example: A local client downloads an infected file from a remote FTP server over the Internet.
NetDefendOS detects this and stops the file transfer. At this point, NetDefendOS has blocked the
infected file from reaching the internal network. Hence, there would be no use in blocking the
remote FTP server at the local switches since NetDefendOS has already stopped the virus. Blocking
the server's IP address would only consume blocking entries in the switches.
For NetDefendOS to know which hosts and servers to block, the administrator has the ability to
specify a network range that should be affected by a ZoneDefense block. All hosts and servers that
are within this range will be blocked.
The feature is controlled through the Anti-Virus configuration in the ALGs. Depending on the
protocol used, there exist different scenarios of how the feature can be used.
For more information about this topic refer to Chapter 12, ZoneDefense.
Example 6.19. Activating Anti-Virus Scanning
This example shows how to setup an Anti-Virus scanning policy for HTTP traffic from lannet to all-nets. We will
assume there is already a NAT rule defined in the IP rule set to NAT this traffic.
Command-Line Interface
First, create an HTTP Application Layer Gateway (ALG) Object with Anti-Virus scanning enabled:
gw-world:/> set ALG ALG_HTTP anti_virus Antivirus=Protect
Next, create a Service object using the new HTTP ALG:
gw-world:/> add ServiceTCPUDP http_anti_virus
Type=TCP
DestinationPorts=80
ALG=anti_virus
Finally, modify the NAT rule to use the new service:
gw-world:/> set IPRule NATHttp Service=http_anti_virus
Web Interface
A. First, create an HTTP ALG Object:
1.
Go to: Objects > ALG > Add > HTTP ALG
6.4.6. Anti-Virus Options
Chapter 6. Security Mechanisms
347
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...