Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MALWARE AND CONTENT SCANNING

the course is saying that its recommended to use "Malware and content scanning" instead of "Filtering common web ports" So ive done some testing to check if malware will be blocked if i'll set only "malware and content scanning" unfortunately, files sended with no  problem. Ive attached screens from policy of FW rule and ssl/tls rule. Also ive added via Console non-standard port for https and ftp <- but ftp is a different story. 

 

 

BUT if im setting options below(screenshot) it does working. Tested malware are blocked and i can see it in the LOGS.



This thread was automatically locked due to age.
Parents Reply Children
  • I was upgrading it from SFOS 17.5.9 MR-9 to 18 ;)

    I assume that DPI - you have toggled only thoe options as below ? 

    6523.Przechwytywanie2.PNG

    I have done some testing and Malware is blocked only if the security settings are as below, ive try different options but no luck... Im not sure if it must working as is below. Regarding to courses - i think that not ;)

    7870.Przechwytywanie5.PNG

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • Roman,

    the configuration are fine. On my box, malwares are stopped. Can you check that the IPS service is on inside System Services menu?

  • Yes. IPS service is up and running. ;) I 'll reboot today the fw - you know sometimes it helps :D

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • Can you determine if malware is allowed through on HTTP and HTTPS?  Or if it is blocked on HTTP but not HTTPS.  

    Respectfully, 

     

    Badrobot

     

  • Well, i dont really understand what are you asking for. If im undertstanding you correctly then - My service is working on non-standard HTTPS port(8443) Im not using unencrypted traffic to my server. How i did my testing ? From my PHONE(WAN - PublicIP_LTE) ive lunched an up (QFILE) and uploading a tested malware file, THATS ALL ;) all the rest as metnioned above ^^

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • The Proxy is only used for Internal to external communication.

    You cannot rely on the Proxy for external to internal communication.

    For such services, you need a reverse proxy (WAF).

    So you need to configure the WAF. 

    __________________________________________________________________________________________________________________

  • Really a WAF ? 8443 is used for various services in this case im using for a file transfer. Im using DDNS service example: "somename.ddns.myqnapcloud.com" or "somename.ddns.net" all is on port 8443. this port is also used for managment,  server is a QNAP DEVICE. ;) If should using WAF can you point for some "hot to" ? ;)

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • Roman, Luca is correct. Traffic from lan to wan is filtered by proxy. From wan to lan by reverse proxy. This is not a Sophos limitation but how the protocol works.

    You can filter and apply Ips filter from lan to wan and viceversa but ips can stop only certain malware.

  • Really. So you are tring to say im not able to bloc or scan a traffic from WAN to LAN on a specific port ?? I dont wanna to advertised other solution but on FORTIGATE devices it works excelent so "limitations is not cuzed by a protocol" beside that. So why malware is blocked when im not using DPI but only Webproxy and im uploading  a file from WAN. ? Cant it be done by WAF ? Sophos XG which im using is for HOME USAGE. So im ok if ssl traffic from will inspected via cert from sophos appliance_CA

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • Roman on Fortigate you can scan: http, imap,pop3, smtp,smb,ftp and nntp.