Manuals / SonicWALL / Household Appliance / Humidifier

SonicWALL TZ 180 manual Updating SonicWALL GAV Signatures, Specifying Protocol Filtering

Models: TZ 180

1 40

Download 40 pages 19.53 Kb

Page 28

Updating SonicWALL GAV Signatures

TotalSecure Configuration Task List

Updating SonicWALL GAV Signatures

By default, the SonicWALL security appliance running SonicWALL GAV automatically checks the SonicWALL signature servers once an hour. There is no need for an administrator to constantly check for new signature updates. You can also manually update your SonicWALL GAV database at any time by clicking the Update button located in the Gateway Anti-Virus Status section.

SonicWALL GAV signature updates are secured. The SonicWALL security appliance must first authenticate itself with a pre-shared secret, created during the SonicWALL Distributed Enforcement Architecture licensing registration. The signature request is transported through HTTPS, along with full server certificate verification.

Specifying Protocol Filtering

Application-level awareness of the type of protocol that is transporting the violation allows SonicWALL GAV to perform specific actions within the context of the application to gracefully handle the rejection of the payload.

By default, SonicWALL GAV inspects all inbound HTTP, FTP, IMAP, SMTP and POP3 traffic. Generic TCP Stream can optionally be enabled to inspect all other TCP based traffic, such as non-standard ports of operation for SMTP and POP3, and IM and P2P protocols.

Note: Refer to “Protocol Handling” on page 9 for detailed descriptions of how SonicWALL GAV handles protocol traffic.

Enabling Inbound Inspection

Within the context of SonicWALL GAV, the Enable Inbound Inspection protocol traffic handling refers to the following:

•Non-SMTP traffic initiating from a Trusted, Wireless, or Encrypted Zone destined to any Zone.

•Non-SMTP traffic from a Public Zone destined to an Untrusted Zone.

•SMTP traffic initiating from a non-Trusted Zone destined to a Trusted, Wireless, Encrypted, or Public Zone.

•SMTP traffic initiating from a Trusted, Wireless, or Encrypted Zone destined to a Trusted, Wireless, or Encrypted Zone.

28 SonicWALL TZ 180 TotalSecure

Image 28

SonicWALL TZ 180 manual Updating SonicWALL GAV Signatures, Specifying Protocol Filtering, Enabling Inbound Inspection

Contents

What is TotalSecure? IntroductionDocument Scope Administrator’s GuideBenefits of TotalSecure SonicWALL Gateway Anti-Virus GAV OverviewHow Does GAV Work? BenefitsSonicWALL Gateway Anti-Virus 4SonicWALL TZ 180 TotalSecureSonicWALL GAV Multi-LayeredApproach NTERNAL .ETWORK 0ROTECTIONILEL$OWNLOAD 0ROTECTION $ESKTOP AND 3ERVER 0ROTECTIONRemote Site Protection Internal Network ProtectionSonicWALL Gateway Anti-Virus 6SonicWALL TZ 180 TotalSecureVirus Discarded Alert Logged HTTP File DownloadsVirus Discarded Alert Logged SonicWALL GAV Architecture Server ProtectionDisabling the SonicWALL GAV/IPS Engine Protocol HandlingSMTP POP3IMAP HTTPSonicWALL Intrusion Prevention Service IPS OverviewHow Does IPS Work? IM, P2P and Proprietary ProtocolsWhat is a Zone? SonicWALL Intrusion Prevention ServiceBenefits 12SonicWALL TZ 180 TotalSecureSonicWALL Anti-SpywareSecurity Service SonicWALL Anti-SpywareThe Spyware Threat BenefitsSonicWALL Anti-Spyware 14SonicWALL TZ 180 TotalSecureSonicWALL Content Filtering Service - Premium CFS OverviewHow Does CFS Premium Work? BenefitsSonicWALL Deep Packet Inspection DPI OverviewHow Does DPI Work? BenefitsFigure 1 Deep Packet Inspection Flow Diagram NPUTP0ACKET UTPUT 0ACKETSonicWALL Security Dashboard What is Security Dashboard?Security Dashboard Overview How Does the Security Dashboard Work? BenefitsSecurity Dashboard Overview SonicWALL Security Dashboard Figure 2 SonicWALL Security Dashboard20SonicWALL TZ 180 TotalSecure How Does the Security Dashboard Work? What is Security Dashboard?Benefits Registering Your Appliance on MySonicWALL Registering Your SonicWALL Security AppliancePage TotalSecure Configuration Task List Registering Your SonicWALL Security ApplianceEnabling SonicWALL GAV Setting Up SonicWALL GAV ProtectionApplying SonicWALL GAV Protection on Interfaces The Edit Zone Viewing SonicWALL GAV Status Information Updating SonicWALL GAV Signatures Specifying Protocol FilteringEnabling Inbound Inspection TotalSecure Configuration Task ListConfiguring Client Alerts and an Exclusion List Enabling Outbound SMTP InspectionConfiguring a SonicWALL GAV Exclusion List Configuring Client AlertsRestricting File Transfers Viewing SonicWALL GAV Signatures Displaying Signatures1.Enable SonicWALL Intrusion Prevention Service Navigating the Gateway Anti-VirusSignatures TableEnabling SonicWALL IPS 2.Specify the Priority attack GroupsFine-tuningthe IPS Enable IPS LoggingThe Brute-forceBaseline Setup Specifying Global Attack Level ProtectionSetting Up SonicWALL Anti-SpywareProtection 1.Enable SonicWALL Anti-Spyware2.Specify Spyware Danger Level Protection 3.Apply SonicWALL Anti-SpywareProtection to ZonesEnabling SonicWALL Anti-Spyware Glossary Setting Up CFS PremiumSpecifying Spyware Danger Level Protection Deep Packet Inspection - looking at the data portion of the packet. Enables the firewall to investigate farther into the protocol to examine information at the application layer and defend against attacks targeting application vulnerabilities Related Documentation Solution Document Version History Version NumberDate 6/11/2007Related Documentation 40SonicWALL TZ 180 TotalSecure