topic Application control/URL and Antivirus in Spark Firewall (SMB)

Application control/URL and Antivirus

Naftali_Oziel — Mon, 20 Jul 2020 11:27:50 GMT

Hi all,

a couple of questions,using CP1490 local managed

1. has anyone enabled the URL for botnets or phishing? if so any success to show it actual works?

2. has anyone had any success blocking pornography categorization? just noticed mine is not working properly sites are accessible, hit and miss (some will display can't load page - don't have ssl inspection on or display the blocked if it's http) However, I've noticed a spike in zombies everytime the firewall attempts to block the pornography sites. Zoombies are on the httpd. Have a TAC as I have a custom firmware B3034

3. I currently have the antibot blade on and considering the antivirus (don't have my own smtp server), any value. my emails are all web based or IMAP on some machines, laptops mobile.

Definitely seeking some advise for those that are on similar platform or simply know from usage experience.

Thanks,

Re: Application control/URL and Antivirus

Cyber_Serge — Mon, 20 Jul 2020 13:43:50 GMT

From your description, it doesn't look like you have ssl inspection on? The feature you want to work is best with ssl inspection on.

Re: Application control/URL and Antivirus

Naftali_Oziel — Mon, 20 Jul 2020 14:22:46 GMT

Thanks and it's off by design for now, it has it's pro's and con's. The question is why the firewall is producing zombie entries for httpd when it hits the URL categorization block? plus seeking if anyone have their anti-virus on and if it has shown any value?

Re: Application control/URL and Antivirus

G_W_Albrecht — Tue, 21 Jul 2020 08:49:50 GMT

AV does work for me (730), as well as ABOT and URLF. It is rather easy to test that, though 8) Without https inspection, your possibilities are very limited as URL categorization will not be able to fully recognize all sites.

Re: Application control/URL and Antivirus

Naftali_Oziel — Tue, 21 Jul 2020 12:36:40 GMT

Thanks, avoided the SSL inspection simply as my application is home usage and URLF is not required but interesting observations of why when it did detected a site in block the firewall produced zombie process for httpd?. However, do have the ABOT, IPS and APP. Am curious on your setup for AV do you have any internal mail servers? does it catch more sites that could be deemed malware and block? does it take more memory or processor hits, slows down your traffic? just determining if it will be of value for me to have it enabled?