cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Vladimir
Jade

Question about Protected Scope for Threat Emulation

In Threat Prevention Profile properties, under "Threat Emulation" / "General" / "Protected Scope" section we have the ability to define if we are inspecting traffic from External, External + DMZs or All interfaces.

Will the "Protected Scope" property of the rule itself supersede this configuration and make it applicable to the scope specified in it?

Additionally, will the UserCheck require HTTPS inspection or simply distributing ICA cert will suffice?

Tags (1)
0 Kudos
3 Replies
Admin
Admin

Re: Question about Protected Scope for Threat Emulation

For the second question, UserCheck requires HTTPS Inspection for HTTPS sites.

Will have to check into the first.

0 Kudos
Admin
Admin

Re: Question about Protected Scope for Threat Emulation

For the first question, here's what the docs say: 

When you select the Any option in the Protected Scope section of a rule, the traffic direction and interface type are defined by the Profile assigned to that rule. If you add objects to the Protected Scope in a rule, files that match these objects are inspected for all connections.

Which would indicate the Protected Scope of the rule overrides the Profile in this case.

0 Kudos
Vladimir
Jade

Re: Question about Protected Scope for Threat Emulation

Thank you!

Vladimir Yakovlev

973.558.2738

vlad@eversecgroup.com

0 Kudos