cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Olga_Kuts
Silver

Anti-Virus check for Mobile Access

In Mobile Access documentation we see, that only Traditional Anti-Virus can check files, which we upload to sslvpn portal, or download from it. But I know, that Traditional Anti-Virus is obsolete technology and many CheckPoint engineers advised not to use it.

What should we use to check the files uploaded / downloaded to the sslvpn portal?

0 Kudos
3 Replies
Admin
Admin

Re: Anti-Virus check for Mobile Access

Where are you seeing that Anti-virus cannot be used with Mobile Access Blade?

As far as I know this should be supported.

0 Kudos
Olga_Kuts
Silver

Re: Anti-Virus check for Mobile Access

In Mobile Access Administratoin Guide I saw only Traditional Anti-Virus Settings for sslvpn portal. We try to enable Anti-Virus instead of Traditional Anti-Virus, and tested the uploading and downloading malicious files to portal. The Anti-Virus did not stop it.

0 Kudos
Admin
Admin

Re: Anti-Virus check for Mobile Access

I guess you're right: traditional AV is required in this case.

From the R80.10 Mobile Access docs

Anti-Virus and Anti-Malware Blade

Certain Anti-Virus settings configured for a Security Gateway in the Traditional Anti-Virus > Security Gateway > HTTP page of the Threat Prevention tab also apply to Mobile Access traffic. To activate traditional Anti-Virus protection, enable the Traditional Anti-Virus on the Security Gateway.

These settings apply to Mobile Access traffic when Traditional Anti-Virus is configured to scan traffic By File Direction:

  • Incoming files arriving to - Inspects traffic that Mobile Access users upload to Mobile Access. (The drop-down menu is not relevant.)
  • Outgoing files leaving - Inspects the traffic that Mobile Access users download from Mobile Access. (The drop-down menu is not relevant.)
  • The Internal Files field is not relevant since Mobile Access uses an external interface.
  • Exceptions are not supported.

If Traditional Anti-Virus is configured to scan traffic By IPs, all portal traffic is scanned according to the settings defined for the Mail, FTP and HTTP protocols in SmartDashboard.

I wouldn't call the Traditional AV "obsolete" as it just works differently than the newer Anti-Virus blade.

In fact, we recently replaced the Traditional AV engine as part of removing Kaspersky components from our product: How to disable and remove Kaspersky Lab components from Check Point Security Gateway 

0 Kudos