cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
vivekk1
Iron

Antivirus blade prose and cons.

Hi All,

I want to enable Antivirus blade in R80.10. My firewall (5400) is in production environment. My firewall max connection is 79797. Already VPN, Application control, IPS and Antibot blade enabled. Just want to know what will be prose and cons if I enabled Antivirus blade. 

Please help me.

Regards,
Vivek Kumar
0 Kudos
3 Replies
Admin
Admin

Re: Antivirus blade prose and cons.

As you've already enabled IPS and Anti-Bot, there should not be a significant performance impact enabling Anti-Virus.
The pro is: it will catch more potentially bad things.
vivekk1
Iron

Re: Antivirus blade prose and cons.

Hi, 

Thank you for your response.

 When we enable Antivirus blade so it will monitor SMTP and http traffic by default. If we want to inspect https and SSL traffic, we need to enable HTTPS inspection and threat emulation blade. Am I correct?

Is there any impact on my firewall performance or latency in traffic?

Regards,
Vivek Kumar
0 Kudos

Re: Antivirus blade prose and cons.

If you want to inspect SSL traffic then you will need to perform outbound or inbound SSL Inspection, keep in mind that there is an increased resource usage when inspectin SSL traffic, I strongly suggest you to go with a gradual inspection approach. In other words: Inspect by segments and see how it impacts your GW.

When using SSL Inspection be sure to run R80.20 or R80.30, R80.30 works best but has less kernel flags that allow you to bypass certain things. You may want to look at this post that I made were I give advices about SSL Inspection: https://community.checkpoint.com/t5/General-Topics/Outbound-SSL-Inspection-A-war-story/m-p/58647

Finally be sure to check SSL Best practices in sk108202

Threat emulation is another blade that doesn't have to do with SSL Inspection or Antivirus, main purpose is to emulate files downloaded from emails and http/https, at the moment is the most eficient solution to detect zero days. You will need NGTX licensing to run it.

Regards,

 

____________
https://www.linkedin.com/in/federicomeiners/
Tags (1)