Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rafal_N
Contributor

Mobile Access Portal + other blades?

Hi,

I try to scan files that are uploaded using Mobile Access Portal - File Shares, Web Applications but it looks like that all other security blades (AV,TE) ignores them. I triple check my TP policy and it seems to be ok.

Does anybody can confirm that it should work and there is something in my configuration or is it something that gateway can't do at all.

7 Replies
PhoneBoy
Admin
Admin

All the blades are supposed to work with Mobile Access Blade as noted in the documentation.

How are you determining that the blades are "ignoring" files uploaded via file shares?

Note the blades usually don't generate a log unless a file is malicious.

0 Kudos
Rafal_N
Contributor

I'm uploading malware test file "eicar.com" that gateway normally recognized without issue. Only when I transfer it using Mobile Access Portal it doesn't work. I thought it was only for Fileshare (some CIFS issue) but i add web aplication using http (not https) and file isn't scan at all. 

0 Kudos
PhoneBoy
Admin
Admin

EICAR is kind of a special case

As there have been a few false positives with EICAR, and it's not really malicious, we don't detect EICAR by default.

Execute the following command on the gateway: fw ctl set int g_ci_av_eicar_handling_mode 2

Then repeat your test. 

Rafal_N
Contributor

I have set it to 2 previous it was set to 0.  g_ci_av_eicar_handling_mode = 2

But changing this setting doesn't help. Eicar is and was recognized if i download it form web site but if i uploaded it using Mobile Access Portal interface it doesn't.

Even if I establish tunnel (IPSEC or SSL/Connect)  and uploading eicar file to web application it is blocked as it should.

If I open Mobile Access Portal and without tunnel open that same web application only define as http URL in portal it is passed without scan. 

0 Kudos
PhoneBoy
Admin
Admin

Recommend opening a TAC case so we can investigate this more closely.

How To Open a Case with TAC and/or Account Services

0 Kudos
Rafal_N
Contributor

I got statements, that Traditional AV and Anti-Virus is not supported with Mobile Access portal. So probably TE does not work either. It should be write red capital letters in documentation in Mobile Access Portal.

I try to figure out some workaround how to solve it because it is big surprised for me. Any ideas and suggestion will be nice.

0 Kudos
PhoneBoy
Admin
Admin

Please send me the TAC SR in a private message.

The documentation explicitly contradicts this, so I'd like to get to the bottom of it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events