Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Naftali_Oziel
Collaborator

Application control/URL and Antivirus

Hi all,

a couple of questions,using CP1490 local managed

1. has anyone enabled the URL for botnets or phishing?  if so any success to show it actual works?

2. has anyone had any success blocking pornography categorization?  just noticed mine is not working properly sites are accessible, hit and miss (some will display can't load page - don't have ssl inspection on or display the blocked if it's http)  However, I've noticed a spike in zombies everytime the firewall attempts to block the pornography sites.  Zoombies are on the httpd.  Have a TAC as I have a custom firmware B3034

3.  I currently have the antibot blade on and considering the antivirus (don't have my own smtp server), any value.  my emails are all web based or IMAP on some machines, laptops mobile.  

Definitely seeking some advise for those that are on similar platform or simply know from usage experience.

Thanks,  

0 Kudos
Reply
4 Replies
Cyber_Serge
Contributor

From your description, it doesn't look like you have ssl inspection on? The feature you want to work is best with ssl inspection on.

0 Kudos
Reply
Naftali_Oziel
Collaborator

Thanks and it's off by design for now, it has it's pro's and con's.   The question is why the firewall is producing zombie entries for httpd when it hits the URL categorization block?  plus seeking if anyone have their anti-virus on and if it has shown any value? 

0 Kudos
Reply
G_W_Albrecht
Champion
Champion

AV does work for me (730), as well as ABOT and URLF. It is rather easy to test that, though 😎 Without https inspection, your possibilities are very limited as URL categorization will not be able to fully recognize all sites.

0 Kudos
Reply
Naftali_Oziel
Collaborator

Thanks, avoided the SSL inspection simply as my application is home usage and URLF is not required but interesting observations of why when it did detected a site in block the firewall produced zombie process for httpd?.   However, do have the ABOT, IPS and APP.    Am curious on your setup for AV do you have any internal mail servers?  does it catch more sites that could be deemed malware and block?   does it take more memory or processor hits, slows down your traffic?  just determining if it will be of value for me to have it enabled?

0 Kudos
Reply