This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Olga_Kuts
Advisor
‎2018-01-23 12:07 PM

Anti-Virus check for Mobile Access

In Mobile Access documentation we see, that only Traditional Anti-Virus can check files, which we upload to sslvpn portal, or download from it. But I know, that Traditional Anti-Virus is obsolete technology and many CheckPoint engineers advised not to use it.

What should we use to check the files uploaded / downloaded to the sslvpn portal?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2018-01-26 10:30 PM

Where are you seeing that Anti-virus cannot be used with Mobile Access Blade?

As far as I know this should be supported.

0 Kudos
Olga_Kuts
Advisor
‎2018-01-27 06:58 AM
In response to PhoneBoy

In Mobile Access Administratoin Guide I saw only Traditional Anti-Virus Settings for sslvpn portal. We try to enable Anti-Virus instead of Traditional Anti-Virus, and tested the uploading and downloading malicious files to portal. The Anti-Virus did not stop it.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-01-28 12:33 PM
In response to Olga_Kuts

I guess you're right: traditional AV is required in this case.

From the R80.10 Mobile Access docs

Anti-Virus and Anti-Malware Blade

Certain Anti-Virus settings configured for a Security Gateway in the Traditional Anti-Virus > Security Gateway > HTTP page of the Threat Prevention tab also apply to Mobile Access traffic. To activate traditional Anti-Virus protection, enable the Traditional Anti-Virus on the Security Gateway.

These settings apply to Mobile Access traffic when Traditional Anti-Virus is configured to scan traffic By File Direction:

  • Incoming files arriving to - Inspects traffic that Mobile Access users upload to Mobile Access. (The drop-down menu is not relevant.)
  • Outgoing files leaving - Inspects the traffic that Mobile Access users download from Mobile Access. (The drop-down menu is not relevant.)
  • The Internal Files field is not relevant since Mobile Access uses an external interface.
  • Exceptions are not supported.

If Traditional Anti-Virus is configured to scan traffic By IPs, all portal traffic is scanned according to the settings defined for the Mail, FTP and HTTP protocols in SmartDashboard.

I wouldn't call the Traditional AV "obsolete" as it just works differently than the newer Anti-Virus blade.

In fact, we recently replaced the Traditional AV engine as part of removing Kaspersky components from our product: How to disable and remove Kaspersky Lab components from Check Point Security Gateway 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events