Content Awareness

What can I do here?

Use this window to configure advanced settings for Content Awareness. These are global settings that apply to all Security Gateways with Content Awareness enabled.

Getting Here - Manage & Settings > Blades > Content Awareness > Advanced Settings

Fail Mode

You can select the enforcement option to use if the Content Awareness engine fails during inspection. However, if the engine fails on a connection that is inspected for logging only, the connection is allowed.

This setting is for R80.10 Gateways and higher.

To select the enforcement option

Go to Manage & Settings > blades > Content Awareness > Advanced Settings.
In the Content Awareness Settings window, select one option:
- Allow all requests (fail-open) - All traffic with data is allowed.
- Block all requests (fail-close) - All traffic with data is blocked. This is the default.

Content Awareness Services

Specify the services that Content Awareness inspects. Content Awareness inspects these services by default:

HTTPS_proxy on port 8080
HTTP_proxy on port 8080
ftp on port 21
http on port 80
https on port 443
smtp on port 25

To add to the list of services that match rules with Content Awareness:

Go to Manage & Settings > blades > Content Awareness > Advanced Settings.
In the Content Awareness Settings window:
1. Click the add icon to open the list of services.
2. Select a service.

Data Inspection

Inspect archives - examine the content of archive files. For example, files with the extension .zip, .gz, .tgz, .tar.Z, .tar, .lzma, .tlz, 7z, .rar

HTTP Inspection

Enable HTTP inspection on non standard ports for Content Awareness -

Servers usually send HTTP traffic on TCP port 80. Some servers send HTTP traffic on other ports also. By default, this setting is enabled and Content Awareness inspects HTTP traffic on non-standard ports. You can disable this setting and configure Content Awareness to inspect HTTP traffic only on port 80.