Unified Threat Prevention
For 1500 appliances only.
The Unified Threat Prevention Policy applies to the Anti-Virus, Anti-Bot, IPS and Threat Emulation blades. One policy is configured for all the blades:
-
Strict – Focuses on security.
-
Recommended – The default option, which gives the best mixture of security and performance for all small/medium sized business.
-
Custom – Manually defined by the user.
To create a custom policy for Threat Prevention:
-
Under Policy, select Custom.
-
For Tracking options, select one of these options:
-
None – Do not log.
-
Log – Create a log.
-
Alert – Log with an alert.
-
-
Under Protection Activation, for each confidence level (High confidence, Medium confidence, and Low confidence), select the applicable action from the list:
-
Ask – Traffic is blocked until the user confirms it is allowed.
-
Prevent – Blocks identified virus or bot traffic, or identified malicious files, from passing through the gateway.
-
Detect – Allows identified virus or bot traffic, or identified malicious files, to pass through the gateway. This traffic is detected and logged.
-
Inactive – The protection is deactivated.
-
-
For Performance impact, select the allowed impact level:
-
Low
-
Medium or lower
-
High or lower
-
-
For Severity, select the level:
-
Low or above
-
Medium or above
-
High or above
-
Critical
-
To restore the policy default settings:
Click Reset to defaults.
URLs Allowlist
For appliances running version R80.20.35 and higher, you can configure a URLs Allowlist. These are sites that are allowed under the Unified Threat Prevention policy.
To add a URL:
-
Click New.
The Add URL window opens.
-
Enter the URL you want to allow.
-
Click Finish.
To delete a URL:
Select the box next to the URL name and click Delete.
To edit a URL:
-
Click the pen icon next to the URL name.
The Edit URL window opens.
-
Make your changes.
-
Click Finish.
