Configure Proxy Policies for TDR

For TDR to effectively correlate network events with host sensor events, we recommend that you enable proxy policies and services on the Firebox.

Because the Firebox sends log messages about your network events to your TDR account, it is important to configure the Firebox to send a log message when it blocks, drops, or denies a connection.

When you enable Threat Detection and Response on your Firebox, we recommend that you configure policies to:

  • Inspect network traffic, and do not allow traffic that is considered a threat
  • Enable Gateway AV, IPS, APT Blocker, WebBlocker, and Reputation Enabled Defense
  • Generate log messages for Deny, Drop, and Block actions

For the Firebox to inspect connections and take action when a threat is identified, you must configure proxy policies and services. When you configure the proxy actions, make sure to enable logging and specify that a log message is generated for any Deny, Block or Drop action. For example, to examine outbound HTTP, SMTP, and DNS connections, add these policies to your Firebox configuration:

HTTP-proxy

Proxy action — HTTP-Client.Standard or Default-HTTP-Client

Enable Gateway AV, APT Blocker, WebBlocker and Reputation Enabled Defense in the proxy action

Enable logging for any Deny, Block, or Drop action in the proxy action

HTTPS-proxy

Proxy action — HTTPS-Client.Standard or Default-HTTPS-Client

Enable Content Inspection, with the HTTP-Client.Standard or Default-HTTP-Client proxy action

Enable Gateway AV, APT Blocker, WebBlocker, and Reputation Enabled Defense in the proxy action

Enable logging for any Deny, Block, or Drop action in the proxy action

SMTP-proxy

Proxy action — SMTP-Client.Standard

Enable Gateway AV and APT Blocker in the proxy action

Enable logging for any Deny, Block, or Drop action in the proxy action

If your Firebox allows incoming connections to servers or other resources on your network, make sure to configure a proxy policy to inspect the incoming traffic and enable services and logging for any Deny, Block, or Drop action in the proxy action.

Give Us Feedback     Get Support     All Product Documentation     Technical Search