Configure APT Blocker Advanced Settings

By default, the Firebox sends APT Blocker requests to the nearest cloud-based server. In the APT Blocker Advanced settings you can configure APT Blocker to send requests to a server in a specific region, or to send requests to a local on-premise server.

In Fireware v12.7 and higher, you can also choose whether to submit PDF files for analysis and configure an HTTP proxy server to connect to the APT Blocker server.

To configure advanced APT Blocker settings, see these sections:

Submit PDF Files for Analysis

Based on your version of Fireware and whether you use the Policy Manager or Web UI, you can specify whether APT Blocker submits unrecognized PDF files to the data center for analysis. This gives you more granular control to address privacy concerns related to personal information in PDFs.

APT Blocker always submits the MD5 hash of PDF files to the data center and takes the specified action if the file matches any known threats.

Submit PDF Files for Analysis in Policy Manager

In Fireware v12.7 or higher, you can specify whether APT Blocker submits unrecognized PDF files to the data center for analysis. By default, the Submit PDF files to the data center for analysis check box is not selected and APT Blocker does not send unrecognized PDFs for analysis.

In Fireware versions lower than v12.7, APT Blocker always submits unrecognized PDF files to the data center for analysis.

Submit PDF Files for Analysis in Web UI

In Fireware v12.8 or higher, APT Blocker always submits unrecognized PDF files to the data center for analysis.

In Fireware v12.7, you can specify whether APT Blocker submits unrecognized PDF files to the data center for analysis. By default, the Submit PDF files to the data center for analysis check box is not selected and APT Blocker does not send unrecognized PDFs for analysis.

In Fireware versions lower than v12.7, APT Blocker always submits unrecognized PDF files to the data center for analysis.

Set the APT Blocker Server Region

By default, APT Blocker sends APT Blocker requests to the nearest cloud-based server. You can also configure APT Blocker to always send requests to a server in a specific region.

Enable a Local On-Premises Server

In large enterprise networks, some organizations use a local on-premises server instead of cloud services for security and data privacy purposes. You can configure APT Blocker to send requests to a local on-premises server, if you have one installed on your network.

The on-premises server is available as a physical appliance, installation media, or VMware image. For more information, or to order an on-premises server, see https://www.lastline.com/contact.

To find your license key and API token information, see the information sent to you with your on-premises server product.

When you use a on-premises server, you must also import a self-signed CA certificate to the Firebox.

To import the certificate:

  1. Download the certificate from https://update.lastline.com/updates/distros/lastline-ca.crt.
  2. Complete the process to import the certificate to the Firebox, as described in:
  3. When you specify the Certificate Function option, select General Use.

Enable an HTTP Proxy Server

If you want APT Blocker to use an HTTP proxy server to connect to the APT Blocker server through the Internet, you must configure the HTTP proxy server settings. You can configure a HTTP proxy server in Fireware v12.7 and higher.

See Also

About APT Blocker

Configure APT Blocker