Configure Gateway AntiVirus Actions for HTTP Content
By default, when you enable Gateway AntiVirus for a proxy policy from the Gateway AntiVirus configuration, the default action for content that does not match a proxy rule is automatically set to AV Scan. You can improve Gateway AntiVirus performance if you change the default action for HTTP content that does not match a configured proxy rule.
To optimize performance, you can configure Gateway AntiVirus actions for the HTTP proxy to make the proxy more selective about which content types to scan. When you set the None matched action to AV Scan for the URL Paths, Content Types, or Body Content Types categories, the HTTP proxy scans all objects that do not match a rule.
To set the actions for HTTP proxy rulesets, follow the instructions in the next section. The same steps apply to rules in the TCP-UDP proxy and the Explicit proxy, which also apply to HTTP connections.
Configure AV Scan Actions Based on URL Paths
You can configure rules for when to AV scan HTTP content, based on the URL path of the request.
- Edit the HTTP-Proxy policy.
- Select the Proxy Action tab.
- In the HTTP Request tab select URL Paths.
The URL Paths proxy action settings appear. - From the Action to take if no rule above is matched drop-down list, select Allow.
With this setting, URLs that do not match a rule in the list are not scanned by Gateway AntiVirus.
If you add rules to the URL Paths Rules list, you can set the If matched action to AV Scan to scan the content if the URL matches a rule in the list.
- For information about actions, go to Add, Change, or Delete Rules.
- For information about how to add URL Paths, go to HTTP Request: URL Paths.
- Edit the HTTP-Proxy policy and edit the proxy action.
- In the Categories tree, expand HTTP Request and select URL Paths.
The URL Paths rules and actions settings appear.
- From the None matched drop-down list, select Allow.
With this setting, URLs that do not match a rule in the list are not scanned by Gateway AntiVirus.
If you add rules to the URL Paths Rules list, you can set the If matched action to AV Scan to scan the content if the URL matches a rule in the list.
- For information about actions, go to Add, Change, or Delete Rules.
- For information about how to add URL Paths, go to HTTP Request: URL Paths.
Configure AV Scan Actions Based on Content Types
You can configure the actions for Content Type rules to scan the content types that are most likely to contain a virus, and to not scan other content types. To set the actions more granularly based on content type, in Policy Manager use the advanced view of the rules.
- Edit the HTTP-Proxy policy.
- Select the Proxy Action tab.
- In the HTTP Response tab select Content Types.
The Content Types proxy action settings appear.
- From the Action to take if no rule above is matched drop-down list, select Allow.
Or, select an option other than the default (AV Scan).
If you select Allow, Gateway AntiVirus scans only the content types enabled in the Content Types list. - To enable or disable rules in the Content Types list, select or clear the Enabled check box.
For information about HTTP Response Content Types, go to HTTP Response: Content Types.
- Edit the HTTP-proxy action used by the proxy policy.
- In the Categories tree, expand HTTP Response and select Content Types.
- From the None matched drop-down list, select Allow.
Or, select an option other than the default (AV Scan). - Click Change View.
The Content Type Rules settings change to the advanced view.
- To select which rules to use, select or clear the Enabled check box for each rule .
- For each enabled rule, double-click the rule to select the Action to take for that rule.
The Edit Content Type Rule dialog box appears.
- To scan all content that matches the rule, set the action to AV Scan.
- To allow content that matches the rule without an AV scan, set the action to Allow.
For information about HTTP Response Content Types, go to HTTP Response: Content Types.
Configure AV Scan Actions Based on Body Content Types
You can also configure the actions for HTTP content based on the Body Content Types rules.
- Edit the HTTP-Proxy policy.
- Select the Proxy Action tab.
- In the HTTP Response tab select Body Content Types.
The Body Content Types proxy action settings appear. - For each content type you want to want to scan with Gateway AntiVirus, add a rule and set the Action to AV Scan.
- From the Action to take if no rule above is matched drop-down list, select Allow.
Or, select an option other than the default (AV Scan). - To enable or disable rules in the Body Content Types list, select or clear the Enabled check box.
For information about HTTP Response Body Content Types, go to HTTP Response: Body Content Types.
- Edit the HTTP-proxy action used by the proxy policy.
- In the Categories tree, expand HTTP Response and select Body Content Types.
- From the None matched drop-down list, select Allow.
Or, select an option other than the default (AV Scan). - From the If matched drop-down list, select AV Scan.
Or, click Change View to set rules individually for different body content types.
For information about HTTP Response Body Content Types, go to HTTP Response: Body Content Types.
Configure Alarm Notifications for Antivirus Actions
In each rule in a proxy action, you can select the Alarm check box so the proxy policy sends an alarm notification when the rule applies to network traffic. If you enable alarms for a proxy antivirus action, you must also configure the type of alarm to use in the proxy policy.
- Select Firewall > Firewall Policies.
- Double click a policy to edit.
- Select the Proxy Action tab.
- Select Proxy and AV Alarms.
- Configure the Proxy and AV Alarms settings as described in Set Logging and Notification Preferences.
- Double-click the policy to edit.
- Select the Properties tab.
- Click
. - Select Proxy and AV Alarms.
- Configure the Proxy and AV Alarms settings as described in Set Logging and Notification Preferences.