1. Manuals
  2. Brands
  3. Watchguard Manuals
  4. Gateway
  5. Firebox X20E
  6. User manual

Intrusion Prevention Service Settings; Pop3 Proxy Deny Messages And Gateway Av/Ips; Updating Gateway Av/Ips - Watchguard Firebox X20E User Manual

Firmware version 8.6 all firebox x edge e-series standard and wireless models
Hide thumbs Also See for Firebox X20E:
Table of Contents

Advertisement

Updating Gateway AV/IPS

GAV does not scan archive file formats such as .zip or packed executables.

Intrusion Prevention Service settings

Select the Enable Intrusion Prevention for HTTP check box to monitor and scan web traffic
1
between your users and web servers for possible intrusion attempts.
Select the Enable Intrusion Prevention for FTP check box to monitor and scan the stream of
2
FTP commands between your users and FTP servers for possible intrusion attempts.
Select the Enable Intrusion Prevention for POP3 check box to monitor and scan POP3
3
connections between your clients and the POP3 email server for possible intrusion attempts.
Select the Enable Intrusion Prevention for SMTP check box to monitor and scan the email
4
connections between your SMTP email server and the external SMTP email servers it
communicates with for possible intrusion attempts.
From the drop-down menus, select the action you want IPS to take for:
5
- A High Severity vulnerability. The default action is Deny.
- A Medium Severity vulnerability. The default action is Deny.
- A Low Severity vulnerability. The default action is Allow.

POP3 proxy deny messages and Gateway AV/IPS

It is important to know what your users see when an email message is blocked because of the POP3
proxy. You can find a complete description of the actions taken by the POP3 proxy in an FAQ you can
find at http://www.watchguard.com/support/faqs/edge/.
Some of the actions include:
Sending a message that an email message was denied when it blocks a message because of a
problem in the header, or because of the body or attachment content, and the message is less
than 100 kilobytes.
Truncating an email message when it blocks a message because of a problem with the body or
attachment content, and the message is larger than 100 kilobytes.
Blocking an email message with no notification to the user when an email message is blocked
because of a protocol anomaly.
You can see deny messages for all blocked email in the log messages. For information on using the log
message tool, see the "Logging and Certificates" chapter.
Updating Gateway AV/IPS
New viruses and intrusion methods appear on the Internet frequently. The Gateway AV/IPS service
uses a database of signatures to check for viruses and intrusions. WatchGuard frequently publishes
updates to the signature database to our customers as new signatures become known. Usually, new
Gateway AV signatures are published several times a day. New IPS signatures are published less fre-
quently. To make sure that Gateway AV/IPS gives you the best protection, you must update the signa-
tures on the Firebox X Edge frequently. By default, the Firebox® X Edge e-Series checks for signature
updates automatically. You can change this setting if you want to update the signatures manually.
194
Firebox X Edge e-Series
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Watchguard Firebox X20E

Related Content for Watchguard Firebox X20E

This manual is also suitable for:

Firebox x55eFirebox x55e-wFirebox x20e-wFirebox x10e-wFirebox x10eFirebox x edge e-series

Table of Contents