108 Advanced network traffic control
Configuring AVpe
To enable AVpe
After you have configured AVpe, you must enable it for each computer or VPN
group.
Note: Enabling AVpe for VPN groups is for WAN clients only. You enable AVpe
for LAN VPN clients through Computer groups in the Firewall section.
See
"Defining computer group membership"
VPN tunnels"
on page 99.
See
"Computer Groups tab field descriptions"
See
"Client Tunnels tab field descriptions"
To enable antivirus policy enforcement for computer groups
1
In the SGMI, in the left pane, click Firewall.
2
On the Computer Groups tab, under Security Policy, on the Computer Group
drop-down list, select the computer group for which you want to enable
AVpe.
3
Under Antivirus Policy Enforcement, check Enable Antivirus Policy
Enforcement, and then do one of the following:
To log warnings for clients with out-of-date virus definitions, click
■
Warn Only.
To completely block connections from clients with out-of-date virus
■
definitions, click Block Connections.
4
Click Save.
5
Repeat steps 2 through 6 to enable AVpe for each computer group.
To enable antivirus policy enforcement for VPN groups
1
In the left pane of the Security Gateway Management Interface (SGMI), click
VPN.
2
On the Client Tunnels tab, under Group Tunnel Definition, on the VPN
Group drop-down list, select the VPN group for which you want to enable
AVpe.
3
Under WAN Client Policy, check Enable Antivirus Policy Enforcement, and
then do one of the following:
To log warnings for clients with out-of-date virus definitions, click
■
Warn Only.
To completely block connections from clients with out-of-date virus
■
definitions, click Block Connections.
on page 65. See
"Defining client
on page 179.
on page 197.