Activating Anti-Virus Scanning - D-Link NetDefend DFL-210 User Manual

6.4.6. Anti-Virus Options
original active/passive roles. For more information about HA clusters refer to Chapter 11, High
Availability.
Anti-Virus with ZoneDefense
Anti-Virus triggered ZoneDefense is a feature for isolating virus infected hosts and servers on a
local network. While the virus scanning firewall takes care of blocking inbound infected files from
reaching the local network, ZoneDefense can be used for stopping viruses to spread from an already
infected local host to other local hosts. When the NetDefendOS virus scanning engine has detected a
virus, the D-Link Firewall will upload blocking instructions to the local switches and instruct them
to block all traffic from the infected host or server.
Since ZoneDefense blocking state in the switches is a limited resource, the administrator has the
possibility to configure which hosts and servers that should be blocked at the switches when a virus
has been detected.
For example: A local client downloads an infected file from a remote FTP server over the Internet.
NetDefendOS detects this and stops the file transfer. At this point, NetDefendOS has blocked the
infected file from reaching the internal network. Hence, there would be no use in blocking the
remote FTP server at the local switches since NetDefendOS has already stopped the virus. Blocking
the server's IP address would only consume blocking entries in the switches.
For NetDefendOS to know which hosts and servers to block, the administrator has the ability to
specify a network range that should be affected by a ZoneDefense block. All hosts and servers that
are within this range will be blocked.
The feature is controlled through the Anti-Virus configuration in the ALGs. Depending on the
protocol used, there exist different scenarios of how the feature can be used.
For more information on this topic refer to Chapter 12, ZoneDefense.
Example 6.19. Activating Anti-Virus Scanning
This example shows how to setup an Anti-Virus scanning policy for HTTP traffic from lannet to all-nets. We will
assume there is already a NAT rule defined in the IP rule set to NAT this traffic.
CLI
First, create an HTTP Application Layer Gateway (ALG) Object with Anti-Virus scanning enabled:
gw-world:/> set ALG ALG_HTTP anti_virus Antivirus=Protect
Then, create a Service object using the new HTTP ALG:
gw-world:/> add ServiceTCPUDP http_anti_virus Type=TCP DestinationPorts=80
Finally, modify the NAT rule to use the new service:
gw-world:/> set IPRule NATHttp Service=http_anti_virus
Web Interface
A. First, create an HTTP ALG Object:
1. Go to Objects > ALG > Add > HTTP ALG
2. Specify a suitable name for the ALG, for instance anti_virus
3. Click the Antivirus tab
4. Select Protect in the Mode dropdown list
5. Click OK
ALG=anti_virus
263
Chapter 6. Security Mechanisms