Configure SD-WAN Malware Protection Profiles
For supported software information, click here.
Malware is malicious software that is specifically designed to disrupt computers and computer systems. There are many types of malware, including computer viruses, worms, Trojan viruses, spyware, adware, and ransomware. Among the things malware can do is leak private information, gain unauthorized access to information or systems, and deprive users of access to information.
You can configure malware protection profiles to detect and prevent malware threats. You then associate the policies with access control security policies. For more information, see Configure SD-WAN Access Control Policies.
Configure a Malware Protection Profile
- In Tenant view, select Configure > Secure SD-WAN > Security > Profiles.
- Select the Malware Protection tab.
- If you have not yet configured a malware protection profile, click Add Malware Protection Profile.
- If you have configured one or more malware profiles, the following screen displays. Click the + Add icon.
The Add Malware Protection Profile workflow displays.
- In step 1, File Type and Protocols, select the direction of the traffic on which to perform the malware scan.
- Select the protocols to scan for malware. You can use the search box to find specific protocol types, or check the Select All box to select all protocol types.
- Select the types of files to scan for malware. You can use the search box to find specific file types, or check the Select All box to select all file types.
- Select the protocols to scan for malware. You can use the search box to find specific protocol types, or check the Select All box to select all protocol types.
- Click Next or click step 2, Enforcement.
- Select the action to enforce when traffic matches the protocols, file types, and traffic direction you selected in step 1, File Types and Protocol:
- Alert—Allow the file to pass and log the action.
- Allow—Allow the file to pass without logging the action.
- Deny—Do not allow the file to pass and log the action. This is the default.
- Recommended Action—FTP and HTTP traffic is set to Deny. Email traffic (SMTP, IMAP, POP3, and MAPI) is set to Alert.
- Reject—Reset the connection to the server and client, and log the action.
- Click Next or click step 3, Permissions.
- The permission for each role is selected by default, and you can update it. To change permissions for a role, select or deselect the Create, Read, Update, and Delete fields for the role.
- Click Next or click step 4, Review and Submit.
- In the General section, enter a name for the malware protection profile. You can also enter a text description for the profile and one or more tags. A tag is an alphanumeric text descriptor with no spaces or special characters.
- To enable logging, click the Enable Logging toggle, and then select a logging profile that indicates where to forward the logs.
- Use Default—Click to use the default logging profile.
- Custom—Click to use a custom logging profile, and then select a profile in the drop-down list. To create a custom profile, select + Create New.
- For all other sections, review the information. To make changes, click the
Edit icon. - Click Submit to create the malware protection profile.
Supported Software Information
Releases 13.1.1 and later support all content described in this article.