Purpose

This article will showcase how to configure Versa AV profile and attach it with NGFW Access policies. Various Verification methods will also be presented in this article.

Topology

 

AV Profile Configuration

Go to “Services” →  “Next Gen Firewall”→ “Security” → “Profiles” → “Anti Virus”

Direction: You can choose Upload/Download Direction. For this lab exercise we had chosen “Both”

Action: Reject. Reject action will be executed post Disk goes full.

Storage Profile: You can also associate custom storage profile

File Type: You can choose any type of files to match on or specifically select few file types.

Protocol: Select Protocol of your choice from dropdown.

Associate AV Profile with NGFW Policy

  • Go to Services → Next Gen Firewall → Security → Policies and click “+” to create a new firewall rule

 

  • Identify the source/destination zone depending on your requirement

  • Click at “Enforce” tab
  • Select “Apply Security Profile”
  • Enable “Vulnerability” checkbox. From the dropdown menu select Versa pre-defined “Lateral Movement Detection”
  • In order to log events in Analytics select “Default-Logging-Profile”
  • Click “OK”

Verification

Monitor Appliance Context Level

Given below stats were taken when FlexVNF detected Virus effected file being downloaded from internet and its took action and rejected it. Count “2” is matching with logs shown in Analytics verification section given below as well.

Analytics

Go to “Analytics” –> “Logs” –> “Anti Virus”

As shown in below snapshot FlexVNF detected the file being accessed by end user containing Virus and it rejected the file download.