This article will showcase how to configure and verify Versa AV profile and attach it with Next Generation Firewall Access policies.
The diagram below shows a typical Secure SD-WAN deployment scenario with three branch locations connected in a full-mesh fashion. All confoigration and management actions are done through a central single-pane-of-glass console, Versa Director.
Policies can be configured at the template level which then can be published to various sites without needing to configure per device basis.
Configuration steps
Step 1 : Creating Antivirus profile
It is important to configure an anti-virus profile before the firewall policy can be configured. It should be noted that an AV profile can be created specific to a CPE or it can be configured at the template level. It’s always recommended to create at template level for the simple reason of reusability and rapid deployment.
The Versa director configuration snippet shows steps to create the AV profile.
| Attribute | Description |
|---|---|
| Direction | Upload and (or) Download Direction. In this configuration, “Both” selected as the direction which will apply for both Uploads and Downloads. |
| Action | Reject or Deny. Chosen as “Deny”. Action on Disk full is also chosen as “Deny”. |
| Storage Profile | associate custom storage profile. In this configuration, no custom profile is chosen |
| File Type | Desired file type to match on or specifically select few file types |
Step 2: Configure NGFW firewall policy
This firewall policy configuration is done at the template level. Notice the highlighted configuration hierarchy on the top right of the screenshot.
Choose Source/Destination in the next tab
Under Enforce tab the followings need to be done
– Select “Apply Security Profile”
– Check “Anti-Virus” under Profiles
– From the dropdown menu select AV Profile created
– In order to log events in Analytics select “Default-Logging-Profile”
– Finish the configuration by clicking OK
Verification
Monitor from Appliance Context: Given below stats were taken when a VoS CPE detected Virus effected file being downloaded from the internet and it took action and rejected it. The same is matching with logs shown in the Analytics verification section given below as well.
AV log from Versa Analytics
