This article will showcase how to configure and verify Versa AV profile and attach it with Next Generation Firewall Access policies.

The diagram below shows a typical Secure SD-WAN deployment scenario with three branch locations connected in a full-mesh fashion. All confoigra=tion and management actions are done through a central single-pane-of-glass console, Versa Director.

Policies can be configured at the template level which then can be published to various sites without needing to configure per device basis.

Configuration steps

Step 1 : Creating Antivirus profile

It is important to configure an anti-virus profile before the firewall policy can be configured. It should be noted that an AV profile can be created specific to a CPE or it can be configured at the template level. It’s always recommended to create at template level for the simple reason of reusability and rapid deployment.

The Versa director configuration snippet shows steps to create the AV profile.

AttributeDescription
DirectionUpload and (or) Download Direction. In this configuration, “Both” selected as the direction which will apply for both Uploads and Downloads.
ActionReject or Deny. Chosen as “Deny”. Action on Disk full is also chosen as “Deny”.
Storage Profileassociate custom storage profile. In this configuration, no custom profile is chosen
File TypeDesired file type to match on or specifically select few file types
Step 2: Configure NGFW firewall policy

This firewall policy configuration is done at the template level. Notice the highlighted configuration hierarchy on the top right of the screenshot.

Choose Source/Destination in the next tab

Under Enforce tab the followings need to be done
– Select “Apply Security Profile”
– Check “Anti-Virus” under Profiles
– From the dropdown menu select AV Profile created
– In order to log events in Analytics select “Default-Logging-Profile”
– Finish the configuration by clicking OK

Verification

Monitor from Appliance Context: Given below stats were taken when a VoS CPE detected Virus effected file being downloaded from the internet and it took action and rejected it. The same is matching with logs shown in the Analytics verification section given below as well. 

AV log from Versa Analytics