Configure APT Blocker Advanced Settings

By default, the Firebox sends APT Blocker requests to the nearest cloud-based server. In the APT Blocker Advanced settings you can configure APT Blocker to send requests to a server in a specific region, or to send requests to a local on-premise server.

In Fireware v12.7 and higher, you can also choose whether to submit PDF files for analysis and configure an HTTP proxy server to connect to the APT Blocker server.

To configure advanced APT Blocker settings, go to these sections:

Submit PDF Files for Analysis

Based on your version of Fireware, you can specify whether APT Blocker submits unrecognized PDF files to the data center for analysis. This gives you more granular control to address privacy concerns related to personal information in PDFs.

APT Blocker always submits the MD5 hash of PDF files to the data center and takes the specified action if the file matches any known threats.

In Fireware v12.8 or higher, and in Fireware v12.7 or lower, APT Blocker always submits unrecognized PDF files to the data center for analysis.

In Fireware v12.7.x, you can specify whether APT Blocker submits unrecognized PDF files to the data center for analysis. By default, the Submit PDF files to the data center for analysis check box is not selected and APT Blocker does not send unrecognized PDFs for analysis.

  1. Select Subscription Services > APT Blocker.
  2. Select the Advanced tab.

    Screen shot of APT Blocker configuration - Advanced tab in Policy Manager

  3. To submit unrecognized PDF files for analysis, select the Submit PDF files to the data center for analysis check box.
  4. Click OK.
  1. Select Subscription Services > APT Blocker.
  2. Select the Advanced tab.

    Screenshot of APT Blocker configuration - Advanced tab in Fireware Web UI

  3. To submit unrecognized PDF files for analysis, select the Submit PDF files to the data center for analysis check box.
  4. Click Save.

Set the APT Blocker Server Region

By default, APT Blocker sends APT Blocker requests to the nearest cloud-based server. You can also configure APT Blocker to always send requests to a server in a specific region.

  1. Select Subscription Services > APT Blocker.
  2. Select the Advanced tab.
  3. Select Send APT Blocker requests to a location-specific server.

Screenshot of APT Blocker configuration - Advanced tab in Fireware Web UI

  1. From the Server Region drop-down list, select the server region.
  2. Click Save.
  1. Select Subscription Services > APT Blocker.
  2. Select the Advanced tab.
  3. Select Send APT Blocker requests to a location-specific server.

Screen shot of APT Blocker configuration - Advanced tab in Policy Manager

  1. From the Server Region drop-down list, select the server region.
  2. Save the configuration.

Enable a Local On-Premises Server

In large enterprise networks, some organizations use a local on-premises server instead of cloud services for security and data privacy purposes. You can configure APT Blocker to send requests to a local on-premises server, if you have one installed on your network.

The on-premises server is available as a physical appliance, installation media, or VMware image. For more information, or to order an on-premises server, go to https://www.lastline.com/contact.

To find your license key and API token information, see the information sent to you with your on-premises server product.

  1. Select Subscription Services > APT Blocker.
  2. Select the Advanced tab.
  3. Select Send APT Blocker requests to a local on-premises server.

  1. In the Server address text box, type the IP address or host name of the on-premises server.
  2. In the License key text box, type the license key for the on-premises server.
  3. In the API token text box, type the API token for the on-premises server.
  4. In the User Name text box, type an optional user name for the on-premises server.
  5. Click Save.
  1. Select Subscription Services > APT Blocker.
  2. Select the Advanced tab.
  3. Select Send APT Blocker requests to a local on-premises server.

Screenshot of APT Blocker configuration page Advanced tab in Policy Manager

  1. In the Server address text box, type the IP address or host name of the on-premises server.
  2. In the License key text box, type the license key for the on-premises server.
  3. In the API token text box, type the API token for the on-premises server.
  4. In the User Name text box, type an optional user name for the on-premises server.
  5. Click OK.

When you use a on-premises server, you must also import a self-signed CA certificate to the Firebox.

To import the certificate:

  1. Download the certificate from https://update.lastline.com/updates/distros/lastline-ca.crt.
  2. Complete the process to import the certificate to the Firebox, as described in:
  3. When you specify the Certificate Function option, select General Use.

Enable an HTTP Proxy Server

If you want APT Blocker to use an HTTP proxy server to connect to the APT Blocker server through the Internet, you must configure the HTTP proxy server settings. You can configure a HTTP proxy server in Fireware v12.7 and higher.

  1. Select Subscription Services > APT Blocker.
  2. Select the Advanced tab.
  3. Select Connect to the APT Blocker server with an HTTP proxy server.

    Screen shot of HTTP Proxy Server, Advanced tab

  4. In the Server Address text box, type the IP address or host name of the HTTP proxy server.
  5. In the Server Port text box, type the port number the Firebox must use to contact the HTTP proxy server.
  6. From the Server Authentication drop-down list, select the authentication method to use for proxy server connections.
  7. If you select Basic or NTLM as the authentication method, type the User Name, User Domain, and Password for connections to the HTTP proxy server.
  8. Click Save.
  1. Select Subscription Services > APT Blocker.
  2. Select the HTTP Proxy Server tab.

    Screen shot of HTTP Proxy Server tab

  3. Select Connect to the APT Blocker server with an HTTP proxy server.
  4. In the Server Address text box, type the IP address or host name of the HTTP proxy server.
  5. In the Server Port text box, type the port number the Firebox must use to contact the HTTP proxy server.
  6. From the Server Authentication drop-down list, select the authentication method to use for proxy server connections.
  7. If you select Basic or NTLM as the authentication method, type the User Name, User Domain, and Password for connections to the HTTP proxy server.
  8. Click OK.

Related Topics

About APT Blocker

Configure APT Blocker