Applies To: FireCloud Internet Access
FireCloud is a beta product that is only available to participants in the WatchGuard FireCloud Beta program. To try FireCloud Internet Access, join the WatchGuard Beta test community.
Scanning engines protect against spyware, viruses, malicious applications, spam email, and data leakage. In FireCloud, you can enable content scanning with these services to protect your users:
Content scanning services are enabled by default with recommended settings in all access rules. For content scanning to apply to traffic, you must also enable content scanning in FireCloud access rules. For information about access rule settings, go to FireCloud Access Rules.
Configure Gateway AntiVirus in FireCloud
Gateway AntiVirus helps protect your users from computer viruses. When a new attack is identified, the features that make the virus unique are recorded. These recorded features are known as a signature. Gateway AntiVirus uses signatures to find viruses when it scans content. Gateway AntiVirus automatically uses the latest signatures when you enable it.
In FireCloud, you can configure Gateway AntiVirus to drop connections when a virus is detected, an error occurs, scanned content exceeds the file size limit (10 MB), or scanned content is encrypted. No information is sent to the source of the connection.
To configure Gateway AntiVirus in FireCloud, from WatchGuard Cloud:
- Select Configure > FireCloud.
- Click the Content Scanning tile.
The Content Scanning page opens.
- Enable Gateway AntiVirus.
- In the Action column, select the Drop check box for each type of event that you want FireCloud to drop connections for:
- When a Virus is Detected — If Gateway AntiVirus detects a virus in an email message, file, web page, or web upload, FireCloud drops the packet and the connection.
- When a Scan Error Occurs — If FireCloud cannot scan an object or an attachment, FireCloud drops the packet and the connection.
- When Content Exceeds Scan Size Limit — When content exceeds the scan size limit of 10 MB, FireCloud drops the packet and the connection.
- When Content is Encrypted — When Gateway AntiVirus cannot scan a file because it is encrypted, password-protected, or uses a type of compression that Gateway AntiVirus does not support, such as password-protected ZIP files, FireCloud drops the packet and the connection.
- To save your configuration changes, click Save.
Configure APT Blocker in FireCloud
An advanced persistent threat (APT) attack is a type of network attack that uses advanced malware and zero-day exploits to get access to networks and confidential data over extended periods of time. APT Blocker uses full-system emulation analysis to identify the characteristics and behavior of APT malware in files and email attachments that enter your network. APT Blocker does not use signatures like other traditional scanners, such as antivirus programs. For more information, go to About APT Blocker in Fireware Help.
APT Blocker categorizes APT activity based on the severity of the threat. In FireCloud, you can configure the action to take for each threat level (High, Medium, Low). The Clean threat level enables you track the status of files that APT Blocker determined to be clean and not contain malware.
To enable APT Blocker, you must first enable Gateway AntiVirus.
To configure APT Blocker in FireCloud, from WatchGuard Cloud:
- Select Configure > FireCloud.
- Click the Content Scanning tile.
The Content Scanning page opens. - Enable APT Blocker.
- In the Action column, select the Drop check box for each Threat Level you want APT Blocker to drop the connection for.
- To save your configuration changes, click Save.
Content Scanning in WatchGuard Cloud
About Gateway AntiVirus (Fireware Help)
About APT Blocker (Fireware Help)