Device Configuration : Protect : Advanced Threat
Advanced Threat
Advanced Threat Protection
This page allows the administrator to configure the Advanced Threat Protection feature.
ATP can help rapidly detect infected or compromised clients inside the network and raise an alert or drop the respective traffic.
The Advanced Threat Protection analyzes network traffic, e.g., DNS requests, HTTP requests, or IP packets in general, coming from and going to all networks. It also incorporates Intrusion Prevention and Antivirus data if the respective features are activated.
* Advanced Threat Protection module is a subscription module that needs to be subscribed before use.
By default Advanced Threat Protection is disabled. To enable Advanced Threat Protection, click on the slider. This will make different setting fields editable.
Policy: Select the security policy that the Advanced Threat Protection system should use if a threat has been detected.
Available Options:
Log and Drop: The data packet will be dropped and logged.
Log Only: The data packet will be logged.
Network/Host Exceptions: Add or select the source networks or hosts that should be exempt from being scanned for threats by Advanced Threat Protection. How to add an IP host is explained on the Device Configuration > System > Host and Services > IP Host page.
Threat Exceptions: Add destination IP addresses or domain names that you want to skip from being scanned for threats by Advanced Threat Protection.
Caution - Be careful with specifing exceptions. By excluding sources or destinations you may expose your network to severe risks.