Advanced threat protection

Advanced threat protection analyzes incoming and outgoing network traffic for threats. Using ATP, you can quickly detect compromised clients in your network and log or drop the traffic from those devices.

  1. To turn on ATP.
  2. You can configure the following settings:
    OptionDescription

    Logging

    By default, logging for ATP events is turned on. To change this, select Change log settings which takes you to the Log settings page where you can turn the logging off.

    Policy

    Use the drop-down menu to select the security policy that the ATP system should use if a threat has been detected.

    • Log only: Logs traffic and allows packets passing through the XG Firewall.
    • Log and drop: Logs traffic and drops packets preventing them from passing through XG Firewall.

    Host exceptions

    Add or select the internal source networks or hosts whose outbound connections should be exempt from being scanned for threats by the ATP system.

    To add an exclusion click Add new item and then select hosts or networks that should be excluded. Then click Apply selected items at the bottom of the menu.

    Threat exceptions

    Add the IP addresses or domain names of the external hosts or networks and click the plus button . For example, web servers that you want to skip from being blocked by the ATP system.

    By excluding sources or destinations, you may expose your network to severe risks.