Advanced threat protection

Advanced threat protection analyzes incoming and outgoing network traffic (for example, DNS requests, HTTP requests, and IP packets) for threats.

Using ATP, you can quickly detect compromised clients in your network and raise an alert or drop the traffic from those clients.

To turn on advanced threat protection, click the on/off switch. When you turn it on, the following settings can be configured:

General settings


Policy	Use the drop-down to specify the action ATP should take when a threat is detected. Select Log only to log the data packet but still allow the data flow, or Log and drop to log and drop the packet. By default, Log only is selected.
Network / Host Exceptions	Allows you to specify networks and hosts to exclude from ATP scanning. To do this click Add new item and select the network or host you wish to exclude. If no definition exists you can add a new one by clicking on Create new.
Threat exceptions	Allows you to add destination domains or IP addresses to exclude from ATP scanning. To add an entry, type a URL or IP address in the Search / Add field and click Add .

CAUTION By excluding sources or destinations you may expose your network to severe risks.

Advanced settings


Inspect untrusted content	Inspects traffic from untrusted sources or traffic going to untrusted destinations only. This option gives the best performance.
Inspect all content	Inspects all content to and from both trusted and untrusted sources and destinations. This option gives the best security but may impact performance.

Note The performance difference between Inspect untrusted content and Inspect all content is minimal but should be considered in high traffic environments.