Skip to content

Advanced protection

Advanced protection analyzes incoming and outgoing network traffic (for example DNS requests, HTTP requests, and IP packets) for threats.

It enables you to detect compromised endpoint devices in your network and raise an alert or drop the traffic from these devices.

To turn on advanced threat protection, click the on/off switch. When you turn it on, you can configure the following settings:

Advanced threat protection (ATP)

Option Description

Select the action you want ATP to take when a threat is detected:

  • Log only: Logs the data packet but still allows the data flow.
  • Log and drop: Logs and drops the packet.
By default, Log only is selected.
Network / Host Exceptions Specify the networks and hosts you want to exclude from ATP scanning. To do this, click Add new item and select the network or host you want to exclude. If no definition exists, click Create new to add a new one.
Threat exceptions Add the destination domains or IP addresses you want to exclude from ATP scanning. To add an entry, type a URL or IP address in Search / Add and click Add Add button.. You can enter a maximum of 128 characters.


You may expose your network to severe risks if you exclude sources or destinations.

Advanced security settings

Option Description
Inspect untrusted content Inspects traffic from untrusted sources or traffic going to untrusted destinations only. This option gives the best performance.
Inspect all content Inspects all content to and from both trusted and untrusted sources and destinations. This option gives the best security but may impact performance.


The difference in performance between Inspect untrusted content and Inspect all content is minimal. However, it can be significant in high-traffic environments.