Parameter	Mandatory	Default	Description
ThreatProtectionStatus	No		Description: Enable/Disable Advanced Threat Protection feature. ThreatProtectionStatus confines to: Type is 'SCALAR'. Only 'Enable', 'Disable' are allowed.
Host	No		Description: Add or select the source networks or hosts that should be exempt from being scanned for threats by Advanced Threat Protection. Host confines to: Type is 'ARRAY'. Datatype is 'STRING'. Multiple values are allowed. Note: Applicable only if 'Enable Advanced Threat Protection' is enabled..
InspectContent	No		Description: Specify the settings to inspect content based on the trust status. InspectContent confines to: Type is 'SCALAR'. Only 'all', 'untrusted' are allowed.
Threat	No		Description: Add destination IP addresses or domain names that you want to skip from being scanned for threats by Advanced Threat Protection. Threat confines to: Type is 'ARRAY'. Datatype is 'STRING'. Multiple values are allowed. Note: Applicable only if 'Enable Advanced Threat Protection' is enabled..
Policy	Yes	Log Only	Description: Select the security policy that the Advanced Threat Protection system should use if a threat has been detected. Policy confines to: Type is 'SCALAR'. Only 'Log Only', 'Log and Drop' are allowed. Note: Applicable only if 'Enable Advanced Threat Protection' is enabled..

Parameter

Mandatory

Default

Description

ThreatProtectionStatus

Description:
Enable/Disable Advanced Threat Protection feature.
ThreatProtectionStatus confines to:

Type is 'SCALAR'.
Only 'Enable', 'Disable' are allowed.

Host

Description:
Add or select the source networks or hosts that should be exempt from being scanned for threats by Advanced Threat Protection.
Host confines to:

Type is 'ARRAY'.
Datatype is 'STRING'.
Multiple values are allowed.

Note:
Applicable only if 'Enable Advanced Threat Protection' is enabled..

InspectContent

Description:
Specify the settings to inspect content based on the trust status.
InspectContent confines to:

Type is 'SCALAR'.
Only 'all', 'untrusted' are allowed.

Threat

Description:
Add destination IP addresses or domain names that you want to skip from being scanned for threats by Advanced Threat Protection.
Threat confines to:

Type is 'ARRAY'.
Datatype is 'STRING'.
Multiple values are allowed.

Note:
Applicable only if 'Enable Advanced Threat Protection' is enabled..

Policy

Yes

Log Only

Description:
Select the security policy that the Advanced Threat Protection system should use if a threat has been detected.
Policy confines to:

Type is 'SCALAR'.
Only 'Log Only', 'Log and Drop' are allowed.

Note:
Applicable only if 'Enable Advanced Threat Protection' is enabled..

Operation	Status	Message
Advanced Threat Protection	200	Operation Successful.
Advanced Threat Protection	500	Operation Fail.

Operation

Status

Message

Advanced Threat Protection

200

Operation Successful.

Advanced Threat Protection

500

Operation Fail.

Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Operation:	Advanced Threat Protection
Description:	To configure Advanced Threat Protection.