The firewall provides several methods for protecting against threats and inappropriate web usage. Use these settings to configure how the firewall scans content for malware and to enable other protection mechanisms.

Malware Scanning

Configure general restrictions for scanning and restricting traffic by type and protocol.

Scan Engine Selection
Specify the type of scanning to apply.

Available Options:

Single Engine: Scan traffic using the primary anti-virus engine (by default, the Sophos engine). This selection offers optimal performance. Dual Engine: Scan traffic using both engines, first by the primary and then by the secondary. Using this setting increases security, but may affect performance.
Malware Scan Mode
Specify batch or real-time scanning for HTTP/HTTPS traffic.

In batch mode, virus scanning will start only after the complete file has been downloaded. While this mode offers maximum protection, it may result in slower performance. Switch to real-time scanning to improve performance.

Content that could not be scanned
Specify an action to take when the firewall encounters content that could not be scanned.
Note Files that cannot be fully scanned because they are encrypted or corrupted may contain undetected threats. Blocking offers the best protection.
Do not scan files larger than
Specify the maximum size of files to be scanned for HTTP(S), in MB. Files that exceed this setting will not be scanned.
Acceptable range: 1 to 256 MB
Default: 1 MB
Advanced Settings
Maximum file scan size for FTP
Specify the maximum size of files to be scanned for FTP, in MB. Files that exceed this setting will not be scanned.
Acceptable range: 1 to 204 MB
Default: 1 MB
Scan audio and video files
Scan audio and video content for malware and threats. Scanning may cause issues with streaming audio and video.
Enable pharming protection

Pharming attacks redirect users from legitimate websites to fraudulent websites that have been created to look like the legitimate site.

Protect users against pharming and other domain name poisoning attacks by repeating DNS lookups before connecting.

Search Engine Enforcement

Enforce SafeSearch

Block websites that contain sexually explicit content from Google, Yahoo, and Bing search results.

Note This setting is applicable only when the ‘No Explicit Content’ web policy is set to ‘Block’.
Enforce additional image filters
Restrict image search results to images with a Creative Commons license.

HTTPS Decryption and Scanning

HTTPS Scanning Certificate Authority (CA)
Specify the certificate authority for securing scanned HTTPS connections.
Block unrecognized SSL protocols
Prevent traffic that avoids HTTPS scanning by using invalid SSL protocols.
Block invalid certificates
Connect only to sites with a valid certificate.
Click to Apply changes.