|
2
|
Expand the Security Services tree and click Client AV Enforcement. The Client AV Enforcement page appears.
|
|
3
|
To enable the Client Anti-Virus Service, navigate to the Network > Zones page. After the service is enabled, proceed to the next steps to configure the settings.
|
|
4
|
Select Enable Anti-Virus Client Automated Installation, Updates and Enforcement.
|
|
5
|
Clicking Disable policing from Trusted to Public allows computers on a trusted zone (such as a LAN) to access computers on public zones (such as DMZ), even if anti-virus software is not installed on the LAN computers. Unchecked, Disable policing from Trusted to Public enforces anti-virus policies on computers located on Trusted zones.
|
|
6
|
To bypass policing to Wireless Guest Services users, click Bypass policing for WGS users. This check box is only applicable to SonicOS Standard and is greyed out unless Enable DMZ/OPT Policing is selected.
|
|
7
|
To enforce Anti-Virus protection on the DMZ port or HomePort (if available), select Enable DMZ/HomePort/WLAN/OPT Policing.
|
|
8
|
To disable policing from the LAN to the DMZ, select Disable policing from LAN/WorkPort/Trusted to DMZ/HomePort/WLAN/OPT.
|
|
9
|
To configure the SonicWALL appliance(s) to only check for updates once a day, select Reduce AV Traffic for ISDN connections. This is useful for low bandwidth connections or connections that are not “always on.”
|
Dell SonicWALL GMS automatically downloads the latest virus definition files. To configure the maximum number of days that can pass before Dell SonicWALL GMS downloads the latest files, select the number of days from the Maximum Days Allowed Before Forcing Update list box.
Significant virus events can occur without warning (such as Melissa, ILOVEYOU, and others). When these occur, Dell SonicWALL GMS can be configured to block network traffic until the latest virus definition files are downloaded. To configure this feature, determine which types of events will require updating. Then, select Low Risk, Medium Risk, or High Risk.
|
•
|
Low Risk - A virus that is not reported in the field and is considered unlikely to be found in the field in the future has a low risk. Even if such a virus includes a very serious or unforeseeable damage payload, its risk is still low.
|
|
•
|
Medium Risk - If a virus is found in the field, and if it uses a less common infection mechanism, it is considered to be medium risk. If its prevalence stays low and its payload is not serious, it can be downgraded to a low risk. Similarly, it can be upgraded to high risk if the virus becomes more and more widespread.
|
|
•
|
High Risk - To be assigned a high risk rating, it is necessary that a virus is reported frequently in the field. Additionally, the payload must have the ability to cause at least some serious damage. If it causes very serious or unforeseeable damage, high risk might be assigned even with a lower level of prevalence.
|
|
1
|
Select Enforce Anti-Virus policies for all computers to enforce Anti-Virus policies across your entire network. Selecting this option forces computers to install VirusScan ASaP in order to access the Internet or the DMZ. This is the default configuration
|
|
2
|
Select Include specific address ranges in the Anti-Virus enforcement to force a specified range of addresses to adhere to Anti-Virus enforcement. Choosing this option allows the administrator to define ranges of IP addresses to receive Anti-Virus enforcement. If you select this option, specify a range of IP addresses to be enforced. Any computer requiring enforcement needs a static IP address within the specified range of IP addresses. Up to 64 IP address ranges can be entered for enforcement.
|
|
3
|
Select Exclude specific address ranges in the Anti-Virus enforcement to exempt a specified range of addresses from Anti-Virus enforcement. Selecting this option allows the administrator to define ranges of IP addresses that are exempt from Anti-Virus enforcement. If you select this option, specify the range of IP addresses are exempt. Any computer requiring unrestricted Internet access needs a static IP address within the specified range of IP addresses. Up to 64 IP address ranges can be entered.
|
You can edit these address objects and groups by clicking the Edit icon, or add address objects by clicking the Add icon for the desired list.