ADTRAN GAV delivers real-time virus protection directly on the firewall by using ADTRAN’s
IPS-Deep Packet Inspection v2.0 engine to inspect all traffic that traverses the ADTRAN gateway. Building on ADTRAN’s reassembly-free architecture, ADTRAN GAV inspects multiple application protocols, as well as generic TCP streams, and compressed traffic. Because ADTRAN GAV does not have to perform reassembly, there are no file-size limitations imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are also performed on a single-pass, per-packet basis.
ADTRAN GAV delivers threat protection directly on the firewall by matching downloaded or e-
mailed files against an extensive and dynamically updated database of threat virus signatures. Virus attacks are caught and suppressed before they travel to desktops. New signatures are created and added to the database by a combination of ADTRAN’s SonicAlert Team, third-party virus analysts, open source developers and other sources.
ADTRAN GAV can be configured to protect against internal threats as well as those originating
outside the network. It operates over a multitude of protocols including SMTP, POP3, IMAP, HTTP, FTP, NetBIOS, instant messaging and peer-to-peer applications and dozens of other stream-based protocols, to provide administrators with comprehensive network threat prevention and control. Because files containing malicious code and viruses can also be compressed and therefore inaccessible to conventional anti-virus solutions, ADTRAN GAV integrates advanced decompression technology that automatically decompresses and scans files on a per packet basis.
ADTRAN GAV delivers real-time virus protection directly on the firewall by using ADTRAN’s
IPS-Deep Packet Inspection v2.0 engine to inspect all traffic that traverses the ADTRAN gateway. Building on ADTRAN’s reassembly-free architecture, ADTRAN GAV inspects multiple application protocols, as well as generic TCP streams, and compressed traffic. Because ADTRAN GAV does not have to perform reassembly, there are no file-size limitations imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are also performed on a single-pass, per-packet basis.
ADTRAN GAV delivers threat protection directly on the firewall by matching downloaded or e-
mailed files against an extensive and dynamically updated database of threat virus signatures. Virus attacks are caught and suppressed before they travel to desktops. New signatures are created and added to the database by a combination of ADTRAN’s SonicAlert Team, third-party virus analysts, open source developers and other sources.
ADTRAN GAV can be configured to protect against internal threats as well as those originating
outside the network. It operates over a multitude of protocols including SMTP, POP3, IMAP, HTTP, FTP, NetBIOS, instant messaging and peer-to-peer applications and dozens of other stream-based protocols, to provide administrators with comprehensive network threat prevention and control. Because files containing malicious code and viruses can also be compressed and therefore inaccessible to conventional anti-virus solutions, ADTRAN GAV integrates advanced decompression technology that automatically decompresses and scans files on a per packet basis.
ADTRAN GAV delivers comprehensive, multi-layered anti-virus protection for networks at the
desktop, the network, and at remote sites. ADTRAN GAV enforces anti-virus policies at the gateway to ensure all users have the latest updates and monitors files as they come into the network.
ADTRAN GAV is based on ADTRAN's high performance DPIv2.0 engine (Deep Packet
Inspection version 2.0) engine, which performs all scanning directly on the firewall. ADTRAN GAV includes advanced decompression technology that can automatically decompress and scan files on a per packet basis to search for viruses and malware. The ADTRAN GAV engine can perform base64 decoding without ever reassembling the entire base64 encoded mail stream. Because ADTRAN's GAV does not have to perform reassembly, there are no file-size limitations imposed by the scanning engine. Base64 decoding and ZIP, LHZ, and GZIP (LZ77) decompression are also performed on a single-pass, per-packet basis. Reassembly free virus scanning functionality of the ADTRAN GAV engine is inherited from the Deep Packet Inspection engine, which is capable of scanning streams without ever buffering any of the bytes within the stream.
Building on ADTRAN's reassembly-free architecture, GAV has the ability to inspect multiple
application protocols, as well as generic TCP streams, and compressed traffic. ADTRAN GAV protocol inspection is based on high performance state machines which are specific to each supported protocol. ADTRAN GAV delivers protection by inspecting over the most common protocols used in today's networked environments, including SMTP, POP3, IMAP, HTTP, FTP, NetBIOS, instant messaging and peer-to-peer applications and dozens of other stream-based protocols. This closes potential backdoors that can be used to compromise the network while also improving employee productivity and conserving Internet bandwidth.
Creating a NetVanta Security Portal account is fast, simple, and FREE. Simply complete an
online registration form in the firewall management interface.
|
Step 2
|
If the
System > Status
page is not displayed in the management interface, click System
in the left-navigation menu, and then click Status
.
|
|
Step 3
|
On the
System > Status
page, in the Security Services
section, click the Register
link in Your
ADTRAN is not registered. Click here to
Register
your ADTRAN
.
|
|
Step 4
|
In the
NetVanta Security Portal Login
page, click the here
link in If you do not have a
myADTRAN account, please click
here
to create one
.
|
|
Step 5
|
In the
myADTRAN Account
page, enter in your information in the Account Information
, Personal Information
and Preferences
fields. All fields marked with an asterisk (*
) are required fields.
|
|
Step 6
|
Click
Submit
after completing the myADTRAN Account
form.
|
Congratulations
. Your NetVanta Security Portal account is activated.
Now you need to log into NetVanta Security Portal to register your firewall.
|
Step 2
|
If the
System > Status
page is not displaying in the management interface, click System
in the left-navigation menu, and then click Status
.
|
|
Step 3
|
On the
System > Status
page, in the Security Services
section, click the Register
link. The NetVanta Security Portal Login
page is displayed.
|
|
|
–
|
Client Anti-Virus
- Provides desktop and server anti-virus protection with software running on each computer.
|
|
|
–
|
Anti-Spyware
- Protects your network from malicious spyware by blocking spyware installations at the gateway and disrupts.
|
Click
Continue
on each page.
|
|
Note
|
Clicking on the
Continue
button does not activate the FREE TRIAL versions of these ADTRAN Security Services.
|
|
Step 6
|
At the top of the
Product Survey
page, Enter a “friendly name” for your firewall in the Friendly
Name
field. The friendly name allows you to easily identify your firewall in your NetVanta Security Portal account.
|
Because ADTRAN Anti-Spyware is part of ADTRAN Gateway Anti-Virus, Anti-Spyware, and
Intrusion Prevention Service. The Activation Key you receive is for all three services on your firewall.
If you do not have a ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention
Service. license activated on your firewall, you must purchase it from a ADTRAN reseller or through your NetVanta Security Portal account (limited to customers in the USA and Canada).
If you have an Activation Key for ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion
Prevention Service, perform these steps to activate the combined services:
|
Step 1
|
On the
Security Services > Gateway Anti--Virus
page, click the ADTRAN Gateway
Anti-Virus Subscription
link. The NetVanta Security Portal Login
page is displayed.
|
|
Step 3
|
Click
Activate
or Renew
in the Manage Service
column in the Manage Services Online
table.
|
|
Step 4
|
Type in the Activation Key in the
New License Key
field and click Submit
. ADTRAN Intrusion Prevention Service is activated. The System > Licenses
page is displayed with the Anti-Spyware and Gateway Anti-Virus links displayed at the bottom of the Manage Services Online
table with the child Activation Keys.
|
|
Step 6
|
Click
Submit
. If you have activated a FREE TRIAL version or are renewing a license, the renew screen is displayed that shows the expiration date of the current license and the expiration date of the updated license. Click Renew
.
|
|
Step 8
|
Click
Submit
. If you have activated a FREE TRIAL version or are renewing a license, the renew screen is displayed that shows the expiration date of the current license and the expiration date of the updated license. Click Renew
.
|
Congratulations!
You have activated the ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention Service.
If you activate the ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention
Service subscription on NetVanta Security Portal, the activation is automatically enabled on your firewall within 24-hours or you can click the Synchronize
button on the
Security Services > Summary
page to immediately update your firewall.
You can try FREE TRIAL versions of ADTRAN Gateway Anti-Virus, ADTRAN Anti-Spyware,
and ADTRAN Intrusion Prevention Service. You must activate each service separately from the Manage Services Online table on the System > Licenses
page or by clicking the FREE TRIAL link on the respective Security Services page (i.e. Security Services > Gateway Anti-Virus
).
To try a FREE TRIAL of ADTRAN Gateway Anti-Virus, ADTRAN Anti-Spyware, or ADTRAN
Intrusion Prevention Service, perform these steps:
|
Step 1
|
Click the
FREE TRIAL
link on the Security Services > Gateway Anti-Virus,
Security Services > Anti-Spyware
, or Security Services > Intrusion Prevention
page. The NetVanta Security Portal Login
page is displayed.
|
|
Step 3
|
Click
Try
in the FREE TRIAL
column in the Manage Services Online
table. The service is enabled on your security appliance.
|
Activating the ADTRAN Gateway Anti-Virus license on your firewall does not automatically
enable the protection. To configure ADTRAN Gateway Anti-Virus to begin protecting your network, you need to perform the following steps:
The
Security Services > Gateway Anti-Virus
page provides the settings for configuring ADTRAN GAV
on your firewall.
You must select
Enable Gateway Anti-Virus
check box in the Gateway Anti-Virus Global
Settings
section to enable ADTRAN GAV on your firewall.You must specify the zones you want ADTRAN GAV protection on the Network > Zones
page.
You apply ADTRAN GAV to zones on the
Network > Zones
page.
You can enforce ADTRAN GAV not only between each network zone and the WAN, but also
between internal zones. For example, enabling ADTRAN GAV on the LAN zone enforces anti-virus protection on all incoming and outgoing LAN traffic.
|
Step 1
|
In the firewall management interface, select
Network > Zones
or from the Gateway Anti-Virus
Status
section, on the Security Services > Gateway Anti-Virus
page, click the Network >
Zones
link. The Network > Zones
page is displayed.
|
|
Step 2
|
In the
Configure
column in the Zone Settings
table, click the edit icon  . The Edit Zone
window is displayed.
|
|
Step 3
|
Click the
Enable Gateway Anti-Virus Service
checkbox. A checkmark appears. To disable Gateway Anti-Virus Service, uncheck the box.
|
|
|
Note
|
You also enable ADTRAN GAV protection for new zones you create on the Network >
Zones
page. Clicking the Add
button displays the Add Zone
window, which includes the same settings as the Edit Zone
window.
|
The
Gateway Anti-Virus Status
section shows the state of the anti-virus signature database, including the database's timestamp, and the time the ADTRAN signature servers were last checked for the most current database version. The firewall automatically attempts to synchronize the database on startup, and once every hour.
The
Gateway Anti-Virus Status
section displays the following information:
|
|
•
|
Signature Database
indicates whether the signature database needs to be downloaded or has been downloaded.
|
|
|
•
|
Last Checked
indicates the last time the firewall checked the signature database for updates. The firewall automatically attempts to synchronize the database on startup, and once every hour.
|
|
|
•
|
Gateway Anti-Virus Expiration Date
indicates the date when the ADTRAN GAV service expires. If your ADTRAN GAV subscription expires, the ADTRAN IPS inspection is stopped and the ADTRAN GAV configuration settings are removed from the firewall. These settings are automatically restored after renewing your ADTRAN GAV license to the previously configured state.
|
The
Gateway Anti-Virus Status
section displays Note: Enable the Gateway Anti-Virus per
zone from the
Network > Zones
page
. Clicking on the Network > Zones
link displays the Network > Zones
page for applying ADTRAN GAV on zones.
By default, the firewall running ADTRAN GAV automatically checks the ADTRAN signature
servers once an hour. There is no need for an administrator to constantly check for new signature updates. You can also manually update your ADTRAN GAV database at any time by clicking the Update
button located in the Gateway Anti-Virus Status
section.
ADTRAN GAV signature updates are secured. The firewall must first authenticate itself with a
pre-shared secret, created during the ADTRAN Distributed Enforcement Architecture licensing registration. The signature request is transported through HTTPS, along with full server certificate verification.
Application-level awareness of the type of protocol that is transporting the violation allows
ADTRAN GAV to perform specific actions within the context of the application to gracefully handle the rejection of the payload.
By default, ADTRAN GAV inspects all inbound
HTTP
, FTP
, IMAP
, SMTP
and POP3
traffic. Generic TCP Stream
can optionally be enabled to inspect all other TCP based traffic, such as
non-standard ports of operation for SMTP and POP3, and IM and P2P protocols.
Within the context of ADTRAN GAV, the
Enable Inbound Inspection
protocol traffic handling refers to the following:
The
Enable Inbound Inspection
protocol traffic handling represented as a table:
The
Enable Outbound Inspection
feature
is available for HTTP, FTP, SMTP, and TCP traffic.
For each protocol you can restrict the transfer of files with specific attributes by clicking on the
Settings
button under the protocol in the Gateway Anti-Virus Global Settings
section.
These restrict transfer settings include:
|
|
•
|
Restrict Transfer of packed executable files (UPX, FSG, etc.)
- Disables the transfer of packed executable files. Packers are utilities which compress and sometimes encrypt executables. Although there are legitimate applications for these, they are also sometimes used with the intent of obfuscation, so as to make the executables less detectable by anti-virus applications. The packer adds a header that expands the file in memory, and then executes that file. ADTRAN Gateway Anti-Virus currently recognizes the most common packed formats: UPX, FSG, PKLite32, Petite, and ASPack. additional formats are dynamically added along with ADTRAN GAV signature updates.
|
Clicking the
Configure Gateway AV Settings
button at the bottom of the Gateway Anti-Virus
Global Settings
section displays the Gateway AV Settings
window, which allows you to configure clientless notification alerts and create a ADTRAN GAV exclusion list.
If you want to suppress the sending of e-mail messages (SMTP) to clients from ADTRAN GAV
when a virus is detected in an e-mail or attachment, check the Disable SMTP Responses
box.
The HTTP Clientless Notification feature notifies users when GAV detects an incoming threat
from an HTTP server. To configure this feature, check the Enable HTTP Clientless Notification Alerts box and enter a message in the Message to Display when Blocking field, as shown below.
With this option disabled, when GAV detects an incoming threat from an HTTP server, GAV
blocks the threat and the user receives a blank HTTP page. Typically, users will attempt to reload the page because they are not aware of the threat. The HTTP Clientless Notification feature informs the user that GAV detected a threat from the HTTP server.
|
|
Tip
|
The HTTP Clientless Notification feature is also available for ADTRAN Anti-Spyware.
|
Optionally, you can configure the timeout for the HTTP Clientless Notification on the
Security
Services > Summary
page under the Security Services Summary
heading.
Any IP addresses listed in the exclusion list bypass virus scanning on their traffic.The
Gateway
AV Exclusion List
section provides the ability to define a range of IP addresses whose traffic will be excluded from ADTRAN GAV scanning.
|
|
Warning
|
Use caution when specifying exclusions to ADTRAN GAV protection.
|
To add an IP address range for exclusion, perform these steps:
|
Step 1
|
Click the
Enable Gateway AV Exclusion List
checkbox to enable the exclusion list.
|
|
Step 2
|
Click the
Add
button. The Add GAV Range Entry
window is displayed.
|
|
Step 3
|
Enter the IP address range in the
IP Address From
and IP Address To
fields, then click OK
.
You IP address range appears in the Gateway AV Exclusion List
table. Click the edit icon in the Configure
column to change an entry or click the delete  icon to delete an entry.
|
|
Step 4
|
Click
OK
to exit the Gateway AV Config View
window.
|