Gateway AV not working

I have the subscription to Gateway AV, I am trying this with HTTP and HTTPS - I have enabled the one for HTTP in the Gateway AV menu. I have chosen the same one for my HTTP proxy. However, there isn't an option to set to AV Scan - I only have options to allow or deny. I was under the impression that I should have that option if everything is setup correctly.

Comments

  • Exactly where are you trying to set AV on your HTTP proxy action?

    For example: HTTP Response -> Content Types or Body Content Types ?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @BlueLine
    You're likely looking at the HTTPS proxy -- you must select a HTTP proxy action after selecting INSPECT. The scan settings are in the HTTP proxy.

    -James Carson
    WatchGuard Customer Support

  • I am using the Default-HTTP-Client which is enabled for Gateway AV and it is on my HTTP Proxy. When I go to proxy actions I have the ability to determine what happens on scan, however if I try to enable ATP blocker it is greyed out and states I must turn on gateway AV in order for it to work.

  • edited February 2022

    Selecting Gateway AV on a HTTP proxy action gives you the Ability to select a Rule Action = AV Scan on an entry on a HTTP Category, such as HTTP Response Content Types.
    Until you have done this, nothing will be AV scanned.

    I have no problem on HTTP.Client-Standard, selecting Gateway AV and then selecting the 1st option in Reputation Enabled Defense, using WSM Policy Manager.

    Note that the main purpose of RED to to not do AV scans for "good" sites, and thus use less firewall resources and to speed up response times.

Sign In to comment.