Three geographic locations connected via VPN + AGSS. Worried about viruses and ransomware spreading.
I have three sites connected via VPN in a triangle where network access is available between all three sites via domain federations. Each site can access servers, printers, and resources between any of the other sites. All three sites are connected via TZ3XX SonicWALL. Two running 6.5 and one running 7.0. All three sites have Advanced Gateway Security Suite enabled for both LAN/WAN zones.
I'm concerned that a user opening a virus or ransomware can trigger an even that spreads to all three sites. WIll AGSS adequately protect against malicious traffic in one site spreading to the other sites across the VPN? Is there additional configuration/steps I can take to protect against this scenario?
We do have multiple levels of backup (on-site and off-site) as well as good anti-virus (Sophos Intercept-X). I have also reviewed the steps for 6.x and 7.x general configuration here.
Thanks. M
Answers
You are asking a very loaded question. GAV, GAS, and IPS are only part of the UTM features. Are you using DPI-SSL for clients? If not you're missing at least half of internet traffic. Are you using GeoIP Filtering to prevent access to / from unneeded and questionable areas? Content filtering? Do you have traffic segregated based on access needs?
It is up to you to implement (hopefully company) policies about what is and isn't allowed on the network. Look into NIST CSF and other cybersecurity frameworks. Welcome to the Wild West.
Hi @MandrichTech,
You would have to enable the GAV, AS & IPS in VPN zone in three location.