IPSec and ATP
César_S
Newbie ✭
Hello everyone.
I hope that everyone's doing well.
I have a little question.
I have an IPSec connection between two sites, between these two sites I have a DFS set up.
Now, each time a file is created on the DFS share, these file is copied to the other site but its intercepted by ATP.
Is there anyway to stop ATP on VPN zone?
I tried to search but didn't find anything about it.
I could create an exclusion list were I would add the DFS servers, but this would stop ATP on the WAN zone for these servers. I would like just to stop it when files were transferred by VPN.
Thank you in advance
Category: Entry Level Firewalls
0
Answers
What is your S2S tunnel? Tunnel interface?
İf you did tunnel interface, add to capture atp exclude ip address group. it will work.
otherwise, it isnt tunell interface, disable security services on the zone menu.
It is Site to Site, I did disable the security services on the VPN zone, but on the Capture ATP Scanning History files are still getting scanned on the VPN.
Does the firewalls need restaring?
did you remote site fileserver ip add to other site capture atp exclude list?
Hello, that was what I just did. And it looks like it is working now.
Also, MitatOnge, do you think that it is worth it to have GAV also scanning outbound connections?
@César_S
Outbound traffic scanning is better security layer for zombie end point and your network security . If you have a lots of guest users and you don't believe in end point security tools work fine, you should enable outbound security and tcp streaming scanning.
Sonicwall GAV has high qualty scanning engine.
Pros:Double layer security - Client ----> EndPoint Scanning---> Sonicwall Scanning
80 Milions Cloud signature and into the sonicwall has 30k signatures.
Cons:Speed will be problem. It can be bottleneck situations on the zones or internet lines (Especially tcp streaming scan will drop bandwith performance)
Troubleshoot will be complicated.
Thank you @MitatOnge.