TotalSecure Configuration Task List
28
SonicWALL TZ 180 TotalSecure
Updating SonicWALL GAV Signatures
By default, the SonicWALL security appliance running SonicWALL GAV automatically checks the
SonicWALL signature servers once an hour. There is no need for an administrator to constantly
check for new signature updates. You can also manually update your SonicWALL GAV database
at any time by clicking the Update button located in the Gateway Anti-Virus Status section.
SonicWALL GAV signature updates are secured. The SonicWALL security appliance must first
authenticate itself with a pre-shared secret, created during the SonicWALL Distributed Enforcement
Architecture licensing registration. The signature request is transported through HTTPS, along with
full server certificate verification.
Specifying Protocol Filtering
Application-level awareness of the type of protocol that is transporting the violation allows
SonicWALL GAV to perform specific actions within the context of the application to gracefully
handle the rejection of the payload.
By default, SonicWALL GAV inspects all inbound HTTP, FTP, IMAP, SMTP and POP3 traffic.
Generic TCP Stream can optionally be enabled to inspect all other TCP based traffic, such as
non-standard ports of operation for SMTP and POP3, and IM and P2P protocols.
Note: Refer to “Protocol Handling” on page 9 for detailed descriptions of how SonicWALL GAV
handles protocol traffic.
Enabling Inbound Inspection
Within the context of SonicWALL GAV, the Enable Inbound Inspection protocol traffic handling
refers to the following:
• Non-SMTP traffic initiating from a Trusted, Wireless, or Encrypted Zone destined to any
Zone.
• Non-SMTP traffic from a Public Zone destined to an Untrusted Zone.
• SMTP traffic initiating from a non-Trusted Zone destined to a Trusted, Wireless, Encrypted,
or Public Zone.
• SMTP traffic initiating from a Trusted, Wireless, or Encrypted Zone destined to a Trusted,
Wireless, or Encrypted Zone.
