Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Flow-Based Antivirus Profiles Overview

An SRX Series Firewall with flow-based antivirus protects your network from security attacks. The flow-based antivirus profile scans each packet in the payload content for threats such as viruses, Trojans, rootkits, and other types of malicious code and blocks the content, if detected. If a violation is detected, a reset packet is sent to the receiver. This reset packet closes the connection and prevents the payload delivery.

For example, if a user visits a compromised website and downloads malicious content, it could harm their endpoint and other hosts in the network. So, it is important to stop the download of the malicious content.

You can use an SRX Series Firewall with flow-based antivirus to protect users from virus attacks and to stop viruses from spreading in your system. Flow-based antivirus scans network traffic for viruses, Trojans, rootkits, and other types of malicious code and blocks the malicious content right away when detected. When packets pass through the SRX Series Firewall, a flow-based antivirus profile checks the packets instantly without storing the packets. The flow-based check makes the process quicker and less memory-intensive, but with fewer inspection features than a proxy-based antivirus profile.

Use the Flow-Based Antivirus Profiles page to create and to manage flow-based antivirus profiles. To access this page, click SRX > Security Subscriptions > Flow-Based Antivirus.

Benefits

  • Flow-based inspection identifies and stops security threats in real-time.

  • Flow-based inspection uses less processing resources than proxy-based inspection and does not change packets, unless a threat is detected and packets are blocked.

Field Descriptions

Table 1: Fields on the Flow-Based Antivirus Profiles Page
Field Description
Name Displays the flow-based antivirus profile name.
Verdict threshold Displays the threshold value to determine when a file is considered infected.
Action Displays the action to be taken when an infected file is detected, which can be Permit or Block.
Description Displays the description of the antivirus profile.