03-05-2012 08:44 AM
I would like to be sure of UTM process.
Imagine Web Filtering (SurfControl), Content Filtering and Kasperksy Full-based AV enabled.
What is the next action if URL matches the URL whitelist of WebFiltering part ? traffic is accepted and other UTM features (CF & AV) are bypassed ? or WF is bypassed, and packet is now parsed in Content Filtering and after, Antivirus ?
03-05-2012 09:02 AM
The content filter module evaluates traffic before all other UTM modules except Web Filtering.
So in your Case it would be as you said:
WF ---> CF ---> AV
AV will be applied after.
If URL is blocked / blacklisted or whatever, the TCP connection is closed and no antivirus scanning is performed as all
03-05-2012 09:23 AM
Thanks for your reply.
Here, my question is more what is the next action IF packet is accepted with URL whitelist of WF ? traffic is accepted and other UTM feature are bypassed (only for this session) ? OR packet is accepted for WF and next action is CF process (and AV process after) ?
03-05-2012 09:24 AM
Yes that is correct, after WF will come CF and then AV, in that order. The other UTM features are not bypassed.