VMware Beta Community
joncastro
Contributor
Contributor
‎05-05-2023 03:29 AM

Testing Enhanced Firewall Services VCO58 Version 5.2

We are trying to test the Advance Threat Protection using vco58 which already has 5.2 version using Edges with 5.2 version too. We have been doing some testing but the Edge does not detect any malware.

 

I’ve tried to download malware files using curl on a client behind an Edge from  http://www.tekdefense.com/downloads/malware-samples/ https://www.eicar.org/download-anti-malware-testfile/  https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analy...

 

but nothing is detected by the Edge. Are we missing anything important? What is the expected behaviour?

 

 

We are using the following configuration  which enables Enhanced Firewall Services and IDS/IPS is enabled on the allowAny firewall rule.

 

screen1.png

screen2.png

Reply
0 Kudos
1 Reply
sthammanur
VMware Employee
VMware Employee
‎05-08-2023 02:29 PM

Hi Jon - 

Thanks for beta testing the solution. From your description and links provided, the tests look more relevant for an anti-malware solution vs. IDS/IPS. The service we are launching on our edges is Intrusion Detection and Prevention powered by NSX security. We will reach to you for additional information and answer questions. 

Sathya

Reply
0 Kudos