User guide
Gateway AntiVirus and Intrusion Prevention Service
242 Firebox X Edge e-Series
9. Select the Limit Scanning check box if you want the Gateway AV service to stop scanning each file
after it examines the specified number of kilobytes. This improves the performance of the Edge. Most
viruses are small and many are in the first hundred kilobytes of a file. You must select the correct
balance of performance and security for your network.
10. If you have downloaded, installed, and configured a WatchGuard Quarantine Server, type the
IP address of the Quarantine Server computer. For information about how to install a Quarantine
Server, see Install the Quarantine Server and WebBlocker Server
.
11. When you enable Gateway AV/IPS for SMTP, you must specify the IP address of your SMTP email server
in the Email Server IP Address field near the bottom of the page. The Edge creates a policy for you to
allow incoming SMTP traffic to this IP address.
About Intrusion Prevention Service settings
The Intrusion Prevention Service includes a set of signatures associated with specific commands or text found
in commands that could be harmful. The Intrusion Prevention Service works together with the SMTP, POP3,
HTTP, and FTP proxies. If you have not configured these proxies, they are automatically configured when you
enable Gateway AV or IPS for that protocol.
You can see the name of an intrusion that IPS has blocked in the log records. Select Logging from the sidebar
menu. You can also view general statistics for Gateway AV/IPS on the Gateway AV/IPS page, and trend
reporting for Gateway AV/IPS in System Status > Security Services.
Gateway AV does not scan archive file formats such as .zip or packed executables.