AV configuration does not come into effect

Publication Date:  2013-05-07 Views:  264 Downloads:  0
Issue Description
Customer feedbacks that the AV configuration doesn’t come into effect
Alarm Information
None.
Handling Process
Check the interface flow is large, and the customer uses the highest level scan, the decompression layer is high either.
Adjusted the “Scan level” to 2 and adjusted the “Max decompressable layer” to 3:
[USG5120]dis utm bypass state
17:30:24  2012/03/24
UTM bypass function is enabled
The problem is solved.
Root Cause
1, check whether it has enabled the av global
[USG5120]dis av global-configuration
17:14:12  2012/03/24
Global configuration information about Anti-Virus
------------------------------------------------------------
  Anti-Virus global switch : Enable
  Scan level               : 3
  Max decompressable layer : 10
Enable state, namely it has enabled.
2, check whether the av policy application is correct
[USG5120]dis policy interzone trust untrust outbound
17:17:10  2012/03/24
policy interzone trust untrust outbound
firewall default packet-filter is permit
policy 0 (1137194 times matched)
  action permit
  policy logging
  policy service service-set tcp (predefined)
  policy source any
  policy destination any
  policy av av-policy
  http-access log enable
The inter-domain application also has no problem
3, check the av policy configuration
[USG5120]  dis av policy av-policy
17:21:43  2012/03/24
AV Policy "av-policy"
================================================================================
  Description                    : Anti-Virus policy
  Referenced                     : 0
  Password-protected-file action : Permit
  Deep-compressed-file action    : Permit
  Malformed-file action          : Permit
  Large-file action              : Permit

  HTTP Protocol
    HTTP switch                             : Enable
    Action                                  : Block
    Transfer mode                           : Upload/Download
    Resume-transfer                         : Enable
    Accelerate-transfer                     : Disable
    Max file size to scan                   : 10 MBytes
    Scan mode                               : Specified extension
    HTTP file extension                     :
Web push notification                   : This page has the virus and has been masked off
Also hasn’t found out the problem
4, Check the av engine feature database problems
[USG5120]dis av version
17:24:38  2012/03/24
==================Update information list===================
  Current version :
    Version number                : 20120322.003
    Engine version                : 1.1.1.4
    Engine size                   : 4106904 bytes
    Signature database version    : 20120322.003
    Signature database size       : 170012829 bytes
    Update time                   : 01:31:00 2012/03/23
Issue time of the update file : 10:38:00 2012/03/22
It is the latest version.
5, check whether the license is overdue
[USG5120]dis license
17:25:55  2012/03/24
Device ESN is: 210235G6AFZ0BA000032
The file activated is: flash:/licon00003593-a369904054b_usg5120.dat
The time when activated is: 2012/03/19  10:38:51
VFW: 25
expire time:2012-06-15.
SSL VPN Maximal Concurrent User Number: 150
expire time:2012-06-15.
IPS: ENABLED
expire time:2012-06-15.
Anti Virus: ENABLED
expire time:2012-06-15.
AV function hasn’t overdue.
6, check whether the bypass function has been opened.
[USG5120]dis utm bypass state
17:28:12  2012/03/24
  UTM bypass function is enabled.
  UTM bypass function is active at current.
“Active” shows that “bypass” function has been opened, when the process ability is insufficient, USG will give priority to release business.
Suggestions
Av doesn’t come into effect can be solved in accordance with this method.

END