Configuring Suspicious Endpoints

Purpose: Configure Suspicious Endpoints to bolster your gateway security against emerging threats.

Location: Gateways > (gateway name) > NETWORK ACCESS CONTROL > Suspicious Endpoints > General

  1. Optionally enable Suspicious Endpoints.
  2. Choose the action to take for endpoints in violation of the policy:

    • Block: All access to the Internet is blocked.

      If any endpoint is blocked by the Suspicious Endpoints function, the client browser is sent the Suspicious Endpoints Violation notification page and the incident is logged in the troubleshooting screen.

    • Monitor (default): Access to the Internet is allowed, but the suspicious endpoint is added to the violation list.

  3. Configure the threshold for C&C callbacks:
    1. Enter the number of threshold events (default: 50).

      The range is 1 to 1000.

    2. Enter the time period within which the number of threshold events are counted (default: 1 hour).

      Supported values are 30 minutes, 1 hour, 6 hours, 12 hours, and 1 day.

  4. Click Apply.
Parent topic: Suspicious Endpoints