Test File Inspection for Internet Access
After setting up file inspection, we recommend that you check your configured security profile and internet access rules. You can evaluate File Inspection by pointing your browser to one of our test files.
Prerequisites
- A source device that is known to have access controlled by Secure Access.
- An internet access rule near the top of the rule order that has a security profile with File Inspection enabled.
To ensure that the traffic is not blocked by other security features, test the security profile in a rule that has all other security and acceptable use features disabled. Ensure that no other rule in the access policy hits the traffic first.
Procedure
- Browse to one of Cisco's EICAR test files.
Test File | Description |
---|---|
http://proxy.opendnstest.com/download/eicar.com | Clear text test file. |
https://ssl-proxy.opendnstest.com/download/eicar.com | Encrypted test file. |
http://proxy.opendnstest.com/download/AMP_TEST_FILE.txt | Cisco AMP clear text test file. |
https://ssl-proxy.opendnstest.com/download/AMP_TEST_FILE.txt | Cisco AMP encrypted test file. |
- After loading a File Inspection test file, you should see a block page. Diagnostic information includes details about which server the file went through. If you do not see a block page, see Troubleshoot File Inspection.
Block Page Diagnostic Information
Block page diagnostic information identifies the hostname of the reputation authority. When proxying a domain or URL, Secure Access evaluates the destination in two phases.
- Secure Access receives a request and checks the reputation of the domain or URL. If the destination is known to be malicious, Secure Access blocks the request and displays a block page. The block page diagnostic information lists the
Server
asnginx
. - Next, Secure Access checks if a destination matches a security category or is blocked by an internet access rule. If a destination is not blocked, then Secure Access retrieves any requested content from the URL, then scans the requested files by file inspection (antivirus and AMP). If a file is malware, Secure Access returns a block page. The block page diagnostic information lists the
Server
asmps
.
Enable Threat Grid Malware Analysis < Test File Inspection for Internet Access > Troubleshoot File Inspection
Updated 2 months ago