Different workflows can be configured when Advanced Threat Defense is used to perform additional scans of web objects.
Forwarding a web object depending on the additional scanning
The following diagram shows the workflow that forwards a web object to a user depending on the scanning result of Advanced Threat Defense.
- A user sends a request to access a web object, for example, a file, from a system within your network that is a client of Web Gateway.
- If the request passes filtering according to the configured rules, Web Gateway forwards it to the appropriate web server.
A progress page is sent to the client, telling the user to wait while the request is processed.
- The web server sends the object to Web Gateway.
- If the criteria for using Advanced Threat Defense are met, Web Gateway passes the object on for scanning.
To retrieve information on the scanning progress, Web Gateway queries Advanced Threat Defense in regular intervals.
- When Advanced Threat Defense has completed the scanning, it lets Web Gateway know whether the object is malicious or not.
- Depending on this information, Web Gateway allows the user to access the requested object or sends a block page, which states that access is blocked and gives a reason for the blocking.