Creating Capture Advanced Threat Protection Security Policies

In order to take advantage of Capture Advanced Threat Protection (CATP or Capture ATP), create Capture ATP security policies as described below and select the categories of files you want to block. Once you have created a policy, apply it to an SSID group as explained in Applying a Security Policy to an SSID Group.

To create a Capture ATP security policy

1. Navigate to Security > Security Policies.
2. Click Add + to add a new security policy. The Add New Security Policy page displays.
3. Enter the name of the policy.

4. From the Policy Type list, select CATP Security Policy.

   

5. Click Next. The Advanced page displays.

6. In the General section, click Enable to enable the Capture ATP policy you have selected. Unselect it to disable the policy.
7. Choose the Schedule from the drop-down list.

8. Click the Block Until Verdict to enable to decide whether questionable files should be allowed to pass.

   If you are not concerned about their safety, you can allow them. If you do not want to take the chance of their being dangerous, select Block Until Verdict.

9. Optionally, you can set a Maximum File Size. The default maximum size is 10240 bytes. For SonicWave 231c/224w/231o models, the maximum size will reduce to 5120KB due to limited memory."

   The following table shows the maximum size supported on the models:

   Models	Maximum size
   SonicWave231c/231o/224w	5,120 KB
   SonicWave432i/432e/432o	10,240 KB
   SonicWave621	1,024 KB
   SonicWave641/681	10,240 KB

   
   

10. You can set the acceptable files types by checking any of the File Types boxes.
11. Select the Protocol(s) as required.
12. Specify the MD5 Exclusion List. For more information, refer to Adding an MD5 Hash to the Exclusion List.
13. Click Save to save your selections.

The policy is now listed on the Security > Security Policies page.