• Matt Sherif

Is my next gen firewall's AV working?

So, you got yourself a Next Generation Firewall (NGFW) it's got all the magical bells and whistles on it. You spend the time deploying, configuring, tweaking, and finally your network is back up and humming. But how do you know the anti-virus is working as advertised?



Are you willing to roll the dice on your NGFW without verification?


One approach - similar to a previous post - could land you out of a job, which is to test on real malware. Problem is, whether you're testing in a lab or in a production environment, live malware can pose a threat. This is where the EICAR file test comes into the picture.


In a nutshell the European Institute for Computer Antivirus Research (EICAR - pronounced eye car) and the Computer Antivirus Research Organization (CARO) developed a file signature that is benign, but all AV manufacturers recognize as a threat. The idea here is to give you something to test against without exposing your environment to unnecessary risk.



Gotta hand it to Chrome, they know what lies on the other side. Fortunately for us, the EICAR files are benign.


There are many sites out there that allow you to download the EICAR file, or run an EICAR file test, but I have yet to see one as comprehensive as the Fortinet Test Your Metal site (Note: your browser might yell at you, and it's supposed to, because EICAR files are to be treated like malware - but it is safe to proceed). As you may know, malware doesn't come packaged in a pretty little file that says "I'm going to hijack your network!". They're usually hidden in zip, 7z, CAB and other files, sometimes nested inside one another. Test Your Metal has a series of 18 tests, while not all encompassing, it's a fairly comprehensive test.



I am using a FortiGate 201E in this series of tests - I passed!


Test your metal is vendor agnostic, the idea here was to give you a safe means of testing multiple malware delivery methods. Give it a shot, try it on your NGFW today!