https://live.paloaltonetworks.com/t5/general-topics/blocking-files-by-url-category-and-zone-direction/m-p/49539#M36499 <HTML><HEAD></HEAD><BODY><P>It appears my resolution was that in my file blocking profile only had "download" for the direction.&nbsp; Modifying to "both" looks to have done the trick. </P></BODY></HTML> Mon, 08 Apr 2013 13:21:01 GMT MGoodnow 2013-04-08T13:21:01Z https://live.paloaltonetworks.com/t5/general-topics/blocking-files-by-url-category-and-zone-direction/m-p/49537#M36497 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>I currently have a security rule that blocks the downloads of ".exe" files from the "unknown" URL category (which sits above my general Internet/WildFire Forward rule).&nbsp; It works extremely well in dropping a huge amount of the garbage out there.&nbsp; However, occasionally the garbage makes it past that rule and sends up a WildFire event.&nbsp; Again, Deny rule comes before the WildFire forward.&nbsp; I noticed from the WildFire alert that in the cases of communication which appears to bypass the deny rule - the source and destination are actually reversed to what the rule is set.&nbsp; Instead of my user being the source - it is now the destination.&nbsp; Should my rule to deny the .exe also include a bidirectional zone?</P><P></P><P>Current Deny .exe rule</P><P></P><P>Source Zone - Internal</P><P>Destination Zone - External </P><P>Application - Web-Browsing</P><P>URL Category - "Unknown" (PANDB)</P><P>Profile - "DenyEXE" File blocking profile for .exe/download/block</P><P></P><P></P><P>Should my zones be a bidirectional setup to block anything that is coming inbound? <SPAN style="font-size: 10pt; line-height: 1.5em;">I had hoped the user session would keep state of that? </SPAN><SPAN style="font-size: 10pt; line-height: 1.5em;">Should the File Blocking profile be both upload and download?&nbsp;&nbsp; Thanks!</SPAN></P><P></P><P>Mike</P></BODY></HTML> Mon, 18 Mar 2013 20:42:33 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-files-by-url-category-and-zone-direction/m-p/49537#M36497 MGoodnow 2013-03-18T20:42:33Z https://live.paloaltonetworks.com/t5/general-topics/blocking-files-by-url-category-and-zone-direction/m-p/49538#M36498 <HTML><HEAD></HEAD><BODY><P>Want to add that if adding the bidirectional zone would be beneficial - it concerns me to add "external" source to "internal" destination in this case.&nbsp; How big a concern is that in this particular setup? We are NAT'd behind the external interface.&nbsp; Thanks.</P></BODY></HTML> Tue, 19 Mar 2013 13:18:11 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-files-by-url-category-and-zone-direction/m-p/49538#M36498 MGoodnow 2013-03-19T13:18:11Z https://live.paloaltonetworks.com/t5/general-topics/blocking-files-by-url-category-and-zone-direction/m-p/49539#M36499 <HTML><HEAD></HEAD><BODY><P>It appears my resolution was that in my file blocking profile only had "download" for the direction.&nbsp; Modifying to "both" looks to have done the trick. </P></BODY></HTML> Mon, 08 Apr 2013 13:21:01 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-files-by-url-category-and-zone-direction/m-p/49539#M36499 MGoodnow 2013-04-08T13:21:01Z