Data filtering blocking when it should not

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Data filtering blocking when it should not

L0 Member

We were testing File Blocking and found that it was blocking too much.

 

The configuration consisted of 2 rules:

 

- Applications = ms-ds-smbv1,  File-types=any, Action=continue

- Applications = any,  File-types=any, Action=alert

 

The test was to download an excel file using SMBv1, and result was blocked.

We would expect that it would allow it.

 

If we just change the action of the first rule from "continue" to "alert" then it works.

Direction is always "both" for all rules.

 

Version is 8.0.13.

1 accepted solution

Accepted Solutions

@agrijalba

You can't use Continue on ms-ds-smb traffic as the firewall can't generate the continue page, that really only works in a browser. 

 

continue —A message to the user indicates that a download has been requested and asks the user to confirm whether to continue. The purpose is to warn the user of a possible unknown download (also known as a drive-by-download) and to give the user the option of continuing or stopping the download.When you create a file blocking profile with the action continue, you can only choose the application web-browsing. If you choose any other application, traffic that matches the Security policy will not flow through the firewall due to the fact that the users will not be prompted with a continue page.

View solution in original post

2 REPLIES 2

L0 Member

By the way this is Data Filtering configuration.

 

photo_2018-11-27_13-20-03.jpg

 

We are not sure why this is blocking SMBv1 downloads.

@agrijalba

You can't use Continue on ms-ds-smb traffic as the firewall can't generate the continue page, that really only works in a browser. 

 

continue —A message to the user indicates that a download has been requested and asks the user to confirm whether to continue. The purpose is to warn the user of a possible unknown download (also known as a drive-by-download) and to give the user the option of continuing or stopping the download.When you create a file blocking profile with the action continue, you can only choose the application web-browsing. If you choose any other application, traffic that matches the Security policy will not flow through the firewall due to the fact that the users will not be prompted with a continue page.

  • 1 accepted solution
  • 2243 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!