FILE BLOCKING NOT INSPECTING ZIP CONTENT

Reply
Highlighted
L1 Bithead

FILE BLOCKING NOT INSPECTING ZIP CONTENT

Hello everyone,

I'm trying to block download of CPL files (PE) using a file blocking profile. We are trying to create it in a way which assures that even zipped CPL Files will be blocked.

We created the profile but it did not work on HTTPS sites, just on HTTP sites. We were wondering if its necessary to create some kind of Decryption Policy or something like that to allow Palo Alto to block download of files under SSL.

L5 Sessionator

Re: FILE BLOCKING NOT INSPECTING ZIP CONTENT

Hi,

For moment, a zip file is for palo a .... zip file :-) Not possible to block file if this one has been zipped .... yet ;-)

Hope help

V.

L1 Bithead

Re: FILE BLOCKING NOT INSPECTING ZIP CONTENT

Hello Vince,

We did a test downloading an .exe zipped file over HTTP and Palo Alto blocked the download (The profile was set to block PE files). It just doesn't work with HTTPS sites.

L7 Applicator

Re: FILE BLOCKING NOT INSPECTING ZIP CONTENT

Hello Renan,

Is this behavior is consistent across all browsers.. i.e IE, Chrome, firefox...?

Have you mentioned any specific application on your file-blocking profile..?

Example:

file-blocking.jpg

If so, please set application to any and test it again.

Thanks

L1 Bithead

Re: FILE BLOCKING NOT INSPECTING ZIP CONTENT

Hello HULK,

The application is already set to "any" and the issue is consistent across all browsers.File Blocking.PNG

L7 Applicator

Re: FILE BLOCKING NOT INSPECTING ZIP CONTENT

Is there any data-filtering logs has been generated for the same. GUI > Monitor> Logs > Data-Filtering.

Thanks

L1 Bithead

Re: FILE BLOCKING NOT INSPECTING ZIP CONTENT

Just the logs when  we download over http. We are not able to see any log about the downloads over HTTPS.

Best Regards

L7 Applicator

Re: FILE BLOCKING NOT INSPECTING ZIP CONTENT

Do you have a chance to enable SSL decryption for a single host and let me know the result from that machine..?

Thanks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!