Am I able to block via file extension, the text file extension ony, without any inspection and/or identification by the Palo Alto unit?
I want to block jar files but the PA keeps telling me they are zip files and then allows them. I would like to block anything named *.jar no matter what the PA identifies it as.
I have blocked exe files sucessfully and jar files are listed in the file blocking security profile. Add the .jar top the security profile then apply that profile to a policy or profile group.
When firewall blocks the files it is not based on the extension. PAN inspect the file and then block it. If it was just being blocked on the extension then anybody would be able to change the extension and send the firewall. If the file is being wrongfully identified then i would suggest you open a case with the support and provide the file to them to further investigate the issue.
Hope this helps.
i understand why you want to inspect the file/protocol etc..
but blocking based on file extension has its place too.
I guess ill call support b/c most all of the time the jar files are being id'ed as zip files.
plus PA doesnt have the pack.gz filetype, so id like to be able to just block that based on the file extention.
upon further inspection i noticed they are being block albeit in a roundabout way.
the jar file (which is set to be blocked) creates an alert BUT the block page says a class file (which ive also set to be blocked) is being blocked so... I hope they are still being blocked if they do not contain a class file (is that even possible/practical?.. possibly if youre a 'bad guy').
This blocking of jar files, is it only for browsers or for email etc aswell?
If its just for browsers then it should work if you create an url-filter blocking *.jar (given that you want to block on extension and not on contents). And/Or create a custom app using http as base and define uri or url to end with *.jar OR the mime-extension which is being used (I think its "application/java-archive") - the custom appid should contain both rules (as an OR).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!