This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Data filtering blocking when it should not

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Data filtering blocking when it should not

Go to solution
agrijalba
L0 Member

‎11-27-2018 04:32 AM

We were testing File Blocking and found that it was blocking too much.

 

The configuration consisted of 2 rules:

 

- Applications = ms-ds-smbv1,  File-types=any, Action=continue

- Applications = any,  File-types=any, Action=alert

 

The test was to download an excel file using SMBv1, and result was blocked.

We would expect that it would allow it.

 

If we just change the action of the first rule from "continue" to "alert" then it works.

Direction is always "both" for all rules.

 

Version is 8.0.13.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to agrijalba

‎11-27-2018 10:26 AM

@agrijalba

You can't use Continue on ms-ds-smb traffic as the firewall can't generate the continue page, that really only works in a browser. 

 

continue —A message to the user indicates that a download has been requested and asks the user to confirm whether to continue. The purpose is to warn the user of a possible unknown download (also known as a drive-by-download) and to give the user the option of continuing or stopping the download.When you create a file blocking profile with the action continue, you can only choose the application web-browsing. If you choose any other application, traffic that matches the Security policy will not flow through the firewall due to the fact that the users will not be prompted with a continue page.

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
agrijalba
L0 Member

‎11-27-2018 04:39 AM

By the way this is Data Filtering configuration.

 

photo_2018-11-27_13-20-03.jpg

 

We are not sure why this is blocking SMBv1 downloads.

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to agrijalba

‎11-27-2018 10:26 AM

@agrijalba

You can't use Continue on ms-ds-smb traffic as the firewall can't generate the continue page, that really only works in a browser. 

 

continue —A message to the user indicates that a download has been requested and asks the user to confirm whether to continue. The purpose is to warn the user of a possible unknown download (also known as a drive-by-download) and to give the user the option of continuing or stopping the download.When you create a file blocking profile with the action continue, you can only choose the application web-browsing. If you choose any other application, traffic that matches the Security policy will not flow through the firewall due to the fact that the users will not be prompted with a continue page.

0 Likes Likes
  • 1 accepted solution
  • 2583 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks