Embedded Word Templates - Clients on external networks to reject immediately

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Embedded Word Templates - Clients on external networks to reject immediately

L4 Transporter

Hi Guys

 

Wondering if anyone has any ideas on;

 

There are external clients / users attempting to open word documents that use word templates stored on the corporate network drive.  When the user is offsite and not connected to Global Protect or VPN and the user attempts to open the document, Word will attempt to open the template on the network drive and continue to do so for several minutes before giving up and eventually opening the file.

 

For example when I open a word document that contains an embedded template, it will try and download the template from \\abc.com\applications\common\office templates\ABC templates which will cause a DNS lookup of abc.com which returns a public address on my network and therefore hits the PA.

 

Is there any way / guidance on how we can get the firewall to reject the requests to connect to the template and therefore cause word to open the file immediately? I have tried putting in rules to reject / drop / reset when an external client tries to connect via SMB to the IPs that \\abc.com resolves to but this does not appear to work.

 

Any thoughts on this will be greatly appreciated.

 

Thanks in advance.

 

KP

3 REPLIES 3

Cyber Elite
Cyber Elite

This would be more of an issue with Word than your PA. 

 

Go to HKEY_CURRENT_USER\Software\Microsoft\Office\*\Word\Options (* is whatever version you are using)

 

create a new DWORD value called "UseTimeoutForAttachedTemplateLoad"

 

Give it a value of "1"  (The value is milliseconds, so set it accordingly. If you have users that actually do open the VPN I would give it something like 3000 to actually give it 3 seconds to respond) 

 

Exit Regedit and probably restart just to be sure and give it a go.

 

You probably can't do this on clients machines, but without a timeout set it really doesn't matter if your PA sends a reset packet to the other end, as Word wont be "listening" for one for lack of a better term. 

Thanks for your input - I did look at this option, but trying to understand how this can be achieved at a larger scale as there will be plenty of users external to the network who can have access to loads of templates stored on the shared drive.

The only way you could do this on external clients would be to remove any reference to the shared drive. All the solutions that we could possibly provide you would require that you modify something on the users computer; if you can't do that then you would need to remove the template that is linked to the external location all together. 

  • 2968 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!