FILE BLOCKING NOT INSPECTING ZIP CONTENT

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

FILE BLOCKING NOT INSPECTING ZIP CONTENT

L1 Bithead

Hello everyone,

I'm trying to block download of CPL files (PE) using a file blocking profile. We are trying to create it in a way which assures that even zipped CPL Files will be blocked.

We created the profile but it did not work on HTTPS sites, just on HTTP sites. We were wondering if its necessary to create some kind of Decryption Policy or something like that to allow Palo Alto to block download of files under SSL.

7 REPLIES 7

L5 Sessionator

Hi,

For moment, a zip file is for palo a .... zip file 🙂 Not possible to block file if this one has been zipped .... yet 😉

Hope help

V.

Hello Vince,

We did a test downloading an .exe zipped file over HTTP and Palo Alto blocked the download (The profile was set to block PE files). It just doesn't work with HTTPS sites.

Hello Renan,

Is this behavior is consistent across all browsers.. i.e IE, Chrome, firefox...?

Have you mentioned any specific application on your file-blocking profile..?

Example:

file-blocking.jpg

If so, please set application to any and test it again.

Thanks

Hello HULK,

The application is already set to "any" and the issue is consistent across all browsers.File Blocking.PNG

Is there any data-filtering logs has been generated for the same. GUI > Monitor> Logs > Data-Filtering.

Thanks

Just the logs when  we download over http. We are not able to see any log about the downloads over HTTPS.

Best Regards

Do you have a chance to enable SSL decryption for a single host and let me know the result from that machine..?

Thanks

  • 5284 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!