08-11-2014 07:59 AM
Hello everyone,
I'm trying to block download of CPL files (PE) using a file blocking profile. We are trying to create it in a way which assures that even zipped CPL Files will be blocked.
We created the profile but it did not work on HTTPS sites, just on HTTP sites. We were wondering if its necessary to create some kind of Decryption Policy or something like that to allow Palo Alto to block download of files under SSL.
08-11-2014 08:51 AM
Hello Vince,
We did a test downloading an .exe zipped file over HTTP and Palo Alto blocked the download (The profile was set to block PE files). It just doesn't work with HTTPS sites.
08-11-2014 09:13 AM
Hello Renan,
Is this behavior is consistent across all browsers.. i.e IE, Chrome, firefox...?
Have you mentioned any specific application on your file-blocking profile..?
Example:
If so, please set application to any and test it again.
Thanks
08-11-2014 09:59 AM
Hello HULK,
The application is already set to "any" and the issue is consistent across all browsers.
08-11-2014 10:08 AM
Is there any data-filtering logs has been generated for the same. GUI > Monitor> Logs > Data-Filtering.
Thanks
08-11-2014 10:15 AM
Just the logs when we download over http. We are not able to see any log about the downloads over HTTPS.
Best Regards
08-11-2014 10:18 AM
Do you have a chance to enable SSL decryption for a single host and let me know the result from that machine..?
Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
