File blocking..

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

File blocking..

L3 Networker

Hi Gents,

I have a Palo Alto 5050 installed between users and my Server Farm.

I configured a security policy to allow access to the File Server, and applied a File type profile to block files such as exe, avi, and FLV.

but the file blocking doesn't work, while the users are still able to put these file types on the server share.

how can I resolve that issue.

Thanks & Regards,

Maher

10 REPLIES 10

L4 Transporter

Hello homicidedart

To block the different file types we select the the file types and give the direction based on if it is upload, download or both direction and give action as block. Some points to look for,

> Direction should be checked can give both to block both directions.

> Security rule should have action as Allow. Block is the action only on the file-blocking profile.

> If there are more than one rule in the file blocking profile we will have to have this rule in the top or more specific rule in the top and more generic in the bottom.

> Also look at the session id details for this traffic to see details about file blocking / sec rule matching and so on to isolate the cause.

file-block.PNG.png

If all these would not help then flow basic has to be done to analyse at packet level.

Hope this helps !

Thanks

Hi Phoenix,

Thanks for your reply, while I see the Configuration you said is the same as mine. I looked at the session ID, and I see nothing about the file.

but in real the file is copied to and from the share directory without any blocking.

How can it be solved.

ft.JPG.jpg

Regards,

Maher

Which PAN-OS version are you running ? Are you seeing a similar issue if you were to use a different application as in FTP ?

- Deepak

Hi Deepak,

I'm using PAN-OS V 5.0.9.

Regarding your question, yes. I tried to upload files to the server Via remote desktop and it's uploaded easily. even when I try to upload it to the internet it's blocked.

and I'm using the file type profile for both destinations in the security policy. the same issue happens in the download.

Regards,

Maher

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!