Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-26-2013 06:29 AM
Hi All,
I don't have content Filter License.
am I required to configure ssl decryption to block internet applications or file types?
shall I've a content filter license to configure ssl decryption or not?
Also I'm facing other Issues,
to open internet access for users, I open web-browsing application and ssl.
while I'm trying to brows the internet I find YouTube is allowed also. and I can't block it anyway until I remove ssl from the applications. which causes all the HTTPS sites not to work.
another issue is that I configure a policy between the users and my the file server to allow applications ( ms-ds-smb, msrpc, netbios-ns, netbios-ss, netbios-dg, ping) and drop some file types
Like exe files. and nothing happens. So the users can upload and download exe files from the file server.
how all these issues can be resolved.
Regards,
Maher
12-26-2013 08:06 AM
Let’s see if I can answer a few of your questions.
I don't have content Filter License.: You don’t need threat to create rules based on application or service.
Am I required to configure ssl decryption to block internet applications or file types? No, probably best to leave SSL decryption off until you get your rules setup and working. SSL decryption works best with the URL license because you want to exclude URL categories like Financial and Education.
shall I've a content filter license to configure ssl decryption or not? You don’t need threat prevention to do application based rules. You won’t need to add any profiles to your security rules.
to open internet access for users, I open web-browsing application and ssl: If you have the application default set under service in the security policy you will run into issues if you only have web-browsing and SSL added to the rule. It would be best to create an Application Filter (under the Objects tab) and add categories to the custom filter. You can do it based on Risk level or on one of the subcategories or any combination.
while I'm trying to browse the internet I find YouTube is allowed also. and I can't block it anyway until I remove ssl from the applications. which causes all the HTTPS sites not to work. If you want to block YouTube you can create a rule and place it above your web / ssl rule. Add youtube and the application, leave the service set to any and Set the rule to block.
12-26-2013 08:19 AM
Let me make sure I understand the last question.
another issue is that I configure a policy between the users and my the file server to allow applications ( ms-ds-smb, msrpc, netbios-ns, netbios-ss, netbios-dg, ping) and drop some file types. So you have configured File Blocking profile under Objects. You have added exe as the file type and set the action to block. You can also set the direction to both if you want to block exe to and from the file server. You then added this profile to the Security Rule you created. With the profile set it should block exe files. The Action on the security rule should be set to Allow.
12-27-2013 06:40 AM
Hi Stuart,
Thanks for your keen interest, and your great answers.
I understand well now, but I think I've to apply security profiles to the security rules that allows applications, such as DNS, as there a suspicious DNS attacks on the DNS servers happens, and there more on other applications.
and, regarding the other question, yes. I configured the file server security policy as you explained. but I see no actions on files is been taken will being uploaded or downloaded from the server share.
do you have any solution?
Thanks&Regards,
Maher
12-28-2013 05:56 AM
can you share your file blocking profile and security rule related to that profile ?
also from monitor logs be sure that traffic matches to the correct rule.
12-29-2013 11:36 PM
Hi Panos,
here you are the required outtput
admin@PA-SRV-2# show profiles file-blocking "prevent on file server"
"prevent on file server" {
rules {
"Standard users" {
application any;
file-type [ apk avi avi-divx avi-xvid bat cab class dll exe flv hta jar mov mp3 mp4 reg rm torrent wmv wsf];
direction both;
action block;
}
}
}
admin@PA-SRV-2# show rulebase security rules FileServer-Rule
FileServer-Rule {
option {
disable-server-response-inspection no;
}
from any;
to any;
source Sukari-Clients;
destination FileServer-Group;
source-user any;
category any;
application FileServer-Apps;
service application-default;
hip-profiles any;
action allow;
log-start yes;
log-end yes;
negate-source no;
negate-destination no;
disabled no;
profile-setting {
profiles {
file-blocking "prevent on file server";
virus Antivirus-Block;
spyware Anti-Spyware-Profile;
vulnerability "Vulnerability Profile";
}
}
}
and also the traffic is matching the rule to the file server.
any recommendation?
Appreciated.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
