For details on cookie usage on our site, read our Privacy Policy
File Types and Applications regarding SSL Decryption
- LIVEcommunity
- Discussions
- General Topics
- Re: File Types and Applications regarding SSL Decryption
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
File Types and Applications regarding SSL Decryption
- Mark as New
- Subscribe to RSS Feed
- Permalink
12-26-2013 06:29 AM
Hi All,
I don't have content Filter License.
am I required to configure ssl decryption to block internet applications or file types?
shall I've a content filter license to configure ssl decryption or not?
Also I'm facing other Issues,
to open internet access for users, I open web-browsing application and ssl.
while I'm trying to brows the internet I find YouTube is allowed also. and I can't block it anyway until I remove ssl from the applications. which causes all the HTTPS sites not to work.
another issue is that I configure a policy between the users and my the file server to allow applications ( ms-ds-smb, msrpc, netbios-ns, netbios-ss, netbios-dg, ping) and drop some file types
Like exe files. and nothing happens. So the users can upload and download exe files from the file server.
how all these issues can be resolved.
Regards,
Maher
- Mark as New
- Subscribe to RSS Feed
- Permalink
12-29-2013 11:36 PM
Hi Panos,
here you are the required outtput
admin@PA-SRV-2# show profiles file-blocking "prevent on file server"
"prevent on file server" {
rules {
"Standard users" {
application any;
file-type [ apk avi avi-divx avi-xvid bat cab class dll exe flv hta jar mov mp3 mp4 reg rm torrent wmv wsf];
direction both;
action block;
}
}
}
admin@PA-SRV-2# show rulebase security rules FileServer-Rule
FileServer-Rule {
option {
disable-server-response-inspection no;
}
from any;
to any;
source Sukari-Clients;
destination FileServer-Group;
source-user any;
category any;
application FileServer-Apps;
service application-default;
hip-profiles any;
action allow;
log-start yes;
log-end yes;
negate-source no;
negate-destination no;
disabled no;
profile-setting {
profiles {
file-blocking "prevent on file server";
virus Antivirus-Block;
spyware Anti-Spyware-Profile;
vulnerability "Vulnerability Profile";
}
}
}
and also the traffic is matching the rule to the file server.
any recommendation?
Appreciated.
- Allowed SSL traffic reporting as policy-deny in Next-Generation Firewall Discussions
- Cortex XDR 7.9 blocking windows defender in Cortex XDR Discussions
- Limit access to CMDBuild application in Next-Generation Firewall Discussions
- App-ID | SSL Decryption in Next-Generation Firewall Discussions
- Palo Alto Firewalls - Azure deployment design for regional resiliency in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
