I have noticed the file transfer blocking doesn’t work as expected. If a rule is in place blocking any file transfer using gmail or any other web-mail (Gmail not GTALK file transfer), it doesn’t work for file-types apart from the once mentioned in the list e.g. .TXT, .PCAP etc. If I select "ANY" as an option, that should block any attachments irrespective of the file-type or the extension. Even if PAN NGFW manages to block it, using a classic uploader option on gmail, the file goes right through. This is just a matter of checking a check-box on the settings page of the Gmail account, which an end user can easily do. I have tried the same with multiple web mails, attachment blocking doesn’t work for non listed file types, when the file type is selected as “ANY” in the file blocking profile.
Any advice would be appreciated.
Enclosed is a custom appID to detect for .jpg images. The signature is looking for the end of the URI path and matching on the string ‘\.jpg HTTP’ without the quote. This will work for web-browsing apps only, and a typical web request would look like this:
GET .../images/twitter_corp.jpg HTTP/1.1\r\n
GET .../pictures/logo.jpg HTTP/1.1\r\n
You can import this appID into the PAN device under Objects ==> Application. Once verified, you can clone the app and change the app signature to match other file types like .scr, .pif, etc.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!