06-08-2022 06:09 AM
Hi Everyone,
I am unable to block the ".iso" & ".txt" file download with File Blocking Profile, I am able to block the rest of the files format.
same issue with HTTP and HTTPS traffic. I have enabled decryption for HTTPS traffic but still the same issue.
Even it's not blocking for HTTP traffic. Below are the link from where I am trying to download the file. I have set any file type and
direction as both in the file blocking profile.
I have verified multiple live community discussion but no luck, Please hep me to address the issue.
http://mirrors.hostever.com/centos/7.9.2009/isos/x86_64/
PA Model: PA-850
PAN-OS: 10.1.3
06-10-2022 06:15 AM - edited 06-10-2022 06:16 AM
Hey @Shakemustafa ,
There was really nice example for diffuculties to block ISO file, in the last episod of Learning Happy Your - https://youtu.be/VelYMyWgC2A?t=329
Try to set File Blocking profile alert any file type and download the ISO file. Check the logs and confirm if firewall has even detected the file and what file type it has detected. As explained in the video FW may not be able to properly identify ISO files.
06-12-2022 12:15 PM
Sounds like a HTTP range request to me. A client can request pieces of a file rather than just the whole thing, this is commonly seen for incomplete downloads like one the firewall reset. Because it's only a partial response, the firewall doesn't have enough information to identify the file with.
Please check this setting: Device > Setup > Content-ID > Allow HTTP partial response
If it's ticked, try it unticked.
- DM
06-08-2022 12:38 PM
You should be able to block ISO download/upload if everything is configured properly. I just verified in my lab environment trying to download the first .ISO link that is linked in your example. The text files are a bit different, you can only block someone from uploading a text file. To the best of my knowledge, you can't block someone from downloading a text file itself (this would also break a whole bunch of stuff).
06-09-2022 03:13 AM
@BPry Thanks for the response. I have configured Policy and Decryption correctly. But still, I am unable to block ISO file download. tested the same other firewalls also but still the same issue.
06-10-2022 06:15 AM - edited 06-10-2022 06:16 AM
Hey @Shakemustafa ,
There was really nice example for diffuculties to block ISO file, in the last episod of Learning Happy Your - https://youtu.be/VelYMyWgC2A?t=329
Try to set File Blocking profile alert any file type and download the ISO file. Check the logs and confirm if firewall has even detected the file and what file type it has detected. As explained in the video FW may not be able to properly identify ISO files.
06-12-2022 11:38 AM
Thanks for your response. In the File Blocking profile, I have set the Application to Any, File Type to Any, Direction to Both, and Action Block. Applied All other profiles to default.
When I clicked on the download link, initially file download showed as Failed-Network Error, when I click on Resume Download, it started downloading.
In the Data Filtering logs, the File Name is identified correctly and the file type is identified as .iso file and Action is showing as Deny. But still the same issue. I have attached the Logs for reference. Please suggest any changes that need to perform to address the issue.
06-12-2022 12:15 PM
Sounds like a HTTP range request to me. A client can request pieces of a file rather than just the whole thing, this is commonly seen for incomplete downloads like one the firewall reset. Because it's only a partial response, the firewall doesn't have enough information to identify the file with.
Please check this setting: Device > Setup > Content-ID > Allow HTTP partial response
If it's ticked, try it unticked.
- DM
06-12-2022 12:28 PM
Hi @dmifsud : Thanks for the response. After disabling the Allow HTTP Partial Response. Now the file is not getting downloaded even after resume. Thanks for your Help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
