Unable to block ".iso" & ".txt" file download with File Blocking Profile

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Unable to block ".iso" & ".txt" file download with File Blocking Profile

L1 Bithead

Hi Everyone,

 

I am unable to block the ".iso" & ".txt" file download with File Blocking Profile, I am able to block the rest of the files format.

same issue with HTTP and HTTPS traffic. I have enabled decryption for HTTPS traffic but still the same issue. 

Even it's not blocking for HTTP traffic. Below are the link from where I am trying to download the file. I have set any file type and

direction as both in the file blocking profile.

 

I have verified multiple live community discussion but no luck, Please hep me to address the issue.

 

http://mirrors.hostever.com/centos/7.9.2009/isos/x86_64/

 

PA Model: PA-850

PAN-OS: 10.1.3

 

 

2 accepted solutions

Accepted Solutions

Hey @Shakemustafa ,

There was really nice example for diffuculties to block ISO file, in the last episod of Learning Happy Your - https://youtu.be/VelYMyWgC2A?t=329

Try to set File Blocking profile alert any file type and download the ISO file. Check the logs and confirm if firewall has even detected the file and what file type it has detected. As explained in the video FW may not be able to properly identify ISO files.

View solution in original post

L3 Networker

Sounds like a HTTP range request to me. A client can request pieces of a file rather than just the whole thing, this is commonly seen for incomplete downloads like one the firewall reset. Because it's only a partial response, the firewall doesn't have enough information to identify the file with.

 

Please check this setting: Device > Setup > Content-ID > Allow HTTP partial response

 

If it's ticked, try it unticked.

 

- DM

Sr. Technical Support Engineer, Strata

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

@Shakemustafa,

You should be able to block ISO download/upload if everything is configured properly. I just verified in my lab environment trying to download the first .ISO link that is linked in your example. The text files are a bit different, you can only block someone from uploading a text file. To the best of my knowledge, you can't block someone from downloading a text file itself (this would also break a whole bunch of stuff). 

@BPry Thanks for the response. I have configured Policy and Decryption correctly. But still, I am unable to block ISO file download. tested the same other firewalls also but still the same issue. 

Hey @Shakemustafa ,

There was really nice example for diffuculties to block ISO file, in the last episod of Learning Happy Your - https://youtu.be/VelYMyWgC2A?t=329

Try to set File Blocking profile alert any file type and download the ISO file. Check the logs and confirm if firewall has even detected the file and what file type it has detected. As explained in the video FW may not be able to properly identify ISO files.

Hi @aleksandar.astardzhiev :

 

Thanks for your response. In the File Blocking profile, I have set the Application to Any, File Type to Any, Direction to Both, and Action Block. Applied All other profiles to default.

 

When I clicked on the download link, initially file download showed as Failed-Network Error, when I click on Resume Download, it started downloading.

 

In the Data Filtering logs, the File Name is identified correctly and the file type is identified as  .iso file and Action is showing as Deny. But still the same issue. I have attached the Logs for reference. Please suggest any changes that need to perform to address the issue.

 

Download Error.png

 

Data Filter Log.png

 

L3 Networker

Sounds like a HTTP range request to me. A client can request pieces of a file rather than just the whole thing, this is commonly seen for incomplete downloads like one the firewall reset. Because it's only a partial response, the firewall doesn't have enough information to identify the file with.

 

Please check this setting: Device > Setup > Content-ID > Allow HTTP partial response

 

If it's ticked, try it unticked.

 

- DM

Sr. Technical Support Engineer, Strata

Hi @dmifsud : Thanks for the response. After disabling the Allow HTTP Partial Response. Now the file is not getting downloaded even after resume. Thanks for your Help.

  • 2 accepted solutions
  • 5956 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!