i am testing wildfire at the moment for forwarding .doc, .docx and EXE Files to the wildfire cloud.
This is my rule:
But it seems, that only .doc and .exe Files are forwared to the cloud (first Forward but then upload skip because the cloud have already seen this file - that´s ok)
The .docx files are just in "alert" state and will not be forwarded to the cloud . Does anybody know why?
The most probable reason why it is just reporting 'Alert' is that the file has already been seen by wildfire at some point and it benign.
Try creating a custom DOCX and see what happens.
I was going to respond to your message but than did not have firewall with lesser PAN-OS than 7.x to check if I am correct :/ sorry I didn't, I feel like coming late to the party now. Anyways:
I think you could either add zip filetype or ms-office (not sure if that exists as such in 6.x) along with .doc filetype; fact is that there is a big difference in fileformats where .doc is closed file format and if I remember well should have magic number "D0C F11E" - doc file; while docx is actually an archive containing more files and you can open office xlsx or docx and such files with unarchiver app.
I would try adding doc and zip filetypes to your file blocking profile to check if that will work, and if you have ms-office try that filetype as well instead of any. Otherwise, if docx was selectable but not working as expected I would open a case with TAC to check and to bring the issue to their attention.
when i am using "microsoft-office" as the filetype to be forwarded to the cloud it seems to work fine with .docx files.
I also find this hint on PAN Help:
If you want the firewall to block/forward MS Office files, it is recommended that you select this “msoffice” group to ensure all supported MS Office file types will be identified instead of selecting each file type individually.
When i am using "docx, gzip, zip" file type in the data blocking policy the docx files will not be forwarded to the cloud.
I am glad advice still had some value :)
ok, so it will work with ms-office. I would think it should work with docx but "your mileage may wary" depending on the particular docx and perhaps of what it embeds, so I would still go for ms-office filetype. If this creates a problem for you (for example, you wanted exclusively docx forwarded but not the rest) you should still open the case with TAC.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!