10-30-2017 12:35 PM
I was testing file blocking before implementation and .exe does not get entirely blocked. 2 different exe files, one from microsoft does not get blocked while another from nirsoft gets blocked. Is there a difference to what kind of exe files get blocked.
And what about other filetypes do they also behave same.
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
http://www.nirsoft.net/utils/wireless_network_view.html
11-01-2017 03:22 AM - edited 11-01-2017 04:11 AM
as per you'r inputs its seems Palt Alto Firewall is able to block files over none-secured connection and block files from this site:
http://www.nirsoft.net/utils/wireless_network_view.html
and not able to block files over encrypted traffic
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
did you using Outbound SSL Decryption (SSL Forward Proxy)?
if Yes: In case you'r using SSL Decryprion, the firewall proxies outbound SSL connections by intercepting outbound SSL requests and generating a certificate on the fly for the site the user wants to visit. The validity date on the PA-generated certificate is taken from the validity date on the real server certificate, and the decrypted data can be inspected for threats, URL filtering, file blocking, or data filtering. Decrypted traffic is never sent off the device.
11-01-2017 09:27 AM
11-01-2017 03:22 AM - edited 11-01-2017 04:11 AM
as per you'r inputs its seems Palt Alto Firewall is able to block files over none-secured connection and block files from this site:
http://www.nirsoft.net/utils/wireless_network_view.html
and not able to block files over encrypted traffic
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
did you using Outbound SSL Decryption (SSL Forward Proxy)?
if Yes: In case you'r using SSL Decryprion, the firewall proxies outbound SSL connections by intercepting outbound SSL requests and generating a certificate on the fly for the site the user wants to visit. The validity date on the PA-generated certificate is taken from the validity date on the real server certificate, and the decrypted data can be inspected for threats, URL filtering, file blocking, or data filtering. Decrypted traffic is never sent off the device.
11-01-2017 08:08 AM
I missed the fact it was ssl session with microsoft. No we don't decrypt outbound as of now.
11-01-2017 09:27 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
