How to Expedite File Blocking Profile Creation and Modification via CLI

How to Expedite File Blocking Profile Creation and Modification via CLI

23352
Created On 03/27/20 16:48 PM - Last Modified 10/17/25 14:25 PM


Objective


  • In certain situations when you configure File Blocking profile addition and removal of 'File Types' can be a daunting task as the current GUI option does not offer check boxes or other easy method.
  • For every file type in the supported list, clicking add and finding the file type by scrolling would be needed to customize the rule.

Environment


  • PA-5250
  • PAN-OS v.8.1 and higher

Procedure


To expedite the process of addition or removal of file types in a File Blocking profile  one can use CLI :



1. Adjust the CLI output format to 'set'.
admin@PA-VM> set cli config-output-format set

2. View the currently supported file using a new profile name.
To view the supported file types, use a question mark (?) at the end of the command.
 

admin@PA-VM> configure
admin@PA-VM# set profiles file-blocking "File Blocking Profile File Type" rules "Exclude Encrypted" file-type ?
admin@PA-VM# set profiles file-blocking "File Blocking Profile File Type" rules "Exclude Encrypted" file-type
  [                      Start a list of values.
  7z                     file-type 7z
  Multi-Level-Encoding   file-type Multi-Level-Encoding
  PE                     file-type PE
  access-shortcut        file-type access-shortcut
  ace                    file-type ace
  ade                    file-type ade
  adp                    file-type adp
  ai                     file-type ai
  aip-encrypted-docx     file-type aip-encrypted-docx
  aip-encrypted-pptx     file-type aip-encrypted-pptx
  aip-encrypted-xlsx     file-type aip-encrypted-xlsx
  any                    All file types
  apk                    file-type apk
  arj                    file-type arj
  asp                    file-type asp
  avi                    file-type avi

 

.
.
Output purposely reduced to make it concise.

3. To narrow it down to a selected list of file types, the file types can be listed within square brackets [] separated by space.
At the time of this writing, the full list of supported file types in one line is :

[ 7z Multi-Level-Encoding PE access-shortcut ace ade adp ai aip-encrypted-docx aip-encrypted-pptx aip-encrypted-xlsx any apk arj asp avi avi-divx avi-xvid bas bat bmp bmp-upload bzip2 cab catpart cdr chm cin class cmd com cpl csv deflate64-zip der dll dmg doc docm docx dpx dsn dwf dwg dxf edif elf emf encrypted-7z encrypted-doc encrypted-docx encrypted-office2007 encrypted-pdf encrypted-ppt encrypted-pptx encrypted-rar encrypted-xls encrypted-xlsx encrypted-zip eps exe exr flash flv gds gif gif-upload gzip hlp hta hwp hwpx ichitaro iff inf ins iqy iso its iwork-keynote iwork-numbers iwork-pages jar jpeg jpeg-upload js jse lnk lzh ma macapp mach-o mb mda mdb mdi mdt mdw mdz mht microsoft-shell mif mkv mov mp3 mp4 mpeg mpeg-ts mpkg msc msi msoffice msp ocx pbix pbm pcl pdf pem pgp pif pkg pl png png-upload powershell ppt pptx prg psd py rar reg renamed-zip rla rm rpf rtf scf scr sgi sh shk shs slk softimg split-cab split-rar stp svg sys tar tdb tif tiff tmp torrent url vb vbe vbs vxd webm wmf wmv wri wsf wsh xll xls xlsx xpm zcompressed zip ]

- Edit the list in your your favorite text editor and  Append the desired list to the command. As an example Notepad++ has been used to selectively exclude encrypted file types to apply block action.

In the example below, file types with encrypted keyword has been excluded : 
 

[edit]
admin@PA-VM# set profiles file-blocking "File Blocking Profile File Type" rules "Exclude Encrypted" file-type [ aip-encrypted-docx aip-encrypted-pptx aip-encrypted-xlsx encrypted-7z encrypted-doc encrypted-docx encrypted-office2007 encrypted-pdf encrypted-ppt encrypted-pptx encrypted-rar encrypted-xls encrypted-xlsx encrypted-zip ]
admin@PA-VM# set profiles file-blocking "File Blocking Profile File Type" rules "Exclude Encrypted" action block
admin@PA-VM# set profiles file-blocking "File Blocking Profile File Type" rules "Exclude Encrypted" application any

 



admin@PA-VM# set profiles file-blocking "File Blocking Profile File Type" rules "Others" file-type [ 7z Multi-Level-Encoding PE access-shortcut ace ade adp ai any apk arj asp avi avi-divx avi-xvid bas bat bmp bmp-upload bzip2 cab catpart cdr chm cin class cmd com cpl csv deflate64-zip der dll dmg doc docm docx dpx dsn dwf dwg dxf edif elf emf eps exe exr flash flv gds gif gif-upload gzip hlp hta hwp hwpx ichitaro iff inf ins iqy iso its iwork-keynote iwork-numbers iwork-pages jar jpeg jpeg-upload js jse lnk lzh ma macapp mach-o mb mda mdb mdi mdt mdw mdz mht microsoft-shell mif mkv mov mp3 mp4 mpeg mpeg-ts mpkg msc msi msoffice msp ocx pbix pbm pcl pdf pem pgp pif pkg pl png png-upload powershell ppt pptx prg psd py rar reg renamed-zip rla rm rpf rtf scf scr sgi sh shk shs slk softimg split-cab split-rar stp svg sys tar tdb tif tiff tmp torrent url vb vbe vbs vxd webm wmf wmv wri wsf wsh xll xls xlsx xpm zcompressed zip ]
 

admin@PA-VM# set profiles file-blocking "File Blocking Profile File Type" rules "Others" action alert
admin@PA-VM# set profiles file-blocking "File Blocking Profile File Type" rules Others application any
admin@PA-VM# commit

 



Result can be verified in GUI



The result can be reviewed further in the GUI to make minor adjustments.
Commit the changes and apply the profile to a policy. This can be replicated for additional profile rules as desired.


(Note: The "any" file type is included in the list from step 2.  The "any" file type is often overlooked. Please take note.



 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPIrCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language