How to allow a specific file when its File Type is set to "block"

How to allow a specific file when its File Type is set to "block"

86075
Created On 09/26/20 00:44 AM - Last Modified 05/02/24 20:34 PM


Objective


  • Create an exception for file types that are configured to be blocked in File Blocking.
  • The File Blocking profile does not provide with the ability to configure exceptions, however, the URN to the file can be used to configure an exception leveraging the "Service/URL Category" field in a Security Policy rule.

Environment


  • A File Blocking is configured to block the file-type that needs to be transferred.
  • A specific file in the blocked File Type needs to be excepted.
  • The file transfer protocol used is HTTP.

Procedure


1. Attempt the file transfer that is getting blocked. In this example the File Type is a .jar file.
Attempt to transfer the file so that the transfer is blocked as it normally would.

2. Browse to the [Monitor > Data Filtering] logs and identify the Security Policy rule name that was declared as blocking the file. In our example it is a Security Policy rule named "BLOCKJAR".
Identify the Security Policy rule name tied to the File Blocking profile configured to block this file type.

3. Go to [Objects > Custom Objects > URL Category] and create a new category that will be used for File Blocking exceptions. In this example it's named "ALERTJAR". Click on Add and specify the URN to the file. (Do not prepend http:// for the entry).
Create Custom URL Category listing the full URN path to the files.

4. Clone the current Security Policy rule so that it precedes the currently matched Security Policy rule.
Clone the rule and place the new one on top of the currently matched rule.

5. Open the newly cloned Security Policy rule for editing. Define a new name for it. In this example it is named "ALERTJAR".
Define a name for the newly cloned rule.

6. Select the "Service/URL Category" tab, and define the URL Category created in Step 3.
Define the Custom URL Category that lists the URN to be whitelisted under the Service/URL Category tab.

7. Go to the Actions tab. Make sure that the newly cloned Security Policy either has no File Blocking profile defined (None), or that the one selected does not block the File Type that needs to be allowed.
Select None for File Blocking, or a profile that does not block the file-type that needs to be allowed.

8. This is what the Security Policy rules would look like.
Security Policies final look.

9. Commit your changes. After Commit succeeds, access to the otherwise blocked file will now be allowed.
 
 

Additional Information


Lab verification

In our lab test for Step 7, we used a File Blocking profile called ALERTJAR configured to alert on JAR files.
After the Commit completed and a new file download was attempted, we can verify that the download of the otherwise blocked file-type is now properly being allowed.
Lab verified. The file-type otherwise blocked is now allowed.
 
 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAtvCAG&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language