Solved

Watchguard proxy deny executables

Posted on 2011-09-28
5
3,716 Views
Last Modified: 2012-05-12
I have a Watchguard firewall that I'm trying to block executables from being downloaded on.
If I allow application/octet-stream under "Content Types" so that users can download PDF, word, and excel documents from their webmail, then executables (EXE) appear to be allowed on that Watchguard proxy.
How can I allow application/octet-stream and deny executables.?
0
Comment
Question by:mcrossland
5 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36902351
normally .exe files are denied by default in a proxy.
You should also look into the https proxy in case this is a ssl webmail.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36936344
If you need to allow application/octet-stream only from one/few specific sites, then you can configure as below:
1. Your current HTTP proxy service with application/octet-stream denied.
2. Create new HTTP proxy or create copy of above [so you would not need to configure from scratch] and then allow application/octet-stream content type and configure as, Enabled and Allowed; from any-trusted [or specific alias/subnet/hosts]; to specific-public-ip-of-websites

Now only for website having their public IP in step 2 would have application/octet-stream allowed; rest sites would have application/octet-stream blocked.

Note that service created at 2 must be placed higher in order than 1; so that it gets hit first.

Please implement and update.

Thank you.
0
 
LVL 10

Author Comment

by:mcrossland
ID: 36942489
dpk wal,
Your post sparked an idea that might be my solution but is still quite frustrating
To keep things simple, why don't I just add proxy exceptions in my current HTTP-Proxy_OUT and turn off the application/octet-stream globally.
I'm discouraged that to allow PDF file downloads, I have to allow application/octet-stream at all.  This is quite frustrating as that is also the application type for executables.  Doesn't make sense to me.
We have alot of users that randomly research on the web and view alot of PDF type documentation.  This would keep me chasing my tail making exceptions every time someone is doing a google search for documentation on certain product offerings.  Typically PDF documents in alot of cases.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 36942964
In your case as the websites are random disabling application/octet-stream globally seems most workable solution.
As you know usability and security are inversely proportional, this trade-off is necessary.
0
 
LVL 1

Expert Comment

by:htam
ID: 36944874
If file extension is enough for you you, allow more content-type and filter by file extension
If not let me know and I can provide you some content-type that filter most executable.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now