Solved

Using a paloalto pa-500 is it possible to block .exe files within .zip files without also blocking word and excel files ?

Posted on 2015-01-12
1
744 Views
Last Modified: 2015-01-15
We are behind a paloalto pa-500. Software version 6.0.5, Global Protect Agent 1.2.4.

We wish to block the download of certain file types that are within ZIP files. For example, we have a rule to block the download of .exe files but we also wish to block the download of .exe files that are sitting with a ZIP file. When a rule to block the download of ZIP files is added this also blocks the download of Office files that are Office 2007 format or later. This is because they use a file format that has some compression.

Previously we used a Watchguard firewall and it was possible to block the download of ZIP files on this device. On this device the block on ZIP file downloads did not affect  the download of Word or Excel files.

So, my question is, does anyone know how to block the download of ZIP files on a Paloalto without also blocking the download of Word and Excel files ?

Thank in advance for any useful info.
0
Comment
Question by:unitedvoice
1 Comment
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40546629
Initially I was thinking to have the rule to allow specific file type to be those of Words and Excel and followed by Block rule on ZIP file. But seeing PAN does not go by sequential rule checks as stated https://live.paloaltonetworks.com/docs/DOC-2858, there doesn't seems to have means to "bypass" from PAN config way. This is limitation as other has experienced too.

Unless we manipulate the file like password protect or change file header hex binary in the Words/Excel document, i am doubt there is another mean (changing file name will not work as you will already know). Or PAN support can suggest alternatives...or see it differently.

For info on the default "Any" (https://live.paloaltonetworks.com/docs/DOC-1748) meaning all the Blockable file format stated in https://live.paloaltonetworks.com/docs/DOC-1783
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now