[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Using a paloalto pa-500 is it possible to block .exe files within .zip files without also blocking word and excel files ?

Posted on 2015-01-12
1
Medium Priority
?
977 Views
Last Modified: 2015-01-15
We are behind a paloalto pa-500. Software version 6.0.5, Global Protect Agent 1.2.4.

We wish to block the download of certain file types that are within ZIP files. For example, we have a rule to block the download of .exe files but we also wish to block the download of .exe files that are sitting with a ZIP file. When a rule to block the download of ZIP files is added this also blocks the download of Office files that are Office 2007 format or later. This is because they use a file format that has some compression.

Previously we used a Watchguard firewall and it was possible to block the download of ZIP files on this device. On this device the block on ZIP file downloads did not affect  the download of Word or Excel files.

So, my question is, does anyone know how to block the download of ZIP files on a Paloalto without also blocking the download of Word and Excel files ?

Thank in advance for any useful info.
0
Comment
Question by:unitedvoice
1 Comment
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 40546629
Initially I was thinking to have the rule to allow specific file type to be those of Words and Excel and followed by Block rule on ZIP file. But seeing PAN does not go by sequential rule checks as stated https://live.paloaltonetworks.com/docs/DOC-2858, there doesn't seems to have means to "bypass" from PAN config way. This is limitation as other has experienced too.

Unless we manipulate the file like password protect or change file header hex binary in the Words/Excel document, i am doubt there is another mean (changing file name will not work as you will already know). Or PAN support can suggest alternatives...or see it differently.

For info on the default "Any" (https://live.paloaltonetworks.com/docs/DOC-1748) meaning all the Blockable file format stated in https://live.paloaltonetworks.com/docs/DOC-1783
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month19 days, 3 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question