Solved

Using a paloalto pa-500 is it possible to block .exe files within .zip files without also blocking word and excel files ?

Posted on 2015-01-12
1
855 Views
Last Modified: 2015-01-15
We are behind a paloalto pa-500. Software version 6.0.5, Global Protect Agent 1.2.4.

We wish to block the download of certain file types that are within ZIP files. For example, we have a rule to block the download of .exe files but we also wish to block the download of .exe files that are sitting with a ZIP file. When a rule to block the download of ZIP files is added this also blocks the download of Office files that are Office 2007 format or later. This is because they use a file format that has some compression.

Previously we used a Watchguard firewall and it was possible to block the download of ZIP files on this device. On this device the block on ZIP file downloads did not affect  the download of Word or Excel files.

So, my question is, does anyone know how to block the download of ZIP files on a Paloalto without also blocking the download of Word and Excel files ?

Thank in advance for any useful info.
0
Comment
Question by:unitedvoice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40546629
Initially I was thinking to have the rule to allow specific file type to be those of Words and Excel and followed by Block rule on ZIP file. But seeing PAN does not go by sequential rule checks as stated https://live.paloaltonetworks.com/docs/DOC-2858, there doesn't seems to have means to "bypass" from PAN config way. This is limitation as other has experienced too.

Unless we manipulate the file like password protect or change file header hex binary in the Words/Excel document, i am doubt there is another mean (changing file name will not work as you will already know). Or PAN support can suggest alternatives...or see it differently.

For info on the default "Any" (https://live.paloaltonetworks.com/docs/DOC-1748) meaning all the Blockable file format stated in https://live.paloaltonetworks.com/docs/DOC-1783
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question