Solved

Using a paloalto pa-500 is it possible to block .exe files within .zip files without also blocking word and excel files ?

Posted on 2015-01-12
1
811 Views
Last Modified: 2015-01-15
We are behind a paloalto pa-500. Software version 6.0.5, Global Protect Agent 1.2.4.

We wish to block the download of certain file types that are within ZIP files. For example, we have a rule to block the download of .exe files but we also wish to block the download of .exe files that are sitting with a ZIP file. When a rule to block the download of ZIP files is added this also blocks the download of Office files that are Office 2007 format or later. This is because they use a file format that has some compression.

Previously we used a Watchguard firewall and it was possible to block the download of ZIP files on this device. On this device the block on ZIP file downloads did not affect  the download of Word or Excel files.

So, my question is, does anyone know how to block the download of ZIP files on a Paloalto without also blocking the download of Word and Excel files ?

Thank in advance for any useful info.
0
Comment
Question by:unitedvoice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40546629
Initially I was thinking to have the rule to allow specific file type to be those of Words and Excel and followed by Block rule on ZIP file. But seeing PAN does not go by sequential rule checks as stated https://live.paloaltonetworks.com/docs/DOC-2858, there doesn't seems to have means to "bypass" from PAN config way. This is limitation as other has experienced too.

Unless we manipulate the file like password protect or change file header hex binary in the Words/Excel document, i am doubt there is another mean (changing file name will not work as you will already know). Or PAN support can suggest alternatives...or see it differently.

For info on the default "Any" (https://live.paloaltonetworks.com/docs/DOC-1748) meaning all the Blockable file format stated in https://live.paloaltonetworks.com/docs/DOC-1783
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question