Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Using a paloalto pa-500 is it possible to block .exe files within .zip files without also blocking word and excel files ?

Posted on 2015-01-12
1
Medium Priority
?
941 Views
Last Modified: 2015-01-15
We are behind a paloalto pa-500. Software version 6.0.5, Global Protect Agent 1.2.4.

We wish to block the download of certain file types that are within ZIP files. For example, we have a rule to block the download of .exe files but we also wish to block the download of .exe files that are sitting with a ZIP file. When a rule to block the download of ZIP files is added this also blocks the download of Office files that are Office 2007 format or later. This is because they use a file format that has some compression.

Previously we used a Watchguard firewall and it was possible to block the download of ZIP files on this device. On this device the block on ZIP file downloads did not affect  the download of Word or Excel files.

So, my question is, does anyone know how to block the download of ZIP files on a Paloalto without also blocking the download of Word and Excel files ?

Thank in advance for any useful info.
0
Comment
Question by:unitedvoice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 40546629
Initially I was thinking to have the rule to allow specific file type to be those of Words and Excel and followed by Block rule on ZIP file. But seeing PAN does not go by sequential rule checks as stated https://live.paloaltonetworks.com/docs/DOC-2858, there doesn't seems to have means to "bypass" from PAN config way. This is limitation as other has experienced too.

Unless we manipulate the file like password protect or change file header hex binary in the Words/Excel document, i am doubt there is another mean (changing file name will not work as you will already know). Or PAN support can suggest alternatives...or see it differently.

For info on the default "Any" (https://live.paloaltonetworks.com/docs/DOC-1748) meaning all the Blockable file format stated in https://live.paloaltonetworks.com/docs/DOC-1783
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question