Configuring File Blocking

This section describes how to configure file blocking.

Context

Each security policy rule references one file blocking profile to block the upload and download of the specified files or generates logs when the specified files are detected.

The FW has a default file blocking profile named default. In the default profile, actions for all protocols and in upload and download directions are set to Alert. You cannot modify or delete the default profile.

When you reference a profile in a security policy, you can view the name of the default profile in the drop-down list. To view the configuration result, choose System > Configuration File Management. In Current Configuration, you can view that the security policy references the default profile, but the configuration information about the default profile is not displayed.

You can run the display profile type file-block name default command on the CLI to view the configuration information about the default profile. IF you use the CLI to reference the default profile in a security policy, you must enter the complete profile name (such as default). Otherwise, the profile fails to be referenced. To view the configuration result, run the display current-configuration command. Then you can view that the security policy references the default profile, but the configuration information about the default profile is not displayed.

The FW supports user-defined profiles. You can specify different actions for each file category in its upload and download directions.

Procedure

Choose Object > Security Profiles > File Blocking.
Click Add in File Blocking Profile List tab.

Set the name and description of a file blocking profile.

Parameter	Description
Name	Name of a file blocking profile. The name must be unique. The name is displayed in the parameter list of file blocking during the configuration of security policies.
Description	Description of the file blocking profile. The description helps the administrator understand the functions of the file blocking profile and maintain the profile. For example, a description could be "Blocks the download of .exe files through FTP".

Configure file blocking rules.

Click Add in File Blocking Rules.
Set the name of a file blocking rule.

Parameter

Description

Name

Name of a file blocking rule. The name must be unique.

Parameter	Description
Name	Name of a file blocking rule. The name must be unique.

Configure matching conditions for the file blocking rule.

The device compares the file attributes with the matching conditions of a rule. If all conditions are matched, the device implements the action defined in the rule. If one condition is not met, the device matches the file attributes with the next rule. If no rule is matched, the device allows the file transfer.

If the device identifies the file type, the matching conditions of file blocking are application, file type, and direction.

If the device cannot identify the file type, the matching conditions of file blocking are application, user-defined file name extension, and direction.

Parameter	Description
Application	Application protocol of files to be filtered. For example, you can select FTP to filter the files transferred over FTP.
File Type	Type of files to be filtered. File type is the actual file type identified by the device.
File Extension	User-defined file name extension is supplementary to the file type. If the file type cannot be identified, the device implements file blocking by user-defined file name extension.
Direction	Transfer direction of files to be filtered. The direction can be: Upload Download Both

You must determine the types of files to be filtered and choose the types from the drop-down list. If the types are not included in the list, you must add the file types in File Extension.

For example, if you want to block .exe, .doc, and .flv files, but .flv does not exist in the drop-down list, you can choose .exe and .doc from the drop-down list and configure .flv as a user-defined name extension.

Configure the action for the file blocking rule.

Because the device does not support the block action for NFS , the device takes the alert action when Application is set to NFS, and Action is set to Block.
The device deletes the attachment if Application is set to IMAP or POP3 and Action is set to Block.

Parameter	Description
Action	If all conditions are matched, the device implements either of the following actions: Block: blocks the file transfer and generates a log. Alert: allows the file transfer and generates a log. This is the default action. Allow: allows the file transfer. A DSCP priority can be set for a transferable file.
DSCP Priority Re-marking	It is configured when the action is set to Allow. Setting DSCP priorities for files by file severity improves file transfer quality.

Parameter

Description

Action

If all conditions are matched, the device implements either of the following actions:

Block: blocks the file transfer and generates a log.
Alert: allows the file transfer and generates a log. This is the default action.
Allow: allows the file transfer. A DSCP priority can be set for a transferable file.

DSCP Priority Re-marking

It is configured when the action is set to Allow. Setting DSCP priorities for files by file severity improves file transfer quality.

Click OK.
Repeat steps a to e to create multiple file blocking rules.

Click OK. The configuration of the file blocking profile is complete.
Reference file blocking profiles in security policies. For details on how to configure security policies, see Configuring a Security Policy Using the Web UI.
Click Commit on the upper right of the interface to commit the profile.
The configuration does not take immediate effect after you create or modify the profile. You must click Commit on the upper right of the interface to activate the configuration. To save time, you can commit the configuration after all operations on the profile are complete.

Follow-up Procedure

Check or release the reference between the security policy and profile.

To check for profile that is referenced by security policies, click View under References in the list of profile.
To release the reference between the security policy and profile, choose the security policy and click Release.

Click Release All, you can release all the references.