< Home

File Blocking Does Not Take Effect

Illegitimate files that should be filtered out are transferred after file blocking is configured.

Symptom

File blocking is configured on the FW to block the transfer of specific files between security zones. However, files that should be filtered out are transferred during the test.

Possible Causes

Cause one: The traffic does not match the correct security policy.

Cause two: No file blocking profile or an incorrect profile is referenced in the security policy.

Cause three: The matching conditions in file blocking rules are incorrectly configured.

Cause four: The action in file blocking rules is Alert.

Procedure

  1. Cause one: The traffic does not match the correct security policy.
    1. Choose Monitor > Log > Policy Matching Log.
    2. Click Advanced Search on the upper right of the UI and select a value for Source User and Application.

      • Source User: Select a user name that is used for tests, for example, user_0001.
      • Application: Select a protocol or application program that is used for tests.

    3. Click Search.
    4. In the security policy matching logs that are displayed, you can check whether the test traffic matches the correct security policy.

      • If no, choose Policy > Security Policy > Security Policy to fine-tune security policy sequence or parameters.
      • If yes, go to 2.

  2. Cause two: No file blocking profile or an incorrect profile is referenced in the security policy.
    1. Click the security policy that is matched in 1. The Modify Security Policy dialog box is displayed. You can view the referenced file blocking profile in the dialog box.

      • If no file blocking profile or an incorrect profile is referenced in the security policy, select the desired file blocking profile.
      • If the correct file blocking profile is referenced, go to 3.

  3. Cause three: The matching conditions in file blocking rules are incorrectly configured.
    1. Click Configure to the right of File Blocking.
    2. Verify the matching conditions of file blocking rules in the Modify File Blocking Profile interface.

      Check whether conditions Application, File Type, File Extension, and Direction of each rule can match all files to be blocked.

      • If a condition is incorrect, modify the file blocking rule.
      • If all conditions are correct, go to 4.

  4. Cause four: The action in file blocking rules is Alert.
    1. Check the actions of file blocking rules in the Modify File Blocking Profile interface.

      • If the actions are Alert and are the same as that in data planning, transmitting the files is a normal operation.
      • If the action is Alert but the planned action is Block, change the action.

Parent Topic: Troubleshooting File Blocking
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >