Limitations and Precautions for File Blocking

Hardware Requirements

The file blocking function is supported by all models.

License Requirements

The file blocking function is not license-controlled.

Component package Requirements

The file blocking function is dependent on the content security component package. However, it does not require the content security component package be manually loaded. The content security component package is directly placed in the software package and automatically loaded during device startup.

Limitations

• File blocking is not implemented on files embedded in other files.
• File blocking does not apply to resumable upload and download.
• File blocking does not apply to image file download.
• The file blocking function is not available in networking environments where the forward and return paths of packets are different.
• File blocking supports IPv4 and IPv6.
• To filter the file of HTTPS traffic, configure SSL-encrypted traffic detection. For details, see SSL-Encrypted Traffic Detection.

Precautions

• If the maximum number of decompression layers and the maximum size of decompressed files are greater than the specified values, the detection results of file filtering are affected.
• If the FW is deployed between two routers, and the routers detect each other through BFD, you are advised to properly prolong the BFD time (longer than 100 ms is recommended) to prevent BFD flapping resulting from occasional network congestion.