This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to block certain types of file

chanklish over 7 years ago

hello

how can i let my sophos xg disable download or opening of certain types of file like htm or jar for everyone ?!

please advise

This thread was automatically locked due to age.

0 rfcat_vk over 7 years ago

Hi,

your request is a bit cryptic, please expand the issue in greater detail.

Are you looking for assistance with rule creation?

Thank you

Ian

XGS118 - v21.5.0

XG115 converted to software licence v21.5.0

If a post solves your question please use the 'Verify Answer' button.
- 0 chanklish over 7 years ago in reply to rfcat_vk
  
  hello Ian
  
  as i said , i want to block the download of certain file types for everyone .. where can i add the file type in sophos xg ?
  
  please let me know what can i add to make the answer easier
0 M8ey over 7 years ago

This can be configured under Web Policies.

You can create a custom Web Policy and add all the file types you want to block in or use a pre existing one.

Just be careful though as if you have Exceptions added with Skip Policy checks these files will still come through from those URLs and sites in the exceptions

You can also set who it applies to if you have user groups set up.

Sophos XG 450 (SFOS 18.5.1 MR-1)

Sophos R.E.D 50 x 2

Always configuring new stuff.....
- 0 chanklish over 7 years ago in reply to M8ey
  
  i want to set it up for the entire network
  
  if i create it and use it as first rule in the firewall .. how will the following rules react ?
  
  per example i have rule # 2 to give internet to X.X.X.X ip and rule # 3 to deny internet to y.y.y.yip .. if i set a rule # 1 with only blocking certain file type for everyone , would rule #2 and rule # 3 works normally while still blocking the files i do not want ?
  
  in other terms i want to block the files for everyone without affecting my current config
  - 0 M8ey over 7 years ago in reply to chanklish
    
    The firewall uses the top down approach
    
    So if your first rule was just a web filter affecting those file types then the users would hit that rule for just that and then go to rule 2 etc for normal network.
    
    Just enable the new Web Policy as rule 1 and then check the log viewer for any issues - normally users scream pretty quick when they cant get to the internet :-)
    
    The very last rule is usually a default rule that blocks everything
    
    Sophos XG 450 (SFOS 18.5.1 MR-1)
    
    Sophos R.E.D 50 x 2
    
    Always configuring new stuff.....
  - 0 chanklish over 7 years ago in reply to M8ey
    
    hello
    
    1-i created a new file type and added all the extensions i want to block
    
    2-i created a web policy and added the previous file type and blocked it on http and https
    
    3- i created a firewall rule ANY/ANY with only the web policy and no users
    
    but i still can download files i blocked like .jar - where is my error ?!
  - 0 rfcat_vk over 7 years ago in reply to chanklish
    
    Hi,
    
    The first thing I can see is you will need to enable scan and decrypt https. I will need to investigate other items further.
    
    Ian
    
    XGS118 - v21.5.0
    
    XG115 converted to software licence v21.5.0
    
    If a post solves your question please use the 'Verify Answer' button.
  - 0 chanklish over 7 years ago in reply to rfcat_vk
    
    i rechecked the file type and remove the "." infront of the extension .. now it is blocking - did not need the https inspection in my test but i will enable it anyway ( it will only work on my local lan but not my AP unless the user accepts the certificate )
    
    thank you
  - 0 M8ey over 7 years ago in reply to chanklish
    
    I push the SSL certificate to my PC's on the LAN via a GPO policy so https scanning is enabled for all. Many nasties come via HTTPS these days too.
    
    I also use Meraki MDM to push the certificate to all our Wireless non Windows devices (iOS / Android)
    
    We dont really allow staff on the Corporate WiFi so they dont get to go to the https sites :-0
    
    Sophos XG 450 (SFOS 18.5.1 MR-1)
    
    Sophos R.E.D 50 x 2
    
    Always configuring new stuff.....
  - 0 chanklish over 7 years ago in reply to M8ey
    
    after creating the rule to block files , it seem no data is flowing to the following rules
    
    they all show 0 data , it is like all data is being counted only on the block file rule
    
    is this normal ?
  - 0 rfcat_vk over 7 years ago in reply to chanklish
    
    Hi,
    
    you really do not need the drop rule, the XG has a default drop in built.
    
    Without seeing the rules in expanded form it is very hard to make a comment about traffic flow.
    
    Also the XG does not appear to have been online long enough to register traffic.
    
    Ian
    
    XGS118 - v21.5.0
    
    XG115 converted to software licence v21.5.0
    
    If a post solves your question please use the 'Verify Answer' button.
  - 0 chanklish over 7 years ago in reply to rfcat_vk
    
    i rebooted the xg
    
    download a 200 Mb file , yet nothing was shown ..even in the log viewer it is only showing on the rule of the file blocking
    
    i will try to add the file blocking into every rule instead of main rule
  - 0 rfcat_vk over 7 years ago in reply to chanklish
    
    Don't reboot the XG, check that you have logging enabled on all your rules before you make any other changes.
    
    Ian
    
    XGS118 - v21.5.0
    
    XG115 converted to software licence v21.5.0
    
    If a post solves your question please use the 'Verify Answer' button.
0 Wadood over 7 years ago

I have the same problem all the rules are set correctly but files still get downloaded and even the size of the files I set is not working
- 0 chanklish over 7 years ago in reply to Wadood
  
  My rule is blocking the files.. Specifically the download of files.. It is working beautify
  
  Show us your rule and file type