Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block file type from downloading in Sophos XG 210 Firewall?

Hi,

 

I am new in Sophos FW.

I would like to check if it possible to block certain "File Type" in XG 210 firewall web download in http and https?

Please help to provide the steps, as I have been trying to search, but couldn't find any direct solution.

I have configured a File type and Web Policy, but it doesn't seem to work.

We have run some web gateway assessment and no file types was block and still downloadable. 

 

Example of File types to block from downloading via http/https. 

  • .dll
  • .pwz
  • .potm
  • .sldm
  • .sldx

Thank You in advance!



This thread was automatically locked due to age.
Parents
  • Hi,

    first thing to check is the test connection going through the rule with the block policy enabled?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi ,

     

    Thank you for the respond, But I don't quite understand what you mean, as I am totally not Firewall trained.

    Not sure if you can guide me step by step with screen capture or ..?

     

    From the current Firewall Rule, I have see that there is a rule which previous IT created to block the file type download that in the "Advanced=>Web Policy" pointing to the Web policy created, but did not see any in/out traffic.

    In the Web Policy have the policy created too that link to the User activities, Categories and File types.

     

    Thanks

  • Hi Jacky,

    you would be looking in logviewer at the receiving IP address (you LAN user PC) to see which rule the traffic going through.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi Jacky,

    you would be looking in logviewer at the receiving IP address (you LAN user PC) to see which rule the traffic going through.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • Hi lan,

     

    Thank you for the guidance. I checked on the logviewer based on the PC IP address that I am doing the test, it seems like it is using the default Firewall Rule #1, which is used by all users.

    I actually created a same Firewall Rule as #10, as the below, and the rule is before the default firewall rule #1, but it still only go through the default firewall rule #1.

     

    Firewall Rule #10 

    Source

    Source Zones => LAN

    Source networks and devices => The test PC IP address

    During Schedule Time => All the time

     

    Destination & Services

    Destination zones => WAN

    Destination networks => Any

    Services => http and https

  • Hi Jacky,

    that would imply the connection is not using http or https.

    The default firewall rule is too open and not provif=ding much protection, you need to review the allowed protocols/ports that you allow.

    So, in logviewer what port/application did the test PC use to access the bad site?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi lan,

     

    I have captured a screen capture. Not sure if this is what you want?

     

       

  • Hi Jacky,

    Thank you for that data, appears though you do not have the proxy setup.

    To achieve your aim of blocking you will need to setup the firewall rule with APP, WEB and IPS enabled.

    Please post an expanded screenshot of your firewall  rule.

     

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi lan,

     

    Please find the below attached. Not sure if this is sufficient?

     

         

     

  • Hi Jacky,

    they look okay, I would remove the shaping settings unless you have created your own.

    If you disable the other firewall rule then try the test again while reviewing the logviewer what do you see?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi lan,

     

    Will need to test it during system maintenance week, as it will affect other users, if I OFF the default rule now. 

    Will update again, once I have the chance to test it and get back to you again.

     

    Thank you for the help. 

  • Hi Jacky,

    all the best and keep intouch.

    Ian 

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.