Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 40 subscribers
  • Views 7208 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block file type from downloading in Sophos XG 210 Firewall?

Jacky Lim1

Hi,

 

I am new in Sophos FW.

I would like to check if it possible to block certain "File Type" in XG 210 firewall web download in http and https?

Please help to provide the steps, as I have been trying to search, but couldn't find any direct solution.

I have configured a File type and Web Policy, but it doesn't seem to work.

We have run some web gateway assessment and no file types was block and still downloadable. 

 

Example of File types to block from downloading via http/https. 

  • .dll
  • .pwz
  • .potm
  • .sldm
  • .sldx

Thank You in advance!



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    first thing to check is the test connection going through the rule with the block policy enabled?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi ,

     

    Thank you for the respond, But I don't quite understand what you mean, as I am totally not Firewall trained.

    Not sure if you can guide me step by step with screen capture or ..?

     

    From the current Firewall Rule, I have see that there is a rule which previous IT created to block the file type download that in the "Advanced=>Web Policy" pointing to the Web policy created, but did not see any in/out traffic.

    In the Web Policy have the policy created too that link to the User activities, Categories and File types.

     

    Thanks

  • 0 in reply to Jacky Lim1

    Hi Jacky,

    you would be looking in logviewer at the receiving IP address (you LAN user PC) to see which rule the traffic going through.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi lan,

     

    Thank you for the guidance. I checked on the logviewer based on the PC IP address that I am doing the test, it seems like it is using the default Firewall Rule #1, which is used by all users.

    I actually created a same Firewall Rule as #10, as the below, and the rule is before the default firewall rule #1, but it still only go through the default firewall rule #1.

     

    Firewall Rule #10 

    Source

    Source Zones => LAN

    Source networks and devices => The test PC IP address

    During Schedule Time => All the time

     

    Destination & Services

    Destination zones => WAN

    Destination networks => Any

    Services => http and https

  • 0 in reply to Jacky Lim1

    Hi Jacky,

    that would imply the connection is not using http or https.

    The default firewall rule is too open and not provif=ding much protection, you need to review the allowed protocols/ports that you allow.

    So, in logviewer what port/application did the test PC use to access the bad site?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Jacky Lim1

    Hi Jacky,

    that would imply the connection is not using http or https.

    The default firewall rule is too open and not provif=ding much protection, you need to review the allowed protocols/ports that you allow.

    So, in logviewer what port/application did the test PC use to access the bad site?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
Unfiltered HTML