Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 5222 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

block file extension download not working with L3 vlans

Ali Kanso

Dear all

 

i have L3 switch (extreme switch) , with L3 vlans, i made IPForward between the vlans

 

vlan A 172.16.40.1

Vlan B 172.16.50.1

Vlan D 192.168.30.1

my firewall is having IP 192.168.30.2 and the internal port connected to Vlan D, also i made route in the firewall 172.16.0.0 to 192.168.30.1

routing in my switch is 0.0.0.0 to G/W 192.168.30.2

 

all functions in the firewall are working (web and application) except file download, for example if i tried to install SKYPE from Vlan A with desktop IP 172.16.40.5 and the gateway is 172.16.40.1 the file is downloading and not blocked by firewall, i made the policy to block all download in web profile.

 

i want to block the files and use internal IPS and IDS without changing my setup on desktop, also i don't want to use proxy mode in the firewall.

 

thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    please provide drawing because your explanation does not make sense. You don't want to use the proxy yet you have web enabled?

    Please post a copy of your firewall rules - expanded.

    Do the VLANs appear on the XG or are they only in the L3 switch?

    Ian

  • 0 in reply to rfcat_vk

    i have extreme network switch and i created VLANS with IP address for  each VLAN, i made route between my vlans and the the internal port in sopho xg firewall, my computers in each VLAN is having the VLAN ip as gateway, and all computers can browse internet, also all web and applicatio filter are working except download file such like .exe, i did not configure any vlan in my firewall and i am depending on routing that i created in my firewall and switch to route the internet sessions.

     

  • 0 in reply to Ali Kanso

    Therefore your issue is not with the L3 VLANs, but the configuration of the web filter in the XG.

    Now you can block Skype in the XG using application or url, the choice is yours, you can use both.

    If you use web that is the proxy (transparent).

    Ian

  • 0 in reply to rfcat_vk

    dear Ian

     

    i mentioned Skype as example, but i would need to block all excitable files from download through web filter.

     

Reply Children
  • 0 in reply to Ali Kanso

    It really depends on what you are trying to do. You can block files by suffix or by application type or by source url.

    You really need to workout what you are trying to achieve with your block process, then design your firewall filter and sub filter around it.

    Ian