Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 29 subscribers
  • Views 20094 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to block certain types of file

TarekHalloun

hello 

how can i let my sophos xg disable download or opening of certain types of file like htm or jar for everyone ?!

please advise



This thread was automatically locked due to age.
  • 0

    Hi,

    your request is a bit cryptic, please expand the issue in greater detail.

    Are you looking for assistance with rule creation?

    Thank you

    Ian

  • 0 in reply to rfcat_vk

    hello Ian

    as i said , i want to block the download of certain file types for everyone .. where can i add the file type in sophos xg ? 

    please let me know what can i add to make the answer easier 

  • 0

    This can be configured under Web Policies.

     

    You can create a custom Web Policy and add all the file types you want to block in or use a pre existing one.

    Just be careful though as if you have Exceptions added with Skip Policy checks these files will still come through from those URLs  and sites in the exceptions

     

    You can also set who it applies to if you have user groups set up.

  • 0 in reply to M8ey

    i want to set it up for the entire network

    if i create it and use it as first rule in the firewall .. how will the following rules react ?

    per example i have rule # 2 to give internet to X.X.X.X ip and rule # 3 to deny internet to y.y.y.yip .. if i set a rule # 1 with only blocking certain file type for everyone , would rule #2 and rule # 3 works normally while still blocking the files i do not want ?

     

    in other terms i want to block the files for everyone without affecting my current config 

  • 0 in reply to TarekHalloun

    The firewall uses the top down approach

    So if your first rule was just a web filter affecting those file types then the users would hit that rule for just that and then go to rule 2 etc for normal network.

    Just enable the new Web Policy as rule 1 and then check the log viewer for any issues - normally users scream pretty quick when they cant get to the internet :-)

    The very last rule is usually a default rule that blocks everything

  • 0 in reply to M8ey

    hello 

    1-i created a new file type and added all the extensions i want to block 

    2-i created a web policy and added the previous file type and blocked it on http and https

    3- i created a firewall rule ANY/ANY with only the web policy and no users 

    but i still can download files i blocked like .jar - where is my error ?!

  • 0 in reply to TarekHalloun

    Hi,

    The first thing I can see is you will need to enable scan and decrypt https. I will need to investigate other items further.

    Ian

  • 0 in reply to rfcat_vk

    i rechecked the file type and remove the "." infront of the extension .. now it is blocking - did not need the https inspection in my test but i will enable it anyway ( it will only work on my local lan but not my AP unless the user accepts the certificate )

    thank you 

  • 0 in reply to TarekHalloun

    I push the SSL certificate to my PC's on the LAN via a GPO policy so https scanning is enabled for all. Many nasties come via HTTPS these days too.

     

    I also use Meraki MDM to push the certificate to all our Wireless non Windows devices (iOS  / Android)

     

    We dont really allow staff on the Corporate WiFi so they dont get to go to the https sites :-0

  • 0 in reply to M8ey

    after creating the rule to block files , it seem no data is flowing to the following rules 

    they all show 0 data , it is like all data is being counted only on the block file rule 

    is this normal ?