how to block certain types of file

This can be configured under Web Policies.

You can create a custom Web Policy and add all the file types you want to block in or use a pre existing one.

Just be careful though as if you have Exceptions added with Skip Policy checks these files will still come through from those URLs  and sites in the exceptions

You can also set who it applies to if you have user groups set up.

i want to set it up for the entire network

if i create it and use it as first rule in the firewall .. how will the following rules react ?

per example i have rule # 2 to give internet to X.X.X.X ip and rule # 3 to deny internet to y.y.y.yip .. if i set a rule # 1 with only blocking certain file type for everyone , would rule #2 and rule # 3 works normally while still blocking the files i do not want ?

in other terms i want to block the files for everyone without affecting my current config 

The firewall uses the top down approach

So if your first rule was just a web filter affecting those file types then the users would hit that rule for just that and then go to rule 2 etc for normal network.

Just enable the new Web Policy as rule 1 and then check the log viewer for any issues - normally users scream pretty quick when they cant get to the internet :-)

The very last rule is usually a default rule that blocks everything

The firewall uses the top down approach

So if your first rule was just a web filter affecting those file types then the users would hit that rule for just that and then go to rule 2 etc for normal network.

Just enable the new Web Policy as rule 1 and then check the log viewer for any issues - normally users scream pretty quick when they cant get to the internet :-)

The very last rule is usually a default rule that blocks everything

hello 

1-i created a new file type and added all the extensions i want to block 

2-i created a web policy and added the previous file type and blocked it on http and https

3- i created a firewall rule ANY/ANY with only the web policy and no users 

but i still can download files i blocked like .jar - where is my error ?!

Hi,

The first thing I can see is you will need to enable scan and decrypt https. I will need to investigate other items further.

Ian

i rechecked the file type and remove the "." infront of the extension .. now it is blocking - did not need the https inspection in my test but i will enable it anyway ( it will only work on my local lan but not my AP unless the user accepts the certificate )

thank you 

I push the SSL certificate to my PC's on the LAN via a GPO policy so https scanning is enabled for all. Many nasties come via HTTPS these days too.

I also use Meraki MDM to push the certificate to all our Wireless non Windows devices (iOS  / Android)

We dont really allow staff on the Corporate WiFi so they dont get to go to the https sites :-0

after creating the rule to block files , it seem no data is flowing to the following rules 

they all show 0 data , it is like all data is being counted only on the block file rule 

is this normal ? 

Hi,

you really do not need the drop rule, the XG has a default drop in built.

Without seeing the rules in expanded form it is very hard to make a comment about traffic flow.

Also the XG does not appear to have been online long enough to register traffic.

Ian

i rebooted the xg 

download a 200 Mb file , yet nothing was shown ..even in the log viewer it is only showing on the rule of the file blocking

i will try to add the file blocking into every rule instead of main rule 

Don't reboot the XG, check that you have logging enabled on all your rules before you make any other changes.

Ian