Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 8785 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow EXE download from specific sites only

David Higgs

Hello.

Im using a XG210 Firewall

So i have my web filtering rule in place managing HTTP and HTTPS traffic which is working as expected using the Default Workplace Policy, im also using Application control to block High risk level 4 and 5 apps, with this WSUS files are also being blocked.

I have created Web Exceptions to our SCCM servers IP address from the Microsoft updates servers IP address this seems to allow most of the updates to be downloaded except the Endpoint protection .EXE files.

My question is.. how do i allow these files and and future EXE files i may want to allow ?

Thanks for any assistance you can provide. 



This thread was automatically locked due to age.
  • 0

    David,

    you should understand why exe files are blocked. I did not see inside the default workplace policy any file types rules. Check the logs and see which module is responsible for the block.

    You can then create a top firewall rule where the Application and Web filters are different for the wsus IP address.

    The other option is to create a clientless user and add it inside the default workplace policy where you allow exe file type. This works only if the web engine is blocking the exe files.