Set Up File Blocking on Cloud NGFW for AWS
Table of Contents
Expand all | Collapse all
-
- About Cloud NGFW for AWS
- Getting Started from the AWS Marketplace
- Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account
- Cloud NGFW for AWS Pricing
- Cloud NGFW Credit Distribution and Management
- Cloud NGFW for AWS Free Trial
- Cloud NGFW for AWS Limits and Quotas
- Subscribe to Cloud NGFW for AWS
- Locate Your Cloud NGFW for AWS Serial Number
- Cross-Account Role CFT Permissions for Cloud NGFW
- Invite Users to Cloud NGFW for AWS
- Manage Cloud NGFW for AWS Users
- Deploy Cloud NGFW for AWS with the AWS Firewall Manager
- Enable Programmatic Access
- Terraform Support for Cloud NGFW AWS
- Provision Cloud NGFW Resources to your AWS CFT
- Configure Automated Account Onboarding
- Usage Explorer
- Create a Support Case
-
-
- Prepare for Panorama Integration
- Link the Cloud NGFW to Palo Alto Networks Management
- Unlink the Cloud NGFW from Palo Alto Networks Management
- Associate a Linked Panorama to the Cloud NGFW Resource
- Use Panorama for Cloud NGFW Policy Management
- View Cloud NGFW Logs and Activity in Panorama
- View Cloud NGFW Logs in Strata Logging Service
- Tag Based Policies
- Configure Zone-based Policy Rules
- Enterprise Data Loss Prevention (E-DLP) Integration with Cloud NGFW for AWS
-
- Strata Cloud Manager Policy Management
Set Up File Blocking on Cloud NGFW for AWS
File Blocking allows you to identify specific file types that you want to block or monitor. For
most traffic (including traffic on your internal network), block files that are
known to carry threats or that have no real use case for upload/download. These
include batch files, DLLs, Java class files, help files, Windows shortcuts (.lnk),
and BitTorrent files.
Cloud NGFW can take
the following actions on files moving through your network.
- Alert—When the specified file type is detected, a log is generated in the data filtering log.
- Block—When the specified file type is detected, the file is blocked and a customizable block page is presented to the user. A log is also generated in the data filtering log.
- Continue—When the specified file type is detected, a response page is presented to the user. The user can click through the page to download the file. A log is also generated in the data filtering log. Because this type of forwarding action requires user interaction, it is only applicable for web traffic.
In
addition, you can allow or block file types based on the direction
they are going—Download, Upload, or Upload and Download.
- Select Rulestacks and select a previously-created rulestack on which to configure file blocking.Select Security ProfilesMalware and File-based Threat ProtectionFile BlockingEdit.Select the file type or types from the displayed list.Set the Action and Direction of traffic for the selected file types from the drop-downs.Click Save.
Change the File Blocking Profile
By default, the file blocking profile is set to best practice. To change the file blocking profile:- In the Malware and File-based Threat Protection screen, navigate to File Blocking.Use the drop-down to select Custom.Open the Cloud NGFW console. Navigate to Rulestacks > Rulestack name > Security Services > File Blocking.In the Set Action drop-down, change the action to Alert or Continue.