The following workflow shows how to set up a basic File Blocking profile. This example shows how to set up a profile that prompts users to continue before downloading .exe files from websites.
Configure File Blocking
Create the file blocking profile. Select Objects > Security Profiles > File Blocking and click Add. Enter a Name for the file blocking profile, for example Block_EXE. Optionally enter a Description, such as Block users from downloading exe files from websites .
Configure the file blocking options. Click Add to define the profile settings. Enter a Name, such as BlockEXE. Set the Applications for filtering, for example web-browsing. Set File Types to exe. Set the Direction to download. Set the Action to continue. By choosing the continue option, users will be prompted with a response page prompting them to click continue before the file will be downloaded. Click OK to save the profile.
Apply the file blocking profile to a security policy. Select Policies > Security and either select an existing policy or create a new policy as described in Set Up a Basic Security Policy. Click the Actions tab within the policy rule. In the Profile Settings section, click the drop-down and select the file blocking profile you configured. In this case, the profile name is Block_EXE. Commit the configuration. If no security profiles have been previously defined, select the Profile Type drop-down and select Profiles. You will then see the list of options to select the security profiles.
To test your file blocking configuration, access a client PC in the trust zone of the firewall and attempt to download an .exe file from a website in the untrust zone. A response page should display. Click Continue to download the file. You can also set other actions, such as alert or block, which will not provide a continue page to the user. The following shows the default response page for File Blocking:
(Optional) Define custom file blocking response pages ( Device > Response Pages). This allows you to provide more information to users when they see a response page. You can include information such as company policy information and contact information for a Helpdesk. When you create a file blocking profile with the action continue, you can only choose the application web-browsing. If you choose any other application, traffic that matches the security policy will not flow through the firewall due to the fact that the users will not be prompted with a continue page. Also, if the website uses HTTPS, you will need to have a decryption policy in place. You may want to check your logs to confirm what application is being used when testing this feature. For example, if you are using Microsoft SharePoint to download files, even though you are using a web-browser to access the site, the application is actually sharepoint-base , or sharepoint-document . You may want to set the application type to Any for testing.

Related Documentation