The following workflow shows how to set up a basic File Blocking profile. This example shows how to set up a profile that prompts users to continue before downloading .exe files from websites.
Configure File Blocking
Create the file blocking profile.
Objects > Security Profiles > File Blocking
for the file blocking profile, for example Block_EXE. Optionally enter a
Description, such as
Block users from downloading exe files from websites
Configure the file blocking options.
to define the profile settings.
Name, such as BlockEXE.
for filtering, for example web-browsing.
continue. By choosing the continue option, users will be prompted with a response page prompting them to click continue before the file will be downloaded.
to save the profile.
Apply the file blocking profile to a security policy.
Policies > Security
and either select an existing policy or create a new policy as described in
Set Up a Basic Security Policy.
tab within the policy rule.
In the Profile Settings section, click the drop-down and select the file blocking profile you configured. In this case, the profile name is Block_EXE.
If no security profiles have been previously defined, select the
drop-down and select
Profiles. You will then see the list of options to select the security profiles.
To test your file blocking configuration, access a client PC in the trust zone of the firewall and attempt to download an .exe file from a website in the untrust zone. A response page should display. Click
to download the file. You can also set other actions, such as alert or block, which will not provide a continue page to the user. The following shows the default response page for File Blocking:
(Optional) Define custom file blocking response pages (
Device > Response Pages). This allows you to provide more information to users when they see a response page. You can include information such as company policy information and contact information for a Helpdesk.
When you create a file blocking profile with the action continue, you can only choose the application web-browsing. If you choose any other application, traffic that matches the security policy will not flow through the firewall due to the fact that the users will not be prompted with a continue page. Also, if the website uses HTTPS, you will need to have a decryption policy in place.
You may want to check your logs to confirm what application is being used when testing this feature. For example, if you are using Microsoft SharePoint to download files, even though you are using a web-browser to access the site, the application is actually
. You may want to set the application type to Any for testing.