Description
The previously embedded file filter within web filter, email filter, SSH inspection, and CIFS has moved to a standalone profile.
The file filter can be applied directly to firewall policies and supports various traffic protocols in proxy or flow mode.
This article describes how to configure file filter.
Scope
For version 6.4.1.
Solution
To configure a file filter from GUI.
- Configure the filter profile:
1) Go to Security Profiles -> File Filter and select 'Create New'.
2) Select a Feature set.
3) In the Rules section, select 'Create New'.
4) Configure the settings as needed.
5) Select 'OK' to save the rule.
6) Optionally, create more rules if needed.
7) Select 'OK' to save the filter profile.
7) Select 'OK' to save the filter profile.
- Apply the filter to a policy:
1) Go to Policy & Objects -> Firewall Policy and edit an existing policy or create a new one.
2) In the 'Security Profiles' section, enable 'File Filter'.
3) Select the filter from the dropdown box.
2) In the 'Security Profiles' section, enable 'File Filter'.
3) Select the filter from the dropdown box.
4) Configure the other settings as needed.
5) Select 'OK'.
To configure a file filter in the CLI.
- Configure the file filter profile:
5) Select 'OK'.
To configure a file filter in the CLI.
- Configure the file filter profile:
# config file-filter profile- Apply the filter to a policy:
edit "test"
set comment ''
set feature-set flow
set replacemsg-group ''
set log enable
set scan-archive-contents enable
# config rules
edit "r2"
set comment ''
set protocol http ftp smtp imap pop3 cifs
set action block
set direction outgoing
set password-protected any
set file-type "sis" "tar" "tiff" "torrent" "upx" "uue" "wav" "wma" "xar" "xz" "zip"
next
edit "r1"
set comment ''
set protocol http ftp smtp imap pop3 cifs
set action log-only
set direction any
set password-protected any
set file-type ".net" "7z" "activemime" "arj" "aspack" "avi" "base64" "bat" "binhex" "bmp" "bzip" "bzip2"
next
edit "r3"
set comment ''
set protocol http ftp smtp imap pop3
set action block
set direction any
set password-protected any
set file-type "binhex"
next
end
next
end
# config firewall policy
edit 1
set name "filefilter-policy"
set srcintf "port10"
set dstintf "port9"
set srcaddr "all"
set dstaddr "all"
set srcaddr6 "all"
set dstaddr6 "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set profile-protocol-options "protocol"
set ssl-ssh-profile "protocols"
set file-filter-profile "test"
set auto-asic-offload disable
set np-acceleration disable
set nat enable
next
end
