topic Re: Allow File Download from certain URLs in Firewall and Security Management

Allow File Download from certain URLs

hw — Mon, 01 Jul 2019 11:48:19 GMT

Hello,

we have R80.20 and normally we don't allow to download filetypes like "exe", "zip" etc.. Therefore we created a Threat Prevention policy with the action "prevent (defined in a profile)". Now we want do define some URls (as exceptions) where a file download is accpeted and allowed.

Does anybody know, how I can do this?

Thanks for any infos.

Re: Allow File Download from certain URLs

Omer_Shliva — Tue, 02 Jul 2019 05:38:56 GMT

Hi,

Please share an example.

Re: Allow File Download from certain URLs

hw — Tue, 02 Jul 2019 07:36:24 GMT

Hi,

for example I want to download the file "KeePass" (and later also files from other URLs) from the URL https://www.heise.de/download/product/keepass-15712

Therefore I need an exception for the domain "*.heise.de", because normaly we deny to download filetypes as exe, zip....

I already tried to define an exception rule under the threat prevention rule (which blocks to download certain filetypes), however this doesn't work.

How can I implement this?

Thanks.

Re: Allow File Download from certain URLs

Omer_Shliva — Wed, 03 Jul 2019 18:41:37 GMT

Hi,

You can create a custom application in order to allow those certain URLs. Please refer to sk103051 for download and guide.

Then, you can create an application for “.heise.de/download” with HTTP scenario:

After that, import the application into Smart Console and use it in a rule in the access policy on “allow”:

Re: Allow File Download from certain URLs

PhoneBoy — Wed, 03 Jul 2019 20:37:45 GMT

That only helps from an Access Control perspective.
Since he's blacklisting exes in general in Threat Prevention, he probably needs to create specific indicators that are set to "Detect" or "Inactive".
This means creating an indicator file that contains the necessary domains you want to allow and importing it.
See: https://sc1.checkpoint.com/documents/R80.20/SmartConsole_OLH/EN/-_ktjOvSNsVDDJA210OA3g2.htm

Re: Allow File Download from certain URLs

hw — Thu, 04 Jul 2019 06:18:51 GMT

Thanks for your answers. I will try it.

As I described I also tried an exception under the Threat prevention. It seems that it works only with a Regex expression for the domain heise.de and not with a wildcard definition.

So the Regex: .*\.heise\.de.* allows the download from the domain heise.de however the wildcard *.heise.de or *.heise.de* doesn't work. Is the syntax for the wildcard false? I don't understand why it doesn't work with a wildcard.

Re: Allow File Download from certain URLs

hw — Thu, 04 Jul 2019 09:50:28 GMT

Thank you for the infos. I will try it.

As I described in my last post, I tried to accept the download with an exception rule under the threat prevention rule (rule which blocks all exe downloads). Now it seems, that the rule works, but only if I write the URL as a Regex expression and not as a wildcard.

So the regex works: .*\.heise\.de.* but not the wildcard *.heise.de or *.heise.de*. Is the syntax of the wildcard false? Is this also a correct way if i define a Threat prevention exception?

Thanks.