Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CredID
Participant

HTTPS inpsection: How block file type correctly

Scenario:

Threat prevention policy is set to drop exe file type.

Https inspection rules are set in order to bypass several categories for blades Application Control e URL Filtering

Problem:

We arrange the HTTPS policy so that first it match the bypass rule than it inspect all the remaining traffic.

The problem is that if the user match a site that is included in the categories that are bypassed and try to download an .exe file the checkpoint detect it (in the smartlog) but do not block it.

How should we configure the https policy in order to block .exe files for all traffic and bypass the inspection for Application Control and URL filtering for some categories?

Attached the screenshot of our https inspection rules

2 Replies
Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Lorenzo,

can you repost the screenshot ?

In general if a file is downloaded via HTTPS you are not able to block it if HTTPS is bypassed.

Not sure how you would detect an EXE file within a HTTPS download without HTTPS inspection.

Regards Thomas 

0 Kudos
Ryan_St__Germai
Advisor

If the traffic is encrypted over HTTPS then you must have HTTPS inspection "inspect" the traffic. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events