Lorenzo Civatti

HTTPS inpsection: How block file type correctly

Discussion created by Lorenzo Civatti on Oct 22, 2018
Latest reply on Oct 22, 2018 by Ryan St. Germain

Scenario:

Threat prevention policy is set to drop exe file type.

Https inspection rules are set in order to bypass several categories for blades Application Control e URL Filtering

Problem:

We arrange the HTTPS policy so that first it match the bypass rule than it inspect all the remaining traffic.

The problem is that if the user match a site that is included in the categories that are bypassed and try to download an .exe file the checkpoint detect it (in the smartlog) but do not block it.

How should we configure the https policy in order to block .exe files for all traffic and bypass the inspection for Application Control and URL filtering for some categories?

Attached the screenshot of our https inspection rules

Outcomes