Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Arend
Contributor

Content Awareness does not scan HTML files by default

Environment: cluster R81.20
Model: Check Point 6200B

My customer gave me a whole Iist of file types to block with Content Awareness and one of the file types is MSI. So i needed to block MSI file downloads by clients in a POC and present a Block page. I found out (via TAC) that Check Point gateway does not block this by default in Content Awareness because the HTML file is not inspected by default.

Maybe not so much a question but a realization that these HTML files are not inspected by default.

See the bottom of the sk114640.

HTML files
Content Awareness does not scan HTML files (for type and content) which are downloaded using the HTTP "GET" method over HTTP because it could have a high adverse affect on the Security Gateway performance.

After turning on this option (1) the download was blocked correctly and the Block page shown as well.

$FWDIR/boot/modules/fwkern.conf

[Expert@XXXXXXXXXX# fw ctl get int fileapp_parse_html
fileapp_parse_html = 1

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

I guess where I'm having trouble here is why trying to block an MSI file would fail because it can't block an HTML file.
Is it because the MSI file has html in it or some other reason?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events