cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2800
Views
0
Helpful
6
Replies

ESA blocked file attachment that was not included in content filter

cammy.busto
Level 1
Level 1

Hi,

Is anyone experiencing that ESA is blocking the file/s attachment which are not included in the content filter policy? Like 7z, jar, docx. I only configured to block 4 extension file (ENDS WITH), and still some attachment was hitting this policy. The current AsynOS is 10.0.2 build 20.

 

Please help! Thanks

1 Accepted Solution

Accepted Solutions

That is correct. Domain cannot be added to the HAT sendergroup.

 

It can be either an IP, complete hostname, or partial hostname.

 

- Libin V

View solution in original post

6 Replies 6

Libin Varghese
Cisco Employee
Cisco Employee

Hi,

 

Can you share what the current filter is what was blocked?

 

- Libin V

Hi,

I will post the detail once I encounetered again this issue.

Btw, what is the best practice for BLACKLISTING? Is it IP Address or Domain?

 

Thanks

Hi,

 

The connection level configuraiton for HAT sendergroups allows you to blacklist using the sender IP or FQDN.

 

To block a domain you would need to use content or message filters.

 

Recommended approach would be use the HAT sendergroups since its saves processing.

 

Regards,

Libin Varghese

Hi Libin,
Yes, it's under HAT. For clarification, you mean to say that ESA will not block domain in BLACKLISTED SENDER GROUP?

I have a list of blacklisted IP with the same domain and I'm planning to lessen the list.

That is correct. Domain cannot be added to the HAT sendergroup.

 

It can be either an IP, complete hostname, or partial hostname.

 

- Libin V

I see. Thanks a lot Libin!