Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1554
Views
10
Helpful
3
Replies

Cisco Firepower filepolicy

ccna_security
Level 3
Level 3

‎02-27-2019 01:10 AM

Hello. Could anyone please tell me why encrypted zip file seen on log as ZIP ENC but encrypted rar file  only RAR. I send from one network to different network in order test file policy. When i send encrypted zip file it is written ZIP ENC on logs. But rar file wont qive us same result. IT just show as is it is simple (unencrypted RAR file). Please see attachment

Labels:
Preview file
3 KB
0 Helpful
3 Replies 3

Sheraz.Salim
VIP
VIP

‎02-27-2019 03:49 AM

just be aware you can only do a file inspection with these protocols

The system can detect and inspect files transmitted via FTP, HTTP, SMTP, IMAP, POP3, and NetBIOS-ssn (SMB). the default, detects files in HTTP, SMTP, IMAP, POP3, FTP, and NetBIOS-ssn (SMB) traffic. To improve performance, you can restrict file detection to only one of those application protocols on a per-file rule basis.

please do not forget to rate.

ccna_security
Level 3
Level 3
In response to Sheraz.Salim

‎02-27-2019 03:59 AM

Hi. I have already configured file policy application as any any. My question is that why encrypted zip file seen as ZIP ENC on log when it is sent over SMb but encrytped rar not seen as RAR ENC.

0 Helpful

Sheraz.Salim
VIP
VIP
In response to ccna_security

‎02-27-2019 04:17 AM

I did google and read some cisco documentation but could not came across the answer of your question. might TAC engineer can put some light on this.

 

 

having said that, i find a one doc which could be useful for you but it does not answer your question. and if any chance you find the answer than do share with us too.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.pdf

please do not forget to rate.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card