Solved: Re: ASA FirePOWER not block transfer files

allexxf · ‎01-24-2018

Hi. We have asa 5508 Software Version 9.7(1)8 with installed sfr FirePOWER 6.2.0.2-51. Control and protection licenses are installed. For configure FIREPOWER use ASDM 7.8(1). We need to block files mp3 (or any others for the test). We create in ASDM file policy and rule in access control policy (screen in attachment). but the files are not blocked - they are transmitted by ftp and http (tested). And in Monitoring Real Time Eventing in connection tab column reason is empty and file tab is empty. Please, help.

allexxf · ‎01-25-2018

Thanks for the answer. The problem was solved. Connection FTP was on a non-standard port. With a standard port rule works

View solution in original post

Marvin Rhoads · ‎01-25-2018

Try separating them into two rules - one for the MP3s and one for the ISOs.

allexxf · ‎01-25-2018

Thanks for the answer. ISO added for the test - checked the transfer of the ISO files, they were also transferred. Without it, too, does not work. Now only MP3 - file transfer is not blocked

allexxf · ‎01-25-2018

We checked the transfer MP3 through HTTP and the transfer was blocked. But FTP is not blocked.

Marvin Rhoads · ‎01-25-2018

I'd try adding an additional rule for application protocol = ftp, action = block, file type = mp3.

It shouldn't be necessary to separate them out like that but it may get it working.

allexxf · ‎01-25-2018

Thanks for the answer. The problem was solved. Connection FTP was on a non-standard port. With a standard port rule works

Marvin Rhoads · ‎01-25-2018

You can define additional ports used by non-standard ftp settings. Go to Objects > Object Management > Variable Set. Edit the Default-Set, FTP_PORTS object as shown below and then re-deploy.