10-10-2022 06:48 AM
Hi
I have FMC 7.0.4 and two FTD 1120 in HA v 7.0.1.
I am testing file policy with rule: block all files in all directions. SSL decryption is configured and working. All files have been blocked except .docx, .xlsx, .pptx files.
I do not have event that file is recognised in connection events. For testing purpose Access policy with only one rule was created (to allow http and https traffic with Block all files file policy).
Test was done on site:
https://file-examples.com/index.php/sample-documents-download/sample-doc-download/
Here.. all .doc files have been blocked but not .docx.
Any idea?
10-10-2022 09:07 AM
The FTD would only recognize what is supported in the file type list inside the file blocking policy, if you don't see those extensions in there it would mean the FTD still doesn't support them.
10-10-2022 12:15 PM
Hi,
They are listed in Office Documents category like NEW_OFFICE file type subcategory. Description is: Microsoft office open xml format and some docx,pptx and xlsx are listed here.
10-11-2022 01:26 AM
I would raise this with TAC because if SSL decryption is enabled the firewall should be able to read the content of the payload and accordingly should recognize those extensions to be blocked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide