Solved: denied media downloads

Alvaro Rugama · ‎08-08-2013

Hi everyone

I´m wondering who could explain me how to deny mp3, avi, mp4 or mov file downloads from the prime security module on the ASA-5512CX.

All the information I found make reference to the File Filtering Profile.

The only options I have by default on this object are:

Application/*

Audio/*

Image/*

Message/*

Model/*

but don´t know how to apply them for blocking the download operation or create a new category (like Video extensions).

Hope someone can help me with this

Best Regards

Alvaro Rugama Cerda

Marvin Rhoads · ‎08-09-2013

I was curious and checked it myself. Even though my initial answer was based on my lab guide, it didn't work for me. I tried various combinations and syntaxes without luck.

So I then watched the real time event viewer to see how CX was interpreting the test mp3 download I was trying and saw it was seeing an http transaction with mime type audio/mpeg. I was then able to get a test policy to work by creating a new file filtering profile specifying Audio/mpeg in the file filter profile.

Below are screenshots showing my test object and the results of a deny (click to enlarge):

View solution in original post

Marvin Rhoads · ‎08-08-2013

Try under Policies, Objects. There choose "I want to" and "add a file filtering protocol. When you get the dialog box, just type in those files types as shown below (click to enlarge). Save that object and then use it in a profile.

Alvaro Rugama · ‎08-09-2013

Thank you Mr Rhoads

I was trying something like */mp3 or */avi....

Just one more question. because I was doing some test. I created a File Filtering Protocol with I name it block_any_download, instead of *.mp3 I use */* because this is the sintax that I found on some PRMS manuals, but when I applied it to a policy it didn´t block the content download.

my question is, that the syntax */* is wrong? or do I need to configure something else on the policy?

I tryied to set the action on deny, but when I change from allow to deny, the profile options dissapeared, I´m only allow to set a profile when the policy action is "Allow"

I will do some testing so I can checked you reply as the correct answer.

Best Regards

Alvaro Rugama

Marvin Rhoads · ‎08-09-2013

I was curious and checked it myself. Even though my initial answer was based on my lab guide, it didn't work for me. I tried various combinations and syntaxes without luck.

So I then watched the real time event viewer to see how CX was interpreting the test mp3 download I was trying and saw it was seeing an http transaction with mime type audio/mpeg. I was then able to get a test policy to work by creating a new file filtering profile specifying Audio/mpeg in the file filter profile.

Below are screenshots showing my test object and the results of a deny (click to enlarge):

Alvaro Rugama · ‎08-09-2013

Thank you again for the information Mr Rhoad

I manage to block the mp3 file downloads, but I´m having problems with the mp4 and avi policies. As you suggest, I capture the packet via time viewer. according to the package it has a content type of "video/mp4"

but when I add the video/mp4 string to the File Filetr it gave me this error

"strings indices must be integers"

insteado of "video/mp4" I use "*/mp4", the application let me introduce that string

but when I download something on mp4 format it let me do it.

Some kind of help with this?

Best Regards

Alvaro Rugama Cerda

Marvin Rhoads · ‎08-09-2013

Alvaro,

I got the same error when trying to specify video/mp4 - even thoughthat is shown as an example on the online help! It's reinforcing my experience the the CX is not completely mature just yet. Some of the syntax and results are illogical as far as I can see and the online help seems to directly contradict my experience with setting policies.

I was able to get it to work by adding a second policy - a Deny policy for Application/Service MPEG.

Alvaro Rugama · ‎08-10-2013

Thank you again

I will do this configuration next week.

I´m a little bit newer with the prime security experience, but what I just see is that I need a lot of experience in this field to implement this kind of policies....

Best Regards

Alvaro Rugama Cerda

Marvin Rhoads · ‎08-10-2013

You're welcome.

I never was able to get the avi blocking to work. I have a proctored lab coming up in a couple of weeks and I will present that use case there to see if I can figure it out.

Best Regards.

- Marvin

Alvaro Rugama · ‎09-05-2013

Hi Mr Rhoads

could you find a way to block the AVI files from the Primer Security in the Lab you have?

I´m also having issues with the extra policy I add where I block the application service MPEG, at the dashboards it is counting the MPEG downloads, and it is showing that it is blocking the download... but in the reality, it isn´t blocking, it is just counting at the dashboard...

Best Regards

Alvaro Rugama

Marvin Rhoads · ‎09-05-2013

No in fact I wasn't able to get it to work. I did try it and even the trainer agreed we were doing it right and it looks like a bug.

Sorry.

Alvaro Rugama · ‎09-05-2013

Ok, no problem... I will be expecting some new firmware or patch to fix this in the near future.

Thank you so much for all the information you gave me, it has been so helpful.

Best Regards.

Alvaro Rugama