Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Blocking the users from downloading executables
Hi there,
I am deploying web filtering solution for a customer using Fortinet UTM.
It is working fine. The only thing that I am unable to do at the moment is " How can i prevent users from downloading executables"
Thanks in advance.
Rgds
Anu
- « Previous
-
- 1
- 2
- Next »
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, I have not
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also created a rule
Source: Test PC
Destination: www.teamviewer.com
Service:Any
Log and NAT: Enable
I placed it on top of the rulebase
Then I generated the http traffic to www.teamviewer.com and I checked the " count" field in the policy. It did show 13 packets in the count field.
When I download the click on " Install" , I get the error.
Any comments.I have not heard from the TAC anything yet
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When I download the click on " Install" , I get the error.It would be nice to know the wording of that error (message) is. Since the fp rule works, the problem is likely elsewhere. - Do you have admin rights on the test pc to install apps? - Is the pc' s own firewall blocking that app? - Have you checked teamviewer.com' s support pages to see what is needed to run their app and what ports needed to be open? - Have you checked the fgt' s logs to see what other sites or ports need to be open? (Their app could be connecting to sites other than www.teamviewer.com.)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have tried a different approach.
I created a URL filter and allowed all the trusted URL' s with the Action as " Exempt" . it works fine now. I applied that URL filter in the Web Filter profile and applied it to the Firewall Policy.
If I select teh Action as " Allow" , the DLP rule takes precendence and I am unable to download any executables.
Now the problem is that the traffic to those sites and the executables downloaded are not being scanned by the AV engine.
Now what I have been able to achieve is:
1) Stop users from downloading executables from all the websites.
2) Enable users from downloading executables from the Trusted websites.
What is pending is:
1) How can I make sure that the " executables" get scanned by the AV engine.
2) How can I prevent users from downloading files > 5120 KB (except pdf' s). I have enabled the Protocl options rule but how can I exempt the pdf files from this rule.
Thanks
Anne
- « Previous
-
- 1
- 2
- Next »