- 27 Mar 2023
- 5 Minutes to read
- Print
How to Configure File Exclusions for Edge Series Devices
- Updated on 27 Mar 2023
- 5 Minutes to read
- Print
Summary
The File Exclusions function is an enhancement of the File Filter Profiles for the EdgeIPS Series devices. As the File Filter Profile is a denylist-based function, the File Exclusions function provides an allowlist of file names to make exceptions for files on the list so that they can be transmitted while others are still blocked from passing through the Edge Series.
Applicable Version
EdgeIPS Pro : Version 1.3.15 or later
EdgeIPS & EdgeFire : Version 2.0 or later
Details
1. File Exclusions
Figure 1 Deployment Scenario of File Exclusions |
The following are prerequisites for the File Exclusions function:
- The firmware version of EdgeIPS Pro Series should be 1.3.15 or later. The firmware version of EdgeIPS and EdgeFire should be 2.0 or later. If not, you need to upgrade the firmware of the device via EdgeOne or perform manual upgrade on the web console before importing file names into an allowlist for file exclusions in a file filter profile.
- At least one protocol used for file downloads must be selected and enabled. EdgeIPS Series devices support HTTP, FTP, and SMB protocols for the File Filter Profile function.
- The PE and/or ELF file type(s) for file blocking must be selected. At least one file type needs to be selected in a file filter profile.
- The file filter profile must be applied to an active policy enforcement rule.
If the protocols used for file downloads and the file types are both selected in file filter profiles applied to a policy enforcement rule, the Edge Series devices will detect the protocols you use and block the downloads for designated file types accordingly. If a file name on the exclusion list fully matches the name of the file in downloading, Edge Series devices will allow the file download rather than blocking it.
The file exclusion list supports the PE-based file type for the Windows system and the ELF-based file type for the Linux system.
For a zip/gz file that includes multiple files and is smaller than 100MB, the file name matching rule will be executed on the zip/gz file itself as well as the encapsulated PE-based or ELF-based files. The matching result depends on what file type is on the exclusion list. However, for a zip/gz file that is larger than 100MB or is encrypted with password, the file name matching rule will not be executed, and the zip/gz file will be bypassed.
Edge Series Device | Operation Mode | File Type Filter Profiles | |
If the file is not on File Exclusion list | If the file is on File Exclusion list | ||
EdgeIPS | Inline Mode | File dropped | File bypassed |
Offline Mode | — (No action taken) | — (No action taken) | |
EdgeIPS Pro | Inline Mode ( Each Port Pair) | File dropped | File bypassed |
Offline ModeInline Mode ( Each Port Pair) | — (No action taken) | — (No action taken) | |
EdgeFire | Bridge Mode Gateway Mode | File dropped | File bypassed |
2. Configuring File Exclusions Function
Method 1: Importing a File List Using the Built-in CSV File Template
- Access the Edge Series device web-based management console.
- Go to [Object Profiles] > [File Filter Profile(s)].
- Click the [Download CSV Template] button to download a CSV file.
- Open the downloaded CSV file and input the full file names (mandatory) and descriptions
(optional). For example:
Full Filename Description abc.exe Windows PE File def.bat Windows PE File ghi.o Linux ELF File 1. The maximum full file name length (< filename >+"."+< file extension >) is 128 characters (UTF-8, English characters).2. If user inputs any non-English characters, the full file name length will be shortened to 32 characters.
3. The file exclusion list only accepts the full file name.
- Click the [File Exclusions Settings] button to open the [File Exclusions Settings] page.
- Import the CSV file (which you have included file names in step 4) and click the [Save] button.
- If the format of the imported file is correct, a prompt will indicate that the exclusion list has been successfully imported.
- Go to [Security] > [Policy Enforcement].
- Select the rule template and the policy enforcement rule you want to edit.
- Enable the [File Filter Profile] function and select the profile name with the file exclusion list you just imported.
- Click the [Save] button to save the settings.
Method 2: Manually Adding Full Filenames to the File Exclusion List
- Access the Edge Series device web-based management console.
- Go to [Object Profiles] > [File Filter Profile(s)].
- Click the [File Exclusions Settings] button to open the [File Exclusions Settings] page.
- Click the [Add] button.
- Input a full filename. The description is optional.
1. The maximum full file name length (< filename >+"."+< file extension >) is 128 characters (UTF-8, English characters).2. If user inputs any non-English characters, the full file name length will be shortened to 32 characters.
- If the file name you input is correct, it will be shown on the list. To add multiple file names, repeat steps 4-5. Once completed, click the [Save] button.
- Go to [Security] > [Policy Enforcement].
- Select the rule template and the policy enforcement rule you want to edit.
- Enable the [File Filter Profile] function and select the profile name with the file exclusion list you just created.
- Click the [Save] button to save the settings.
For support assistance, please Contact Us at support@txone.com or your Support Provider.