Contents x
      How to Configure File Exclusions for Edge Series Devices
      • 27 Mar 2023
      • 5 Minutes to read
      • Print
      Contents

      How to Configure File Exclusions for Edge Series Devices

      • Updated on 27 Mar 2023
      • 5 Minutes to read
      • Print
      Article summary

      Summary

      The File Exclusions function is an enhancement of the File Filter Profiles for the EdgeIPS Series devices. As the File Filter Profile is a denylist-based function, the File Exclusions function provides an allowlist of file names to make exceptions for files on the list so that they can be transmitted while others are still blocked from passing through the Edge Series.

      Applicable Version

      EdgeIPS Pro : Version 1.3.15 or later
      EdgeIPS & EdgeFire : Version 2.0 or later

      Details

      1. File Exclusions

      image.png
      Figure 1 Deployment Scenario of File Exclusions

      The following are prerequisites for the File Exclusions function:

      • The firmware version of EdgeIPS Pro Series should be 1.3.15 or later. The firmware version of EdgeIPS and EdgeFire should be 2.0 or later. If not, you need to upgrade the firmware of the device via EdgeOne or perform manual upgrade on the web console before importing file names into an allowlist for file exclusions in a file filter profile.
      • At least one protocol used for file downloads must be selected and enabled. EdgeIPS Series devices support HTTP, FTP, and SMB protocols for the File Filter Profile function.
        image.png
      • The PE and/or ELF file type(s) for file blocking must be selected. At least one file type needs to be selected in a file filter profile.
        image.png
      • The file filter profile must be applied to an active policy enforcement rule.
        image.png

           image.png

      If the protocols used for file downloads and the file types are both selected in file filter profiles applied to a policy enforcement rule, the Edge Series devices will detect the protocols you use and block the downloads for designated file types accordingly. If a file name on the exclusion list fully matches the name of the file in downloading, Edge Series devices will allow the file download rather than blocking it.

      The file exclusion list supports the PE-based file type for the Windows system and the ELF-based file type for the Linux system.

      For a zip/gz file that includes multiple files and is smaller than 100MB, the file name matching rule will be executed on the zip/gz file itself as well as the encapsulated PE-based or ELF-based files. The matching result depends on what file type is on the exclusion list. However, for a zip/gz file that is larger than 100MB or is encrypted with password, the file name matching rule will not be executed, and the zip/gz file will be bypassed.

      e.g.: The zip file “A” is smaller than 100MB and includes multiple files, which are the password-protected file “B”, the ELF-based file “C”, and the PE-based file “D”. The policy enforcement rule contains a file type filter (the option “Drop PE file/ELF file” is selected) and “A” is on the file exclusion list. When Edge Series devices detects the zip file “A”, the device will bypass it.
      e.g.: The gz file “A” is smaller than 100MB and includes multiple files, which are the password-protected file “B”, the ELF-based file “C”, and the PE-based file “D”. The policy enforcement rule contains a file type filter (the option “Drop PE file/ELF file” is selected) and “C” is on the file exclusion list. When Edge Series devices detects the gz file “A”, the device will drop it.
      e.g.: The zip file “A” is larger than 100MB and includes multiple files, “B”, “C”, and “D”. Since the file name matching rule will not be executed on files larger than 100MB, when Edge Series devices detects the zip file “A”, the device will bypass it.
      The following table summarizes the settings:
      Edge Series DeviceOperation ModeFile Type Filter Profiles
      If the file is not on File Exclusion listIf the file is on File Exclusion list
      EdgeIPSInline ModeFile droppedFile bypassed
      Offline Mode
      (No action taken)
      (No action taken)
      EdgeIPS ProInline Mode
      ( Each Port Pair)      		File droppedFile bypassed
      Offline ModeInline Mode
      ( Each Port Pair)
      (No action taken)
      (No action taken)
      EdgeFireBridge Mode
      Gateway Mode      		File droppedFile bypassed

      2. Configuring File Exclusions Function

      image.png

      Method 1: Importing a File List Using the Built-in CSV File Template

      1. Access the Edge Series device web-based management console.
      2. Go to [Object Profiles] > [File Filter Profile(s)].
      3. Click the [Download CSV Template] button to download a CSV file.
        image.png
      4. Open the downloaded CSV file and input the full file names (mandatory) and descriptions
        (optional). For example:
      Full FilenameDescription
      abc.exeWindows PE File
      def.batWindows PE File
      ghi.oLinux ELF File
      1. The maximum full file name length (< filename >+"."+< file extension >) is 128 characters (UTF-8, English characters).

      2. If user inputs any non-English characters, the full file name length will be shortened to 32 characters.
      3. The file exclusion list only accepts the full file name.

      1. Click the [File Exclusions Settings] button to open the [File Exclusions Settings] page.
        image.png
      2. Import the CSV file (which you have included file names in step 4) and click the [Save] button.
        image.png
      3. If the format of the imported file is correct, a prompt will indicate that the exclusion list has been successfully imported.
        image.png
      4. Go to [Security] > [Policy Enforcement].
      5. Select the rule template and the policy enforcement rule you want to edit.
      6. Enable the [File Filter Profile] function and select the profile name with the file exclusion list you just imported.
        image.png
      7. Click the [Save] button to save the settings.

      Method 2: Manually Adding Full Filenames to the File Exclusion List

      1. Access the Edge Series device web-based management console.
      2. Go to [Object Profiles] > [File Filter Profile(s)].
      3. Click the [File Exclusions Settings] button to open the [File Exclusions Settings] page.
        image.png
      4. Click the [Add] button.
        image.png
      5. Input a full filename. The description is optional.
        image.png
      1. The maximum full file name length (< filename >+"."+< file extension >) is 128 characters (UTF-8, English characters).

      2. If user inputs any non-English characters, the full file name length will be shortened to 32 characters.

      1. If the file name you input is correct, it will be shown on the list. To add multiple file names, repeat steps 4-5. Once completed, click the [Save] button.
      2. Go to [Security] > [Policy Enforcement].
      3. Select the rule template and the policy enforcement rule you want to edit.
      4. Enable the [File Filter Profile] function and select the profile name with the file exclusion list you just created.
        image.png
      5. Click the [Save] button to save the settings.



      For support assistance, please Contact Us at support@txone.com or your Support Provider.

      Was this article helpful?
      What's Next
      © 2024 TXOne Networks. All rights reserved