Buy our NEW Value Added Services, VPN Client Software or Nebula Licenses with 1-click

Now available
English Български Čeština Dansk Deutsch Español Suomi Français Magyar Italiano Nederlands Norsk Polski Română Русский Slovenčina svenska Türkçe

Anti Virus: How to block the download of DOC, PDF, XLS and ZIP files? UTM Services icon

Avatar
Lukas Bohnen
  • Updated

This is an example of using a firewalls UTM Profile to block access and download files from an FTP or HTTP server. Use the Anti-Virus blacklist to set up the blocked list of file patterns to restrict access and download of certain files.

 

01.png

 Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG310 (Firmware Version: ZLD 4.13).


Step by step guide

Set Up the Anti-Virus Profile on the ZyWALL/USG 

1. In the ZyWALL/USG, go to 

CONFIGURATION > UTM Profile > Anti-Virus > Black/White List > Black List

click the Add icon. Use wildcards (*) to configure File Pattern.

CONFIGURATION > UTM Profile > Anti-Virus > Black/White List > Black List > Add rule

 02.png

 

2. Go to CONFIGURATION > UTM Profile > Anti-Virus > Black/White List > Black List > General Settings to select Enable Black List.

CONFIGURATION > UTM Profile > Anti-Virus > Black/White List > Black List > General Settings

 03.png

 

3. In the ZyWALL/USG, go to 

CONFIGURATION > UTM Profile > Anti-Virus > Profile > Profile Management > Add rule

 and configure a Name for you to identify the Anti-Virus Profile.

Select Log type as log alert to view the result later.

Make sure you select Check Black List and click OK.

CONFIGURATION > UTM Profile > Anti-Virus > Black/White List > Black List > General Settings

 04.png

 

Set Up the Security Policy on the ZyWALL/USG

1. In the ZyWALL/USG, go to

 CONFIGURATION > Security Policy > Policy Control

, configure a Name for you to identify the Security Policy profile. For From and To policies, select the direction of travel of packets to which the policy applies.

Scroll down to UTM Profile, select Anti-Virus and select a profile from the list (Block_FTP_HTTP_Download in this example).

CONFIGURATION > Security Policy > Policy Control

 05.png

 

Verification:

 1. When you download a PDF file from the HTTP server, the browser will display: Failed to load PDF document.

 06.png

 

2. When you download a PDF file from the FTP server, the browser won’t be able to display content.

 07.png

 

3. Go to the ZyWALL/USG 

Monitor > Log 

to see [info] log message such as below.

 

08.png

 

What can go wrong?

1. If you are not able to configure any Anti-Virus policies or it’s not working, there are two possible reasons:

a. You have not subscribed for the Anti-Virus service.

b. You have subscribed for the Anti-Virus service, but the license is expired.

You can click the link from the CONFIGURATION > Licensing > Registration screen of your ZyXEL device’s Web Configurator or click the myZyXEL.com 2.0 icon from the portal page (https://portal.myzyxel.com/) to register or extend your Anti-Virus license.

Related articles

Comments

0 comments

Please sign in to leave a comment.