No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Data Filtering Affects the Transfer of Normal Files

Publication Date:  2019-01-24 Views:  75 Downloads:  0
Issue Description

The data filtering function is configured on the NGFW to block the transmission of packets containing specific keywords between security zones. However, intranet users cannot transfer files that do not contain the keywords.

Handling Process

Cause 1: Traffic does not match the expected security policy.

1. Choose Monitor > Log > Policy Matching Log.

2. Click Advanced Search in the upper right corner and specify the source user and application.

Source user: name of the user account used by an intranet user to upload or download files, for example, User0001

Application: name of the protocol or application program used by an intranet user to upload or download files

3. Click Search.

4. In the displayed security policy log, check whether the traffic that the intranet user uploads or downloads matches the expected security policy.

If not, choose Policy > Security Policy > Security Policy to adjust the sequence or parameters of the security policy.

If so, go to cause 2.

Cause 2: The traffic is blocked by other content security functions.

1. Click the name of the security policy queried in step 1. On the Modify Security Policy page, you can view the profile referenced by the security policy.

2. View the following logs based on the referenced security profile:

Antivirus and intrusion prevention: Choose Monitor > Log > Threat Log.

URL filtering: Choose Monitor > Log > URL Log.

File blocking, data filtering, and application behavior control: Choose Monitor > Log > Content Log.

3. On the corresponding log page, click Advanced Search in the upper right corner and enter the name of the security policy.

4. Click Search. Check the logs whose Action is Block.

If the traffic is blocked by the data filtering profile, go to cause 3.

If the traffic is blocked by another profile, check the profile to determine whether the traffic needs to be blocked.

- If yes, the fault diagnosis ends.

- If no, modify the parameters in the related profile.

Cause 3: The data filtering profile is incorrectly configured.

1. Click the name of the data filtering profile queried in step 2 and view the data filtering rule on the Modify Data Filtering Profile page.

2. Modify the parameters of the data filtering rule to ensure that normal files do not match the conditions of the data filtering rule.

Cause 4: The keyword group is incorrectly configured.

1. Choose Object > Keyword Group.

2. Click the keyword group referenced by the data filtering profile to check whether the user-defined and predefined keywords in the keyword list contain the content that does not need to be filtered.

If yes, modify the configuration of the keyword group so that the keyword group contains only the content that needs to be filtered.

If no, go to cause 5.

Cause 5: The keyword weight is too large or the block threshold is too small.


Note: Adjusting the block threshold and keyword weight requires repeated testing and adjustment.


1. Choose Object > Security Profile > Data Filtering to view the block threshold. If the value is too small, set the block threshold to a larger value.

2. Choose Object > Keyword Group to view the keyword weight. If the value is too large, decrease the weight.

Root Cause

Cause 1: Traffic does not match the expected security policy.

Cause 2: The traffic is blocked by other content security functions.

Cause 3: The data filtering profile is incorrectly configured.

Cause 4: The keyword group is incorrectly configured.

Cause 5: The keyword weight is too large or the block threshold is too small.

END