A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket.
The ticket states that the user is being blocked by the firewall when trying to download a TAR file. The user is getting no error response on the system.
Where is the best place to validate if the firewall is blocking the user's TAR file?
When a file blocking profile is applied and the action is set to block, any attempts to download blocked file types, such as a TAR file, will be logged in the Data Filtering log. This log is specifically designed to track and record instances where data filtering rules, such as file blocking, have been triggered. Checking the Data Filtering log will provide information on whether the firewall has indeed blocked the user's TAR file and why.
Navigate to Monitor > Logs > Data Filtering
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZ1CAK >>Resolution View the file block logs in Data Filtering logs section. This is in the same Logs section as the Traffic and Threat logs under the Monitor tab.
B. Data Filtering log
very obvious it will be found in Data Filtering logs
View the file block logs in Data Filtering logs section. This is in the same Logs section as the Traffic and Threat logs under the Monitor tab. Navigate to Monitor > Logs > Data Filtering