File Type Control policy not enforcing block

Products Access Control
#1

I’m still pretty new to Zscaler in general, so it may be something glaringly obvious. I’ve created a FTC policy to block most file types (exe as an example) and have it scoped to a group which my test user belongs to and is for all protocols and all categories. I’ve been testing by downloading notepad++ exe from their site. The download is still being allowed what exactly am I missing? I’ve also tested with multiple browsers, Chrome being my main one with QUIC disabled. I’m only using ZIA at the moment and am off a trusted network. URL filtering is working as intended. What other information is needed to troubleshoot.

Thanks

#2

Is ssl inspection enabled?

#3

Under SSL Inspection it is set to Enabled for Windows. I’m only using the ZAPP client.

#4

You can check the certificate issuer name to be sure about SSL inspection on the site. Enabling SSL inspection for Windows doesn’t guarantee inspection as SSL inspection might be disabled for location or for URL category/cloud app…

I can see block happening for notepad++ exe download.

image
image766×300 13.5 KB

#5

Thanks, getting closer. Part of the issue was I needed to “install the certificate” in the ZAPP app profile, so now I see the correct certificate. I did verify the URL category is enabled for SSL inspection.

This is for an untrusted network (off corporate network) do I need this enabled?
“Enable SSL Inspection for Remote Users with Kerberos”

Zscaler Facebook  Linkdin  Zscaler Twitter  Zscaler Youtube  Zscaler Blogs
 

Copyright 2008-2020 Zscaler™, Inc.Zscaler™, SHIFT™, Direct-to-Cloud™, ZPA™, and The Cloud-First Architect™ are trademarks or registered trademarks of Zscaler, Inc.in the United States and/or other countries. All other trademarks are the property of their respective owners.