How do I configure the File Type Control policy?

To create File Type Control policy rules:

  1. Go to Policy > Web > File Type Control.
  2. Click Add.
  3. Enter the rule attributes:
    • Rule Order: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule’s place in the order. You can change the value, but if you’ve enabled Admin Rank, your assigned admin rank determines the Rule Order values you can select.
    • Admin Rank: Enter a value from 1-7 (1 is the highest rank). Your assigned admin rank determines the values you can select. You cannot select a rank that is higher than your own. The rule’s Admin Rank determines the value you can select in Rule Order, so that a rule with a higher Admin Rank always precedes a rule with a lower Admin Rank.
    • Status: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
  4. Define the criteria:
    • File Types: Select file types to which you want to apply the rule. You can also select Undetectable File under Other to apply the rule to unknown file types. For unknown types, the service checks for file type in the file header using true file type detection. If the file is still unknown, the service performs MIME type checks and tags as an unknown file type any that fall outside of well-defined MIME types for common apps. You can select any number of file types and also search for file types.
    • URL Categories: Select URL categories to which you want to apply the rule. The service applies the rule when users upload to and/or download files from sites in the selected categories. Select Any to apply the rule to all categories, or select any number of categories. You can also search for URL categories, or add a custom category by clicking the Add icon.
    • Users: Select Any to apply the rule to all users, or select up to 4 users under General Users. If you've enabled the unauthenticated users policy, you can select Special Users to apply this rule to all unauthenticated users, or select specific types of unauthenticated users. You can search for users or click the Add icon to add a new user.
    • Groups: Select Any to apply the rule to all groups, or select up to 8 groups. You can search for groups or click the Add icon to add a new group.
    • Departments: Select Any to apply the rule to all departments, or select any number of departments. If you've enabled the unauthenticated users policy, you can select Special Departments to apply this rule to all unauthenticated transactions. You can search for departments or click the Add icon to add a new department.
    • Locations: Select Any to apply the rule to all locations, or select up to 8 locations. You can also search for a location or click the Add icon to add a new location. To apply this rule to unauthenticated traffic, the rule must apply to all locations.
    • Time: Select Always to apply this rule to all time intervals, or select up to two time intervals. You can also search for a time interval or click the Add icon to add a new time interval.
  5. Choose an Action for the rule.
    • Allow users, caution users with a notification before they can proceed, or block users from uploading and/or downloading files.
  6. Optionally, type in a Description. Enter additional notes or information. The description cannot exceed 10240 characters.
  7. Click Save and activate the change. After saving, you can edit or delete the rule as necessary.

See Zscaler's recommended policy for File Type Control.

For information on the order in which the service enforces all policies, including this policy, see How does the Zscaler service enforce policies?