Guides
Secure Access Help Center

Enable File Type Controls

In Cisco Secure Access, you can manage the file type controls for either internet or private access in the Security profile. The file type control settings determine whether an end user can access certain types of files on internet or private destinations.

📘

Important

For internet destinations and internet access rules in the Access policy, Secure Access supports the option to manage the upload, download, or upload and download of file types selected in the Security profile. Secure Access is releasing this option beginning on June 1, 2025 and completing the rollout of the feature on July 31, 2025.

Table of Contents

About File Type Controls for Internet Access

In a Security profile, configure the file type controls for files on internet destinations. You can choose whether to control the upload, download, or upload and download of certain types of files. Then, add the Security Profile for internet access to the internet access rules in the Access policy.

If File Type Blocking is enabled and a user device attempts to download or upload a selected file type from an internet destination, Secure Access presents a Block page instead of the requested resource.

Note: Blocking some file types may cause a website not to display correctly.

About File Type Controls for Private Access

In a Security profile, configure the file type controls for files on private destinations. You can choose whether to download certain types of files. Then, add the Security Profile for private access to the private access rules in the Access policy.

Prerequisites

  • Full Admin user role. For more information, see Manage Accounts.
  • Enable decryption in the same Security profile for internet access where you configure the file type controls.
  • In private access rules, configure decryption for private resources as rule destinations.

Procedure

Enable File Type Blocking for Internet Access

  1. Navigate to Secure > Security Profiles,

  2. Click Add Profile and then choose Internet Access, or expand an existing Security profile.

  3. Navigate to Security and Acceptable Use Controls, navigate to File Type Blocking, and then click Edit.


  1. For File Type Blocking, search for specific file types or choose the file types to block.
    1. Check the categories of the file types to choose all file types in the group, or expand a file type category to choose specific file types. For more information about available file types, see File Types to Block.
      Note: When an entire file type group is selected, all future file types added to that group are also blocked.
    2. Choose either Upload, Download, or Both.
  1. Click Save.

Use the Security profile in an internet access rule to apply the file type blocking security controls to the configured destinations.

Enable File Type Blocking for Private Access

  1. Navigate to Secure > Security Profiles,
  2. Click Add Profile and then choose Private Access, or expand an existing Security profile.
  3. Navigate to Security and Acceptable Use Controls, navigate to File Type Blocking, and then click Edit.
  1. For File Type Blocking, search for specific file types or choose the file types to block.
    a. Check the categories of the file types to choose all file types in the group, or expand a file type category to choose specific file types. For more information about available file types, see File Types to Block.

Note: When an entire file type group is selected, all future file types added to that group are also blocked.

  1. Click Save.

Use the Security profile in a private access rule to apply the file type blocking security controls to the configured destinations.

Manage File Type Control < Enable File Type Controls > File Types to Block

Updated 9 days ago