Dropbox Upload Block Rule not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Dropbox Upload Block Rule not working

L3 Networker

I've created a rule to allow only Dropbox downloads and not allow uploads. The rule doesn't appear to be working. Steps I've taken are below:

  • Generated self-signed SSL certificate
  • Configured SSL decryption Rule for 'online-personal-storage' URL category
  • Created File-Blocking profile to block upload and allow download
  • Applied File-blocking profile to created Rule's profile.

The rule still isn't working. When I upload something to dropbox, the logs still show it as 'allow' under Action.

(Dropbox Web interface, not desktop client is what I'm using)

Has anyone experienced this please?

9 REPLIES 9

L6 Presenter

Hi Martin,

I have configures excactly same configuration in LAB and towkrs fine. Please find running configuration for the same.

Let me know how is your configuration different.

Regards,

Hardik Shah

L6 Presenter

Hi Martin,

Is session identified as "dropbox" ?

Is session decrypted?

Provide us output for show session id <> for dropbox session.

Regards,

Hardik SHah

No...I don't see any session identified as 'dropbox'. this came up for that session:

ms-ds-smb


63521    ms-ds-smb  ACTIVE  FLOW   192.168.XX.XX[64077]/Monitor/6  (192.168.XX.XX[64077])

Hi Martin,

ms-ds-smb is microsoft traffic which is not at  all drop-box.

It appears firewall is not finding dropbox application because of decryption or any other issue. Thats why its not taking intended action.

Can you please monitor session closely and provide me session detail.

Regards,

Hardik Shah

Martin.Egede


Can you please verify if the self signed certificate that was generated for SSL decryption is marked as CA and that forward trust and forward untrust options on the certificate are checked?

Speculating that dropbox traffic is not being decrypted. Following documents might be helpful for you:


SSL Forward Proxy (Man in the Middle)

How to Implement SSL Decryption

Thanks

Yes...All those options were set as required in the certificate

Hi,

In the rule I created, I set the URL category as 'online-personal-storage'. Do you think I need to use a custom category and specify the URL 'www.dropbox.com'?

Hi Martin,

Try with any URL and see if that works, while testing policy should be simplest.

If its not feasible than you can just check the traffic log, if traffic is hitting the same rule than you dont need it.

Regards,

Hardik Shah

L6 Presenter

Hi Martin,

Are you trying to block .jpg, .gif, .txt files. If yes, then they are not supported. Kindly refer following document.

When configuring file blocking, what does the "Any" option actually mean?

Regards,

Hardik Shah

  • 5122 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!