https://live.paloaltonetworks.com/t5/general-topics/blocking-cloud-based-services/m-p/39770#M29164 <HTML><HEAD></HEAD><BODY><P>I guess your best option is to use whitelisting.</P><P></P><P>That is define which apps should be allowed or not. Apps which isnt allowed will be blocked by default.</P><P></P><P>And in some cases organize this in such way so you have a blacklist (for example url-based) before that allow rule.</P><P></P><P>Other than that more and more online services are using the "cloud" in one way or another.</P><P></P><P>I mean I guess you will allow access to gmail and when you do this the user can use various plugins in their browsers to use gmail as a datastorage which brings you a tricky situation of defining what is a cloud service and what isnt.</P></BODY></HTML> Fri, 14 Jun 2013 05:53:01 GMT mikand 2013-06-14T05:53:01Z https://live.paloaltonetworks.com/t5/general-topics/blocking-cloud-based-services/m-p/39769#M29163 <HTML><HEAD></HEAD><BODY><P>Hi Group</P><P></P><P>I am looking for some practical experience on how to best block as many cloud-based services as possible.</P><P>I know I can probably create some Dynamic Filters for some apps, but other may need to be controlled differently (SSL decryption, block the domain name, etc).</P><P></P><P>I am wondering what the bulk of firewall admin or others are doing in such circumstances.</P><P>I am about to do a remote install, and I want to make sure I cover all my bases.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 14 Jun 2013 02:39:25 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-cloud-based-services/m-p/39769#M29163 scantwell 2013-06-14T02:39:25Z https://live.paloaltonetworks.com/t5/general-topics/blocking-cloud-based-services/m-p/39770#M29164 <HTML><HEAD></HEAD><BODY><P>I guess your best option is to use whitelisting.</P><P></P><P>That is define which apps should be allowed or not. Apps which isnt allowed will be blocked by default.</P><P></P><P>And in some cases organize this in such way so you have a blacklist (for example url-based) before that allow rule.</P><P></P><P>Other than that more and more online services are using the "cloud" in one way or another.</P><P></P><P>I mean I guess you will allow access to gmail and when you do this the user can use various plugins in their browsers to use gmail as a datastorage which brings you a tricky situation of defining what is a cloud service and what isnt.</P></BODY></HTML> Fri, 14 Jun 2013 05:53:01 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-cloud-based-services/m-p/39770#M29164 mikand 2013-06-14T05:53:01Z https://live.paloaltonetworks.com/t5/general-topics/blocking-cloud-based-services/m-p/39771#M29165 <HTML><HEAD></HEAD><BODY><P>I think what you are asking would be unbelievably cumbersome. As mikand said, you would have to to set this up as an extremely complex&nbsp; whitelisting or have an extraordinarily long blacklist, or a combination thereof. Since all of these cloud based apps are based on the parent "web-browsing" and "ssl" and NGF policies are fundamentally based upon apps, you would have to come up with a list of apps that you truly want to block, and allow everything else (whitelist), or block them all (blacklist). There is an untold number of cloud services available with a plethora of use cases. I think what you really need to do is figure out what you don't want your users to be able to do (what is your business case), and then go from there. </P></BODY></HTML> Fri, 14 Jun 2013 14:20:57 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-cloud-based-services/m-p/39771#M29165 craymond 2013-06-14T14:20:57Z