I am looking for some practical experience on how to best block as many cloud-based services as possible.
I know I can probably create some Dynamic Filters for some apps, but other may need to be controlled differently (SSL decryption, block the domain name, etc).
I am wondering what the bulk of firewall admin or others are doing in such circumstances.
I am about to do a remote install, and I want to make sure I cover all my bases.
I guess your best option is to use whitelisting.
That is define which apps should be allowed or not. Apps which isnt allowed will be blocked by default.
And in some cases organize this in such way so you have a blacklist (for example url-based) before that allow rule.
Other than that more and more online services are using the "cloud" in one way or another.
I mean I guess you will allow access to gmail and when you do this the user can use various plugins in their browsers to use gmail as a datastorage which brings you a tricky situation of defining what is a cloud service and what isnt.
I think what you are asking would be unbelievably cumbersome. As mikand said, you would have to to set this up as an extremely complex whitelisting or have an extraordinarily long blacklist, or a combination thereof. Since all of these cloud based apps are based on the parent "web-browsing" and "ssl" and NGF policies are fundamentally based upon apps, you would have to come up with a list of apps that you truly want to block, and allow everything else (whitelist), or block them all (blacklist). There is an untold number of cloud services available with a plethora of use cases. I think what you really need to do is figure out what you don't want your users to be able to do (what is your business case), and then go from there.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!