This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Dealing with Drop Box

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Dealing with Drop Box

payntonm
Not applicable

‎08-12-2011 08:16 AM

Hi,

Can some one help as we are new to this.

We want to blook and application call Drop box, Our users use this application to pull data from external networks wich we want to allow but we want to block drop box sharing our data off our network. could some one help me do this?

1 person had this problem.
0 Likes Likes
2 REPLIES 2

jleung
L4 Transporter

‎08-12-2011 10:37 PM

Hi,

We can identify dropbox as an app, and you have two options to control it:

1. deny all dropbox traffic by policy

2. allow dropbox, and use file blocking profile to deny file upload out of all of our supported file types (over 50 types now, including common office doc, common compressed file format such as zip and rar, and also encrypted compressed file format such as encrypted rar and zip) for dropbox.

Approch 2 should be more suitable to your scenario. Though 100% what you want to do, but should be very close.

snowcrash
L2 Linker
In response to jleung

‎05-01-2012 07:10 PM

Just an update to the discussion thread.

Dropbox is currently using a certificate which is not compatible with the PAN  firewall (the PAN firewall conforms highly to the SSL RFCs).  As a  result, Dropbox SSL traffic cannot be decrypted, and its file operations  cannot be detected.  Dropbox's certificate is  added to the ssl-decrypt exclude-cache list.

The following is a KP article listing sites which we are unable to perform SSL decryption on, and Dropbox.com is one of them.

<https://live.paloaltonetworks.com/docs/DOC-1423>

In general, these sites cannot be decrypted because they deviate  from SSL encryption standards in one form or another (i.e. use  proprietary encryption, require a specific type of certificate, etc).

The status of the Dropbox  SSL certificate can be verified by looking at the ssl-decrypt  exclude-cache file on the firewall using the following CLI command - it is shown as an unsupported cert:

admin@PA-200> show system setting ssl-decrypt exclude-cache | match 199.47.216.171
1    199.47.216.171:443            ssl           40874   CERT_UNSUPPORTED    undecided

In summary, currently dropbox can be allowed or denied, but cannot selectively allow downloads while blocking uploads.  This may change in the future if/when dropbox uses a compatible certificate.

Regards,

Tony

  • 3248 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks