- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-22-2023 11:38 AM
Hello has anyone had any success with blocking the ability to upload content via Adobe Creative Cloud using the Palo Firewall ? Is it as simple as creating a rule to block UDP\443 traffic for either QUIC, the domain, or both?
02-22-2023 11:51 AM - edited 02-22-2023 11:52 AM
You should probably have a rule to block QUIC for all applications as that will force connections back to HTTP/HTTPS where they examined by the PaloAlto.
The PA has an existing Application ID for "adobe-creative-cloud-upload" that runs on port 443 and has the description:
This application controls file uploading activity by adobe creative cloud. Adobe Creative Cloud is an online service that includes access to tools for graphic design, video editing, and web development, as well as cloud storage to sync, share, and store content.
Have you tried creating a Security Policy to try blocking that yet?
SrcZone=Trust
DstZone=Untrust
Application=adobe-creative-cloud-upload (or possibly all of adobe-creative-cloud and/or other adobe application IDs)
Service=application-default
Action=block
02-22-2023 11:58 AM
Thank you for the quick response, I can see that there are instances where QUIC is blocked from looking at the traffic logs, but when checking with the user base they are still able to upload content. There aren't any other rules from what i can tell. Thank you for the input.
02-22-2023 01:13 PM
QUIC is a Google's traffic wrapper that can obscure traffic signatures, so existing traffic may or may not be blocked by other Security Policies if/when the PA finally determines what the wrapped traffic actually is (or it may be blocked do to source/destination addresses or something else unrelated). I, and I'm sure many others, explicitly block QUIC traffic altogether to remove that wrapper in the first place. Any application capable of using QUIC should fall back to standard protocols (which the PA can more quickly identify) when they can't connect with QUIC.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!