This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Adobe Creative Cloud -- Block Uploads

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Adobe Creative Cloud -- Block Uploads

EWashington1
L0 Member

‎02-22-2023 11:38 AM

Hello has anyone had any success with blocking the ability to upload content via Adobe Creative Cloud using the Palo Firewall ?  Is it as simple as creating a rule to block UDP\443 traffic for either QUIC, the domain, or both? 

 

0 Likes Likes
3 REPLIES 3

Adrian_Jensen
L6 Presenter

‎02-22-2023 11:51 AM - edited ‎02-22-2023 11:52 AM

You should probably have a rule to block QUIC for all applications as that will force connections back to HTTP/HTTPS where they examined by the PaloAlto.

 

The PA has an existing Application ID for "adobe-creative-cloud-upload" that runs on port 443 and has the description:

 

This application controls file uploading activity by adobe creative cloud. Adobe Creative Cloud is an online service that includes access to tools for graphic design, video editing, and web development, as well as cloud storage to sync, share, and store content.

 

 

Have you tried creating a Security Policy to try blocking that yet?

SrcZone=Trust

DstZone=Untrust

Application=adobe-creative-cloud-upload  (or possibly all of adobe-creative-cloud and/or other adobe application IDs)

Service=application-default

Action=block

0 Likes Likes

EWashington1
L0 Member

‎02-22-2023 11:58 AM

Thank you for the quick response, I can see that there are instances where QUIC is blocked from looking at the traffic logs, but when checking with the user base they are still able to upload content. There aren't any other rules from what i can tell. Thank you for the input. 

0 Likes Likes

Adrian_Jensen
L6 Presenter

‎02-22-2023 01:13 PM

QUIC is a Google's traffic wrapper that can obscure traffic signatures, so existing traffic may or may not be blocked by other Security Policies if/when the PA finally determines what the wrapped traffic actually is (or it may be blocked do to source/destination addresses or something else unrelated). I, and I'm sure many others, explicitly block QUIC traffic altogether to remove that wrapper in the first place. Any application capable of using QUIC should fall back to standard protocols (which the PA can more quickly identify) when they can't connect with QUIC.

0 Likes Likes
  • 1672 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks