Adobe Creative Cloud -- Block Uploads

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Adobe Creative Cloud -- Block Uploads

L1 Bithead

Hello has anyone had any success with blocking the ability to upload content via Adobe Creative Cloud using the Palo Firewall ?  Is it as simple as creating a rule to block UDP\443 traffic for either QUIC, the domain, or both? 

 

3 REPLIES 3

L6 Presenter

You should probably have a rule to block QUIC for all applications as that will force connections back to HTTP/HTTPS where they examined by the PaloAlto.

 

The PA has an existing Application ID for "adobe-creative-cloud-upload" that runs on port 443 and has the description:

 

This application controls file uploading activity by adobe creative cloud. Adobe Creative Cloud is an online service that includes access to tools for graphic design, video editing, and web development, as well as cloud storage to sync, share, and store content.

 

 

Have you tried creating a Security Policy to try blocking that yet?

SrcZone=Trust

DstZone=Untrust

Application=adobe-creative-cloud-upload  (or possibly all of adobe-creative-cloud and/or other adobe application IDs)

Service=application-default

Action=block

L1 Bithead

Thank you for the quick response, I can see that there are instances where QUIC is blocked from looking at the traffic logs, but when checking with the user base they are still able to upload content. There aren't any other rules from what i can tell. Thank you for the input. 

L6 Presenter

QUIC is a Google's traffic wrapper that can obscure traffic signatures, so existing traffic may or may not be blocked by other Security Policies if/when the PA finally determines what the wrapped traffic actually is (or it may be blocked do to source/destination addresses or something else unrelated). I, and I'm sure many others, explicitly block QUIC traffic altogether to remove that wrapper in the first place. Any application capable of using QUIC should fall back to standard protocols (which the PA can more quickly identify) when they can't connect with QUIC.

  • 1970 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!