05-05-2021 01:00 PM
Hello everyone,
I have a problem with allowing wetransfer to download and blocking the download,
Wetransfer is part of the 'Online-storage-and-backup' category.
The choice is to block this category and create a bypass just for downloading on wetransfer,
On my side, I tried to create a URL whitlist category:
we.tl/*
wetransfer.com/downloads/*
Do you have any idea how I can do this?
05-07-2021 11:40 AM
If I understood you correctly and you want to block WeTransfer Upload while allowing Download you just need to create two rules based on app-id:
The latter one may not even be required if you have a default blocking rule later in the policy. And you do not need to use a URL category as a matching criterion in neither of these rules.
05-07-2021 11:40 AM
If I understood you correctly and you want to block WeTransfer Upload while allowing Download you just need to create two rules based on app-id:
The latter one may not even be required if you have a default blocking rule later in the policy. And you do not need to use a URL category as a matching criterion in neither of these rules.
05-14-2021 05:43 AM
@nmatveev Thank's, it's good 🙂
05-14-2021 07:19 AM
I am faced with a new problem,
wetransfer is also part of the "Online Storage and Backup" category which is in block,
so how do i fit my rule to make it work?
05-15-2021 02:40 PM
Do you mean you have it blocked in a URL-filtering profile that is assigned to the wetransfer rules or somewhere else?
If the former is the case then you simply need to use a URL-filtering profile with either all categories set to "alert" or, better, set only malicious categories to "Block" (see "Block Recommended" section in this article https://live.paloaltonetworks.com/t5/blogs/url-filtering-category-recommendations/ba-p/325701) and all others, including the "Online Storage and Backup" category, to "Alert".
If the latter is the case, well, then you need to allow it somehow... There are several ways of achieving this depending on your environment and business requirements. For example, you could have the same AD group assigned to the "wetransfer" rule and a rule that would allow "ssl and web-browsing" to the "Online Storage and Backup" category (that category would need to be set as the matching criterion, on the "Service/URL category" tab; the URL profile in that rule would need to be set to "Alert" only on all categories).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
