- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-06-2012 01:57 AM
Hi all,
I'm trying to block access to Google Drive with not much success.
The Applipedia has an entry called "google-drive" but this application definition does not seem to be present on my system (PA-2020 4.1.6 327-1497)
I do have an application called "google-drive-web" so I have blocked this. I have seen a couple of denys for this application this but Google Drive continues to work (both the Google Drive app instaled on my PC and the Google Drive web interface) .
The problem I think is that immediately after the "google-drive-web" drops in the log, there are a number of "ssl" connections to a similar IP address. I suspect that these are the connections that need to be blocked.
Has anybody managed to block Google Drive please, and if so how did you do it?
Many thanks,
Dave
09-06-2012 05:26 AM
The SSL termination seems to break the Google Drive application on my PC, however the web interface now gets blocked correctly!
I did notice that there was another question relating to getting Google Drive working using SSL termination, but as I don't want it to work I'm going to leave things as they are.
The PA did not detect the traffic any differently - I don't think the app got beyond trying to validate the fake certificate it got back from my PA.
Many thanks,
Dave
09-06-2012 02:08 AM
What about if you add gmail-drive (which seems to be what applipedia currently calls it)?
327-1497 is the latest db released 4th sept so your device seems to be up2date.
I think you would also need to enable ssl termination (decrypt rules for ssl) in order to successfully block various google services.
09-06-2012 03:04 AM
Thanks. I did spot gmail-drive mentioned in the google-drive description in Applipedia but ddn't try it as traffic was being identified as "ssl".
I've just tried it now though to be sure, but unfortunately this doesn't seem to make any difference.
I suspect you may be right about having to use SSL termination. I will experiment with this later today.
Thanks,
Dave
09-06-2012 03:15 AM
Sorry you are right, if the traffic log identified the traffic as ssl or whatever then it wont help by adding gmail-drive
If possible (during "debug") you can use "any" as appid to spot how the PA will detect the traffic (limit the rule to the specific client ip as srcip or such) - would be nice if you could return with info on how the PA detect the traffic once you enabled ssl termination.
09-06-2012 05:26 AM
The SSL termination seems to break the Google Drive application on my PC, however the web interface now gets blocked correctly!
I did notice that there was another question relating to getting Google Drive working using SSL termination, but as I don't want it to work I'm going to leave things as they are.
The PA did not detect the traffic any differently - I don't think the app got beyond trying to validate the fake certificate it got back from my PA.
Many thanks,
Dave
09-06-2012 01:24 PM
So still no detection as gmail-drive (the correct detection is still google-drive-web)?
09-06-2012 01:31 PM
Unfortunately no - I think the app must be checking the certificate when it makes a connection to the Google Drive server and failing when it sees it is signed by my substituted CA. Understandable I suppose.
02-13-2017 04:54 PM
Hey so I guess I missed what exactly you did to get this working like you wanted. I'm trying to block Google Drive web as well, for some reason its getting blocked on IE but in chrome and firefox its still working.
02-13-2017 05:01 PM
A lot has changed in the 4.5 years since the most recent post on this thread. You may be better off starting a new thread with the details of what you have (hardware, PAN-OS version, content version, etc.).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!