Cloud file sharing: Unrestricted downloads but block / throttle uploads

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cloud file sharing: Unrestricted downloads but block / throttle uploads

L3 Networker

Wondering if anyone has accomplished this?  Our company has adopted a policy requiring users that need to share large files to use cloud file sharing provider X.  However, since we interact with numerous global vendors, they all obviously have their preference.  So, as such, we want to allow downloads from all cloud file sharing apps - but block or at the very least restrict uploads to a very slow speed.  I tried accomplishing this w/ QoS but that limits the entire connection.  Open to suggestions on the best way to do this.

 

Thanks!!

3 REPLIES 3

Cyber Elite
Cyber Elite

you can create a QoS profile that does not restrict any of your normal traffic (class4 by default) and applies a different class to any/all of the cloud solutions, so their bandwidth is severely restricted

 

check out this article: Getting Started: Quality of Service

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

That is what we are doing today.  The challenge is that we must be able to allow downloads from such sites due to a plethora of different vendors and/or service providers we work with (we can't expect them to adhere to OUR preferred file sharing service).. yet we don't want people utilizing our connection to upload 800 wedding photos to dropbox for example.  The problem with QoS is that it applies both ways, and, also severly restricts simply browsing a file sharing site as well.  We're fine with people downloading files from them, but, if data is to leave our environment via a file sharing app we want it done on our preferred service with whom we have legal agreements with.

QoS can apply to either egress, ingress, or both on the Palo Alto firewall. Since your trying to throttle uploads you would apply this to the egress and leave your ingress unthroattled (Or capped at a higher speed). With the right setup this will function perfectly fine,you just have to figure out what implementation method will actually work in your enviroment. 

  • 4852 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!