Data copying over Global protect VPN

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Data copying over Global protect VPN

L4 Transporter

Hello,

 

I have one query:-

If, I am connected with GP VPN and. I want to prevent the users can not copy files or data from the shared folder and server.

is it possible?

5 REPLIES 5

Cyber Elite
Cyber Elite

hi @Jafar_Hussain 

 

yes this is possible in multiple ways:

 

you can restrict access via security rules or security profiles:

  • in the security rules you could block access to a server completely (block rule),
  • or only allow certain applications. some applications are even split up in file sharing 'child' applications and other functionality, so you could allow some functionality but block file transfers
  • additionally you can add file blocking profiles that prevent some or all filetypes from being transmitted in one direction or both: you could set up a security rule that allows a file transfer application, but then add a security profile (file blocking profile) that only allows uploads and blocks downloads
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper 

Thanks for the information.

First of all, i can not block completely server access. i need to block only copy files from the server or to the server.

I have tried to block the copy file by the file blocking profile but still i am able to copy file via VPN.

Below is the configuration description that I already tried.

 

File blocking profile:-

 

Jafar_Hussain_0-1613393336891.png

 

 

Security rule:-

 

Source zone - GP zone, inside zone

user - any

Source address Address - Any

Destination Zone - GP zone, Inside zone

Application - ms-rdp

Service - Any

Action - Allow

Profile - File blocking test

 

This scenario i tried but unable to block.

ah yes RDP

Microsoft put in some nifty (and prorietary) encryption that prevents the firewall from blocking files being copied

you can, however, control which actions are allowed by users in the RDP configuration tself on the server, so you can push out Global Policies that prevent files from being copied when users are connected via RDP (and have users use SMB instead, which you can control)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper 

As per my understanding, you are saying we need to block only smb application from the Paloalto?

Mainly, we need to prevent users from copying files from shared folders to their systems when they access through VPN. Also, i want to know, how to do that for access over RDP.

no: you can't block file transfer via RDP in the firewall because microsoft built in an encryption that can't be deciphered by the firewall

 

it IS possible to disable filetransfer through RDP via GPO :

 

https://social.technet.microsoft.com/Forums/en-US/f07b2557-27fd-484f-9a62-635057959214/disable-file-...

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 5213 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!