This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Dropbox (again)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Dropbox (again)

depps
L1 Bithead

‎09-20-2013 04:18 AM

Hello,

We have a requirement to do the following

Block dropbox for some users

Allow dropbox web for some users but block app - use ssl decryption to control uploads

Allow ALL for 2 VIP's - no decryption required

Is this at all possible?

0 Likes Likes
4 REPLIES 4

HULK
L7 Applicator

‎09-20-2013 08:32 AM

Hello Deeps,

Following solutions may  be helpful in this scenario :


How to allow/block Dropbox application

Re: Dealing with Drop Box

Re: Dropbox - allow web app but block client?

Dropbox

Thanks

depps
L1 Bithead
In response to HULK

‎09-23-2013 02:06 AM

Those links dont say how to enable both decryption of dropbox web traffic but also still keep the application working for certain users.

It appears its not possible as dropbox web and app appear as the same application.

Is it possible to create an decryption rule that excludes dropbox decryption for only 2 users thus allowing a few important users access to both the web and desktop app?

0 Likes Likes

jteetsel
L3 Networker

‎09-23-2013 06:00 PM

Hi depps, you cannot decrypt based on application since the PAN would need to decrypt the traffic to see what app it is in the 1st place. You would need to create a security policy to allow drop box for the source users in question, then create another policy that denies the app for the rest. For your non decryption VIPs, you could create a decryption policy that contains to the users in question (in the source) with the action of 'no-decrypt'. Then another policy below that that applies to the rest of the users below this policy, with the action set to 'ssl-forward-proxy'

knutelde
Not applicable
In response to jteetsel

‎02-09-2014 04:19 AM

yes but the actual problem here is that decyption does not work for all parts of for example dropbox, linkedIN and others. so if you want your users to have access to these applications, then decypt is not an option (as far as I know) and thus controlling the application is not that straigth forward as it could have been, if decyption had worked.

0 Likes Likes
  • 3897 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks