Dropbox (again)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dropbox (again)

L1 Bithead

Hello,

We have a requirement to do the following

Block dropbox for some users

Allow dropbox web for some users but block app - use ssl decryption to control uploads

Allow ALL for 2 VIP's - no decryption required

Is this at all possible?

4 REPLIES 4

L7 Applicator

Those links dont say how to enable both decryption of dropbox web traffic but also still keep the application working for certain users.

It appears its not possible as dropbox web and app appear as the same application.

Is it possible to create an decryption rule that excludes dropbox decryption for only 2 users thus allowing a few important users access to both the web and desktop app?

L3 Networker

Hi depps, you cannot decrypt based on application since the PAN would need to decrypt the traffic to see what app it is in the 1st place. You would need to create a security policy to allow drop box for the source users in question, then create another policy that denies the app for the rest. For your non decryption VIPs, you could create a decryption policy that contains to the users in question (in the source) with the action of 'no-decrypt'. Then another policy below that that applies to the rest of the users below this policy, with the action set to 'ssl-forward-proxy'

yes but the actual problem here is that decyption does not work for all parts of for example dropbox, linkedIN and others. so if you want your users to have access to these applications, then decypt is not an option (as far as I know) and thus controlling the application is not that straigth forward as it could have been, if decyption had worked.

  • 3938 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!