09-20-2013 04:18 AM
We have a requirement to do the following
Block dropbox for some users
Allow dropbox web for some users but block app - use ssl decryption to control uploads
Allow ALL for 2 VIP's - no decryption required
Is this at all possible?
09-20-2013 08:32 AM
Following solutions may be helpful in this scenario :
How to allow/block Dropbox application
Re: Dropbox - allow web app but block client?
09-23-2013 02:06 AM
Those links dont say how to enable both decryption of dropbox web traffic but also still keep the application working for certain users.
It appears its not possible as dropbox web and app appear as the same application.
Is it possible to create an decryption rule that excludes dropbox decryption for only 2 users thus allowing a few important users access to both the web and desktop app?
09-23-2013 06:00 PM
Hi depps, you cannot decrypt based on application since the PAN would need to decrypt the traffic to see what app it is in the 1st place. You would need to create a security policy to allow drop box for the source users in question, then create another policy that denies the app for the rest. For your non decryption VIPs, you could create a decryption policy that contains to the users in question (in the source) with the action of 'no-decrypt'. Then another policy below that that applies to the rest of the users below this policy, with the action set to 'ssl-forward-proxy'
02-09-2014 04:19 AM
yes but the actual problem here is that decyption does not work for all parts of for example dropbox, linkedIN and others. so if you want your users to have access to these applications, then decypt is not an option (as far as I know) and thus controlling the application is not that straigth forward as it could have been, if decyption had worked.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!