Dealing with Drop Box

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dealing with Drop Box

Not applicable


Can some one help as we are new to this.

We want to blook and application call Drop box, Our users use this application to pull data from external networks wich we want to allow but we want to block drop box sharing our data off our network. could some one help me do this?


L4 Transporter


We can identify dropbox as an app, and you have two options to control it:

1. deny all dropbox traffic by policy

2. allow dropbox, and use file blocking profile to deny file upload out of all of our supported file types (over 50 types now, including common office doc, common compressed file format such as zip and rar, and also encrypted compressed file format such as encrypted rar and zip) for dropbox.

Approch 2 should be more suitable to your scenario. Though 100% what you want to do, but should be very close.

Just an update to the discussion thread.

Dropbox is currently using a certificate which is not compatible with the PAN  firewall (the PAN firewall conforms highly to the SSL RFCs).  As a  result, Dropbox SSL traffic cannot be decrypted, and its file operations  cannot be detected.  Dropbox's certificate is  added to the ssl-decrypt exclude-cache list.

The following is a KP article listing sites which we are unable to perform SSL decryption on, and is one of them.


In general, these sites cannot be decrypted because they deviate  from SSL encryption standards in one form or another (i.e. use  proprietary encryption, require a specific type of certificate, etc).

The status of the Dropbox  SSL certificate can be verified by looking at the ssl-decrypt  exclude-cache file on the firewall using the following CLI command - it is shown as an unsupported cert:

admin@PA-200> show system setting ssl-decrypt exclude-cache | match
1            ssl           40874   CERT_UNSUPPORTED    undecided

In summary, currently dropbox can be allowed or denied, but cannot selectively allow downloads while blocking uploads.  This may change in the future if/when dropbox uses a compatible certificate.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!