Can some one help as we are new to this.
We want to blook and application call Drop box, Our users use this application to pull data from external networks wich we want to allow but we want to block drop box sharing our data off our network. could some one help me do this?
We can identify dropbox as an app, and you have two options to control it:
1. deny all dropbox traffic by policy
2. allow dropbox, and use file blocking profile to deny file upload out of all of our supported file types (over 50 types now, including common office doc, common compressed file format such as zip and rar, and also encrypted compressed file format such as encrypted rar and zip) for dropbox.
Approch 2 should be more suitable to your scenario. Though 100% what you want to do, but should be very close.
Just an update to the discussion thread.
Dropbox is currently using a certificate which is not compatible with the PAN firewall (the PAN firewall conforms highly to the SSL RFCs). As a result, Dropbox SSL traffic cannot be decrypted, and its file operations cannot be detected. Dropbox's certificate is added to the ssl-decrypt exclude-cache list.
The following is a KP article listing sites which we are unable to perform SSL decryption on, and Dropbox.com is one of them.
In general, these sites cannot be decrypted because they deviate from SSL encryption standards in one form or another (i.e. use proprietary encryption, require a specific type of certificate, etc).
The status of the Dropbox SSL certificate can be verified by looking at the ssl-decrypt exclude-cache file on the firewall using the following CLI command - it is shown as an unsupported cert:
admin@PA-200> show system setting ssl-decrypt exclude-cache | match 188.8.131.52
1 184.108.40.206:443 ssl 40874 CERT_UNSUPPORTED undecided
In summary, currently dropbox can be allowed or denied, but cannot selectively allow downloads while blocking uploads. This may change in the future if/when dropbox uses a compatible certificate.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!