Skip to main content
wcbenyip
wcbenyip
New Member
August 22, 2014
Question

ONLY allow DOWNLOAD but no UPLOAD (Storage.Backup)

  • August 22, 2014
  • 4 replies
  • 16936 views
Hi Everyone, Recently, we upgraded the FG200D to v5.0.9 and would like to plan for blocking the Apps. One of the target is, blocking any upload to the cloud storage but allow the users to download files from them (as lots of outside parties may send the link for downloading the work files). However, it seems that doesn' t work... What I tried - setup an dedicated Application Sensor to: - blocking category: P2P - blocking category: Game - blocking category: Botnet - blocking category: Proxy - monitoring items with keyword " download" in category: Storage.Backup - blocking category: Storage.Backup - monitoring All Other Known Applications - monitoring All Other Unknown Applications With these setting, I take the dropbox as an example, found that I can' t download the dropbox file link... obviously only allow/monitor the " Dropbox_File.Download" is not good enough, so I tried to include the " Dropbox" item, then I can access to the Dropbox download link! However, I can login to dropbox and also upload the files even the items " Dropbox_File.Upload" & " Dropbox_Client.Sync" are NOT allowed. Anyone has any idea to just allow dropbox download but blocking upload? Thanks!

    4 replies

    Warren_Olson_FTNT
    Staff
    Warren_Olson_FTNT
    Staff
    August 22, 2014
    You may need to enable SSL inspection to be able to see the application since dropbox is entirely https.
    wcbenyip
    wcbenyipAuthor
    New Member
    August 25, 2014
    Hi Warren, Thanks for your reply! I noticed this point, but tried with lots annoying " invalid security certificate" warning.... according to the Fortinet doc, it' s a troublesome procedure to passthru this issue! I wonder whether other products have to do the same way or not~ (eg. Some of the products are dedicated to do the IM/social network management like SangFor IAM)
    lightmoon1992
    lightmoon1992
    New Member
    August 26, 2014
    I believe you can do so with custom IPS signature. you may configure http signature looking into HTTP.UPLOAD or HTTP.PUT (depending on the application you are willing to block its traffic). just sniff the traffic, drill down the exact commands used, customize the signature, and make it within the firewall policy so it start acting on the traffic Mohammad
    Warren_Olson_FTNT
    Staff
    Warren_Olson_FTNT
    Staff
    August 26, 2014
    Here' s an article for getting rid of the SSL warning pages: http://docs-legacy.fortinet.com/cb/recipes/preventing-security-certificate-warnings-when-using-SSL-inspection.pdf
    aviteri
    aviteri
    Visitor III
    September 8, 2014
    Hi, i' m trying the same, when i see the log on the fortianalyzer everytime i use dropbox(web) it only shows the " dropbox" application. it doesn' t show the dropbox.upload application. Does anyone knows why?
    Terms & ConditionsAccessibility statement