Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wcbenyip
New Contributor III

ONLY allow DOWNLOAD but no UPLOAD (Storage.Backup)

Hi Everyone, Recently, we upgraded the FG200D to v5.0.9 and would like to plan for blocking the Apps. One of the target is, blocking any upload to the cloud storage but allow the users to download files from them (as lots of outside parties may send the link for downloading the work files). However, it seems that doesn' t work... What I tried - setup an dedicated Application Sensor to: - blocking category: P2P - blocking category: Game - blocking category: Botnet - blocking category: Proxy - monitoring items with keyword " download" in category: Storage.Backup - blocking category: Storage.Backup - monitoring All Other Known Applications - monitoring All Other Unknown Applications With these setting, I take the dropbox as an example, found that I can' t download the dropbox file link... obviously only allow/monitor the " Dropbox_File.Download" is not good enough, so I tried to include the " Dropbox" item, then I can access to the Dropbox download link! However, I can login to dropbox and also upload the files even the items " Dropbox_File.Upload" & " Dropbox_Client.Sync" are NOT allowed. Anyone has any idea to just allow dropbox download but blocking upload? Thanks!
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
5 REPLIES 5
Warren_Olson_FTNT

You may need to enable SSL inspection to be able to see the application since dropbox is entirely https.
wcbenyip

Hi Warren, Thanks for your reply! I noticed this point, but tried with lots annoying " invalid security certificate" warning.... according to the Fortinet doc, it' s a troublesome procedure to passthru this issue! I wonder whether other products have to do the same way or not~ (eg. Some of the products are dedicated to do the IM/social network management like SangFor IAM)
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
lightmoon1992
New Contributor

I believe you can do so with custom IPS signature. you may configure http signature looking into HTTP.UPLOAD or HTTP.PUT (depending on the application you are willing to block its traffic). just sniff the traffic, drill down the exact commands used, customize the signature, and make it within the firewall policy so it start acting on the traffic Mohammad

Mohammad Al-Zard

 

Mohammad Al-Zard
Warren_Olson_FTNT

Here' s an article for getting rid of the SSL warning pages: http://docs-legacy.fortinet.com/cb/recipes/preventing-security-certificate-warnings-when-using-SSL-inspection.pdf
aviteri
New Contributor

Hi, i' m trying the same, when i see the log on the fortianalyzer everytime i use dropbox(web) it only shows the " dropbox" application. it doesn' t show the dropbox.upload application. Does anyone knows why?
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors