Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wcbenyip
New Contributor III

Created on ‎08-21-2014 06:16 PM

ONLY allow DOWNLOAD but no UPLOAD (Storage.Backup)

Hi Everyone, Recently, we upgraded the FG200D to v5.0.9 and would like to plan for blocking the Apps. One of the target is, blocking any upload to the cloud storage but allow the users to download files from them (as lots of outside parties may send the link for downloading the work files). However, it seems that doesn' t work... What I tried - setup an dedicated Application Sensor to: - blocking category: P2P - blocking category: Game - blocking category: Botnet - blocking category: Proxy - monitoring items with keyword " download" in category: Storage.Backup - blocking category: Storage.Backup - monitoring All Other Known Applications - monitoring All Other Unknown Applications With these setting, I take the dropbox as an example, found that I can' t download the dropbox file link... obviously only allow/monitor the " Dropbox_File.Download" is not good enough, so I tried to include the " Dropbox" item, then I can access to the Dropbox download link! However, I can login to dropbox and also upload the files even the items " Dropbox_File.Upload" & " Dropbox_Client.Sync" are NOT allowed. Anyone has any idea to just allow dropbox download but blocking upload? Thanks!
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
13820
0 Kudos
5 REPLIES 5
Warren_Olson_FTNT
Staff
Staff

Created on ‎08-22-2014 06:21 AM

You may need to enable SSL inspection to be able to see the application since dropbox is entirely https.
2896
0 Kudos
wcbenyip
New Contributor III
In response to Warren_Olson_FTNT

Created on ‎08-24-2014 06:45 PM

Hi Warren, Thanks for your reply! I noticed this point, but tried with lots annoying " invalid security certificate" warning.... according to the Fortinet doc, it' s a troublesome procedure to passthru this issue! I wonder whether other products have to do the same way or not~ (eg. Some of the products are dedicated to do the IM/social network management like SangFor IAM)
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
2896
0 Kudos
lightmoon1992
New Contributor

Created on ‎08-26-2014 04:25 AM

I believe you can do so with custom IPS signature. you may configure http signature looking into HTTP.UPLOAD or HTTP.PUT (depending on the application you are willing to block its traffic). just sniff the traffic, drill down the exact commands used, customize the signature, and make it within the firewall policy so it start acting on the traffic Mohammad

Mohammad Al-Zard

 

Mohammad Al-Zard
2896
0 Kudos
Warren_Olson_FTNT
Staff
Staff

Created on ‎08-26-2014 08:10 AM

Here' s an article for getting rid of the SSL warning pages: http://docs-legacy.fortinet.com/cb/recipes/preventing-security-certificate-warnings-when-using-SSL-inspection.pdf
2896
0 Kudos
aviteri
New Contributor

Created on ‎09-08-2014 12:30 PM

Hi, i' m trying the same, when i see the log on the fortianalyzer everytime i use dropbox(web) it only shows the " dropbox" application. it doesn' t show the dropbox.upload application. Does anyone knows why?
2896
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.