This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jvillar
Participant
‎2022-06-03 12:44 PM

Allow file download and block file upload with wetransfer 

I want to allow a few people download files from wetransfer  but not the upload of files. 
If I create a rule in the application layer and in services and applications I put wetransfer, 
it allow to upload and download files. If instead of wetransfer I put wetransfer-download, 
does not match the rule and goes to the next rule  that block access to wetransfer.
If I put wetransfer and in content I put file download, it does not load the wetransfer page either.
Does anyone have any idea how to do it?
 
 
 

 

Preview file
6 KB
Preview file
5 KB
Preview file
5 KB
0 Kudos
15 Replies
genisis__
Leader Leader
Leader
‎2022-06-05 02:48 AM

My initial thoughts are the use of content awareness, and Identity Awareness blades to define which accounts can utilise the rule and how specific content is then handled.

0 Kudos
jvillar
Participant
‎2022-06-05 03:28 AM
In response to genisis__ 

I dont understand what you mean. I have created a group with a domain user to allow him access. 
If I put wetransfer in Services&Aplication it works perfectly, but in both directions and 
I want is to only allow downloads. I have also done the test registering the equipment and 
the operation is the same. As soon as I put some limitation like only allowing downloads 
it doesn't work anymore because it doesn't match the rule.
Can you explain it a little more. Thank you very much
 
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-06-05 03:54 AM
In response to jvillar

What is the order of the rules that you have created and is HTTPS inspection used?

CCSM R77/R80/ELITE
0 Kudos
genisis__
Leader Leader
Leader
‎2022-06-05 03:57 AM
In response to jvillar

Just looked at the pics, and I see what you mean, whats defined in wetransfer-download and what protocol is being used?

0 Kudos
jvillar
Participant
‎2022-06-05 04:46 AM
In response to genisis__ 

I tried with https enabled and disabled and the result is the same. I go step by step so I do not 
limit the protocol or the content. First I have to get load the wetransfer page by 
allowing only the download. I attached some images of how to configure with https inspection disable
 and the result obtained. The rules are the first to avoid possible hidden problems.

 

Preview file
25 KB
Preview file
16 KB
Preview file
9 KB
Preview file
12 KB
Preview file
308 KB
0 Kudos
Vladimir
Champion
Champion
‎2022-07-06 03:17 AM
In response to jvillar

Create two rules.

Top rule: Wetransfer AND Wetransfer-download Accept

Bottom rule: Wetransfer-Upload Block

With HTTPS enabled and nothing in the Content field.

Let me know if this works.

Cheers,

Vladimir

0 Kudos
the_rock
Legend
Legend
‎2022-06-05 05:22 AM

I would involve TAC into this. I had similar case with customer while back and they had to escalate it, went to R&D and they somehow fixed it, but I dont remember how, sorry.

0 Kudos
Pako
Participant
‎2022-07-05 05:21 AM
In response to the_rock

Hello.

did you get this to work? 

I am using R80.40, I am trying to allow the user the access to the web category "File Storage and Sharing" but block the category "file upload" to most of the users. With the testing rules  have made it work for some applications, but not for all:

One drive, Google drive and terabox -> I was able to access the site and download and upload files to the application
Mega.com, megafire and wetransfer -> I was able to access the site and I was not able to upload any files. I got an error on the application about network issues, but not the custom blocked message we have configured on Checkpoint

 

0 Kudos
jvillar
Participant
‎2022-07-05 12:37 PM
In response to Pako

I still didn't get it to work. When I have some time I will try again. Thank you for your input. I will communicate my progress

0 Kudos
jvillar
Participant
‎2022-07-06 01:48 AM
In response to jvillar 

I have a bigger problem. If I put Image 1.PNGthe rule in image 1, the firewall does not match it and cuts access  to wetransfer with a later rule.



To load the page I need to put the rule of image 2, and then the user can upload and download files

Image 2.PNG


 

0 Kudos
Pako
Participant
‎2022-07-06 03:17 AM
In response to jvillar

Capture.PNG

 These are the rules that I am using on my tests. 

0 Kudos
jvillar
Participant
‎2022-07-06 09:51 AM
In response to Pako

The first rule prevents me from loading the google drive page and the second allows me to access, for example, wetransfer

0 Kudos
jvillar
Participant
‎2022-07-08 02:45 AM
In response to jvillar

After several tests I have achieved that users can only download files from wetransfer, googledrive and onedrive. I have R81.10 and https inspection activated

0 Kudos
jvillar
Participant
‎2022-07-08 03:56 AM
In response to jvillar

Reglas que funcionan.PNG

 

 

 

 

 

 

It has worked for me with the following rules
Pako
Participant
‎2022-07-08 04:42 AM
In response to jvillar

Thanks, now we are using the version 80.40. I will test these rules with the new release

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events