Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jvillar
Participant

Allow file download and block file upload with wetransfer

I want to allow a few people download files from wetransfer  but not the upload of files. 
If I create a rule in the application layer and in services and applications I put wetransfer,
it allow to upload and download files. If instead of wetransfer I put wetransfer-download,
does not match the rule and goes to the next rule that block access to wetransfer.
If I put wetransfer and in content I put file download, it does not load the wetransfer page either.
Does anyone have any idea how to do it?
 
 
 

 

0 Kudos
15 Replies
genisis__
Advisor

My initial thoughts are the use of content awareness, and Identity Awareness blades to define which accounts can utilise the rule and how specific content is then handled.

0 Kudos
jvillar
Participant

I dont understand what you mean. I have created a group with a domain user to allow him access. 
If I put wetransfer in Services&Aplication it works perfectly, but in both directions and
I want is to only allow downloads. I have also done the test registering the equipment and
the operation is the same. As soon as I put some limitation like only allowing downloads
it doesn't work anymore because it doesn't match the rule.
Can you explain it a little more. Thank you very much
 
0 Kudos
Chris_Atkinson
Employee
Employee

What is the order of the rules that you have created and is HTTPS inspection used?

0 Kudos
genisis__
Advisor

Just looked at the pics, and I see what you mean, whats defined in wetransfer-download and what protocol is being used?

0 Kudos
jvillar
Participant

I tried with https enabled and disabled and the result is the same. I go step by step so I do not 
limit the protocol or the content. First I have to get load the wetransfer page by
allowing only the download. I attached some images of how to configure with https inspection disable
and the result obtained. The rules are the first to avoid possible hidden problems.

 

0 Kudos
Vladimir
Champion
Champion

Create two rules.

Top rule: Wetransfer AND Wetransfer-download Accept

Bottom rule: Wetransfer-Upload Block

With HTTPS enabled and nothing in the Content field.

Let me know if this works.

Cheers,

Vladimir

0 Kudos
the_rock
Champion
Champion

I would involve TAC into this. I had similar case with customer while back and they had to escalate it, went to R&D and they somehow fixed it, but I dont remember how, sorry.

0 Kudos
Pako
Participant

Hello.

did you get this to work? 

I am using R80.40, I am trying to allow the user the access to the web category "File Storage and Sharing" but block the category "file upload" to most of the users. With the testing rules  have made it work for some applications, but not for all:

One drive, Google drive and terabox -> I was able to access the site and download and upload files to the application
Mega.com, megafire and wetransfer -> I was able to access the site and I was not able to upload any files. I got an error on the application about network issues, but not the custom blocked message we have configured on Checkpoint

 

0 Kudos
jvillar
Participant

I still didn't get it to work. When I have some time I will try again. Thank you for your input. I will communicate my progress

0 Kudos
jvillar
Participant

I have a bigger problem. If I put Image 1.PNGthe rule in image 1, the firewall does not match it and cuts access  to wetransfer with a later rule.



To load the page I need to put the rule of image 2, and then the user can upload and download files

Image 2.PNG


 

0 Kudos
Pako
Participant

Capture.PNG

 These are the rules that I am using on my tests. 

0 Kudos
jvillar
Participant

The first rule prevents me from loading the google drive page and the second allows me to access, for example, wetransfer

0 Kudos
jvillar
Participant

After several tests I have achieved that users can only download files from wetransfer, googledrive and onedrive. I have R81.10 and https inspection activated

0 Kudos
jvillar
Participant

Reglas que funcionan.PNG

 

 

 

 

 

 

It has worked for me with the following rules
Pako
Participant

Thanks, now we are using the version 80.40. I will test these rules with the new release

 

0 Kudos