Palo Alto Networks Knowledgebase: Google Drive Does Not Match to online-personal-storage" URL Category"

Google Drive Does Not Match to online-personal-storage" URL Category"

6066
Created On 02/07/19 23:46 PM - Last Updated 02/07/19 23:46 PM
Content Release Deployment
Resolution

Issue

Google Drive, drive.google.com, falls into the "online-personal-storage" category. However, when the "online-personal-storage" category is configured with the "block" action (as shown below) and SSL Decryption is enabled, "drive.google.com is still accessible.

drive.google.3.png

drive.google.1.png

 

Cause

Google Drive (drive.google.com) works over the SSL protocol and SSL decryption is required to detect its contents. When SSL decryption is enabled, URL filtering looks at the CN name in the certificate to determine the category. However, "drive.google.com" uses a wildcard certificate *.google.com" and is not detected as "online-personal-storage". Due to this, the Google Drive traffic is allowed.

 

Resolution

To block drive.google.com:

On the WebGUI, go to Policies > Security and create a policy which blocks the application "google-drive-web".

See the example below:

google.drive.2.png

In the above policy:

  1. First rule blocks the google-drive-web application
  2. Second rule allows the rest of the traffic

Note: SSL decryption is necessary in order to identify the correct app-id "google-drive-web".  

 

See Also

 

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClqrCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language