Palo Alto Networks Knowledgebase: Google Drive Does Not Match to online-personal-storage" URL Category"
Google Drive Does Not Match to online-personal-storage" URL Category"
Created On 02/07/19 23:46 PM - Last Updated 02/07/19 23:46 PM
Google Drive, drive.google.com, falls into the "online-personal-storage" category. However, when the "online-personal-storage" category is configured with the "block" action (as shown below) and SSL Decryption is enabled, "drive.google.com is still accessible.
Google Drive (drive.google.com) works over the SSL protocol and SSL decryption is required to detect its contents. When SSL decryption is enabled, URL filtering looks at the CN name in the certificate to determine the category. However, "drive.google.com" uses a wildcard certificate *.google.com" and is not detected as "online-personal-storage". Due to this, the Google Drive traffic is allowed.
To block drive.google.com:
On the WebGUI, go to Policies > Security and create a policy which blocks the application "google-drive-web".
See the example below:
In the above policy:
First rule blocks the google-drive-web application
Second rule allows the rest of the traffic
Note: SSL decryption is necessary in order to identify the correct app-id "google-drive-web".