FTD SSL Inspection - Block UPLOADS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2019 03:37 PM - edited 02-21-2020 09:37 AM
Hi,
I want to block uploads to all public drive like dropbox, onedrive, gdrive etc.
I want to block attachment/uploads to gmail, facebook, youtube and linkedin
I have already setup SSL and ACL policies on FMC and been pushed to FTDs,
My SSL policy have cert Resign and any source and destination
ACL policy have application gmail attachment, onedrive upload, linkedin uploads, youtube upload and action Block and reset
Even after above changes I can still able to attach files in gmail and dropbox
Any idea if I am missing anything.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2019 04:17 AM
I know Dropbox does certificate pinning.
https://blog.dropbox.com/topics/company/weve-got-your-back
https://www.dropbox.com/business/trust/security/architecture
I suspect Gmail does to but cannot find a definitive reference saying so.
Certificate pinning prevents intermediate devices such as FTD from acting as a man in the middle and decrypting the traffic - even if the client trusts the certificate.
