Blocking Cloud Drives Except For OneDrive Failed Using Application Filter

Hi Craig,

using logviewer filter on your PCs IP address and see which rules are used when accessing iCloud.

Ian

I can't SSH to my firewall as I don't have the rights. Is there any other way that I can check the logs?

Hi,

you are an admin. You do not need to ssh in but use the GUI.

Ian

I had a look at the logs and noticed that the NAT rule allowed the ICloud to be accessed. How do I change the NAT rule to block Cloud drives without impacting other applications?

Hi,

the NAT rule is not the issue, but a firewall rule you have is allowing the icloud access, which firewall rules was being used?

ian

The firewall rules that were being used were the default rules. There weren't any rules that were customised.

yours sincerely

Craig Hoy

Hi Craig,

there are no default allow rules, only block rules.

If you are using the rules created at install time then they are very generic and provide open access, but they are not default.

Ian

What I define as being default are the out of the box rules or what you call the generic rules. Is the allowance of iCloud and other Cloud Based Storage such as DropBox normal for Sophos XG firewalls?

If you are using the rules that are configured when you install the software and answer yes to the questions, then the rules will allow everything out.

the basic rules are to allow you to have basic functions on your network while you build and tighten your firewall security.

you cannot filter applications unless you are using the http proxy with decrypt and scan and allow all if you have applied your modified policy as shown above to the default policy.

ian

Then how do I block cloud storage? This is what I originally asked. I wanted to block all cloud storage except for OneDrive which we use for our corporate storage.

Please post a copy of your firewall rules.

do you use decrypt and scan, have you installed cas on the devices?

Thingsyou will need to change

1/. change any service to s specific range of services in all rules

2/. build you own application policies  to be applied to firewall rules

3/. you will need to use web, application and IPS.

4/.there is a KBA on how to block VPNs, that would be a good place to start.

ian

Please post a copy of your firewall rules.

do you use decrypt and scan, have you installed cas on the devices?

Thingsyou will need to change

1/. change any service to s specific range of services in all rules

2/. build you own application policies  to be applied to firewall rules

3/. you will need to use web, application and IPS.

4/.there is a KBA on how to block VPNs, that would be a good place to start.

ian

Hi

Please find attached the firewall rules.FirewallRules.docx

FirewallRules.pdf

Hi,

You will not be able to block anything with that rule.

The following are a series of screenshots I use to control access. I do have another rule for misc items for this user group.

The screenshots are from the firewall rule, application policy and web policy .

Ian

The following Sophos support page fixed my issue. I needed to create a web policy and additional rule:

https://support.sophos.com/support/s/article/KB-000035682?language=en_US