Block online storage applications and websites
You can block online storage applications and websites using the application and web filter policies.
Scenario
This example shows how to block Google Drive for:
- All users
- Specific users and groups
You can use the same method for other online storage applications and websites.
Create an application filter policy
Create an application filter policy that denies access to Google Drive.
- Go to Applications > Application filter.
- Click Add.
-
Configure the following settings:
Setting Value Name Block_GoogleDrive
Template Allow All -
Click Save.
Add rules to the policy
- Go to Applications > Application filter.
- Select the policy you created.
- Click Add.
- Enter
google drive
in the Smart filter, then press Enter. - Select Select all.
-
Configure the following settings:
Setting Value Action Deny Schedule All the Time -
Click Save to add the rule to the policy.
- Click Save to save the policy.
Create a web filter policy
Create a web filter policy to block all personal storage websites.
- Go to Web > Policies.
- Click Add policy.
- Enter the Name as
BlockPersonalStorage
. - Click Add rule.
- Under Activities, click the drop-down list, then clear the All web traffic item.
- Click Add new item.
- Select Web category in the drop-down list.
- Enter
personal
in the search field. -
Select all the listed personal categories.
Warning
Do not select All web traffic.
-
Click Apply 4 selected items.
- Under Actions, select Block HTTP and Block HTTPS from the drop-down lists.
- Under Status, turn on the rule.
- Click Save.
Apply the policy to a firewall rule
To all users
This example applies the application and web filter policies to all users.
- Go to Rules and policies > Firewall rules.
- Click Add firewall rule, then click New firewall rule.
-
Configure the following settings:
Setting Value Rule name Block_GoogleDrive
Action Accept Log firewall traffic Selected Rule position Top Rule group None Source zones LAN Source networks and devices Any During scheduled time All the time Destination zones WAN Destination networks Any Services Any Web policy BlockPersonalStorage
Block QUIC protocol Selected Scan HTTP and decrypted HTTPS Selected Decrypt HTTPS during web proxy filtering Selected Identify and control applications (App control) Block_GoogleDrive
-
Click Create linked NAT rule.
-
Configure the following settings:
Setting Value Rule name Block_GoogleDrive
Rule position Top Translated source (SNAT) MASQ -
Click Save to save the NAT rule.
-
Click Save to save the firewall rule.
Note
To block Google Drive, you often need to block the QUIC protocol and turn on Scan HTTP and decrypted HTTPS and Decrypt HTTPS during web proxy filtering. If you turn these on, you must install the firewall SSL certificate on the user devices.
To specific users and groups
You can apply the policies to specific users and groups. This example applies the application and web filter policies to the group named Marketing
. You can also apply individual applications of the rule in the same way.
- Go to Rules and policies > Firewall rules.
- Click Add firewall rule, then click New firewall rule.
-
Configure the following settings:
Settings Value Rule name Block_GoogleDrive
Action Accept Log firewall traffic Selected Rule position Top Rule group None Source zones LAN Source networks and devices Any During scheduled time All the time Destination zones WAN Destination networks Any Services Any Match known users Selected User or groups Marketing
See Add a user locally and Add a group.
Web policy BlockPersonalStorage
Block QUIC protocol Selected Scan HTTP and decrypted HTTPS Selected Decrypt HTTPS during web proxy filtering Selected Identify and control applications (App control) Block_GoogleDrive
-
Click Create linked NAT rule.
-
Configure the following settings:
Setting Value Rule name Block_GoogleDrive
Rule position Top Translated source (SNAT) MASQ -
Click Save to save the NAT rule.
- Click Save to save the firewall rule.
More resources