Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Block online storage applications and websites

You can block online storage applications and websites using the application and web filter policies.

Scenario

This example shows how to block Google Drive for:

  • All users
  • Specific users and groups

You can use the same method for other online storage applications and websites.

Create an application filter policy

Create an application filter policy that denies access to Google Drive.

  1. Go to Applications > Application filter.
  2. Click Add.
  3. Configure the following settings:

    Setting Value
    Name Block_GoogleDrive
    Template Allow All
  4. Click Save.

Add rules to the policy

  1. Go to Applications > Application filter.
  2. Select the policy you created.
  3. Click Add.
  4. Enter google drive in the Smart filter, then press Enter.
  5. Select Select all.
  6. Configure the following settings:

    Setting Value
    Action Deny
    Schedule All the Time
  7. Click Save to add the rule to the policy.

  8. Click Save to save the policy.

Create a web filter policy

Create a web filter policy to block all personal storage websites.

  1. Go to Web > Policies.
  2. Click Add policy.
  3. Enter the Name as BlockPersonalStorage.
  4. Click Add rule.
  5. Under Activities, click the drop-down list, then clear the All web traffic item.
  6. Click Add new item.
  7. Select Web category in the drop-down list.
  8. Enter personal in the search field.
  9. Select all the listed personal categories.

    Warning

    Do not select All web traffic.

  10. Click Apply 4 selected items.

  11. Under Actions, select Block HTTP and Block HTTPS from the drop-down lists.
  12. Under Status, turn on the rule.
  13. Click Save.

Apply the policy to a firewall rule

To all users

This example applies the application and web filter policies to all users.

  1. Go to Rules and policies > Firewall rules.
  2. Click Add firewall rule, then click New firewall rule.
  3. Configure the following settings:

    Setting Value
    Rule name Block_GoogleDrive
    Action Accept
    Log firewall traffic Selected
    Rule position Top
    Rule group None
    Source zones LAN
    Source networks and devices Any
    During scheduled time All the time
    Destination zones WAN
    Destination networks Any
    Services Any
    Web policy BlockPersonalStorage
    Block QUIC protocol Selected
    Scan HTTP and decrypted HTTPS Selected
    Decrypt HTTPS during web proxy filtering Selected
    Identify and control applications (App control) Block_GoogleDrive
  4. Click Create linked NAT rule.

  5. Configure the following settings:

    Setting Value
    Rule name Block_GoogleDrive
    Rule position Top
    Translated source (SNAT) MASQ
  6. Click Save to save the NAT rule.

  7. Click Save to save the firewall rule.

    Note

    To block Google Drive, you often need to block the QUIC protocol and turn on Scan HTTP and decrypted HTTPS and Decrypt HTTPS during web proxy filtering. If you turn these on, you must install the firewall SSL certificate on the user devices.

To specific users and groups

You can apply the policies to specific users and groups. This example applies the application and web filter policies to the group named Marketing. You can also apply individual applications of the rule in the same way.

  1. Go to Rules and policies > Firewall rules.
  2. Click Add firewall rule, then click New firewall rule.
  3. Configure the following settings:

    Settings Value
    Rule name Block_GoogleDrive
    Action Accept
    Log firewall traffic Selected
    Rule position Top
    Rule group None
    Source zones LAN
    Source networks and devices Any
    During scheduled time All the time
    Destination zones WAN
    Destination networks Any
    Services Any
    Match known users Selected
    User or groups

    Marketing

    See Add a user locally and Add a group.

    Web policy BlockPersonalStorage
    Block QUIC protocol Selected
    Scan HTTP and decrypted HTTPS Selected
    Decrypt HTTPS during web proxy filtering Selected
    Identify and control applications (App control) Block_GoogleDrive
  4. Click Create linked NAT rule.

  5. Configure the following settings:

    Setting Value
    Rule name Block_GoogleDrive
    Rule position Top
    Translated source (SNAT) MASQ
  6. Click Save to save the NAT rule.

  7. Click Save to save the firewall rule.

More resources