cancel
Showing results for 
Search instead for 
Did you mean: 
wajeeh_r
Level 9

Allowing Drop box client software through web gateway 7.3.2.2.0

Dear Experts,

We don't have restriction on drop box and using browser it is working, but when download the utility of drop box and trying to connect to internet it is failing, any quick suggestions to get this thing working ? Where in gateway exactly I need to put information for allowing drop box ?

Kind Regards,

Wajeeh

0 Kudos
10 Replies
asabban
Level 17

Re: Allowing Drop box client software through web gateway 7.3.2.2.0

I don't know but first I would check if the connection is intercepted by SSL Scanner.

Best,

Andre

0 Kudos
Troja
Level 14

Re: Allowing Drop box client software through web gateway 7.3.2.2.0

Hi wajeeh_r,

i tested this some time ago in my environment for a POC at a customer.
The dropbox client is not connecting to www when SSL is terminated on proxy.

Cheers,
Thorsten

0 Kudos
wajeeh_r
Level 9

Re: Allowing Drop box client software through web gateway 7.3.2.2.0

Hello,

So you found a way to allow it to connect to www? If you worked on it please share.

Thanks,

0 Kudos
pbrickey
Level 11

Re: Allowing Drop box client software through web gateway 7.3.2.2.0

What he's trying to say is that the drop box app is hard coded to expect it's own server certificates. MWG generates server certificates using the configured Root CA when using the SSL Scanner. Therefore, if using the SSL Scanner, the drop box application will refused to connect for security purposes. You must exempt the application from the SSL Scanner.

-Patrick

0 Kudos
dan.letkeman
Level 7

Re: Allowing Drop box client software through web gateway 7.3.2.2.0

Any idea how this is done?

0 Kudos
Troja
Level 14

Re: Allowing Drop box client software through web gateway 7.3.2.2.0

You just have to add proxy settings to the dropbox client. Afterwards the client uses HTTP(S) and is able to connect.

Regards,

Thorsten

0 Kudos
dan.letkeman
Level 7

Re: Allowing Drop box client software through web gateway 7.3.2.2.0

That sounds good, but how do we do that on 600 computers?  There must be a way to bypass the SSL scanning & authentication requests.

0 Kudos
Troja
Level 14

Re: Allowing Drop box client software through web gateway 7.3.2.2.0

Option 1: you configure any dropbox client on endpoint.

Option2: Do a rule tracing or network trace if the dropbox client uses any HTTP Header (like User-Agent) to exclude dropbox client from SSL scan.

0 Kudos
dan.letkeman
Level 7

Re: Allowing Drop box client software through web gateway 7.3.2.2.0

No user agent information in the rule traces, just IP addresses. 

0 Kudos