To perform this demo, you either need the Dropbox service enabled on your TestDrive account or your own Dropbox account.
Custom Security Policy
A custom security policy, Block Dropbox Operations, is configured in the SASE Cloud Web Security environment.
Using the managed, tunneled browser app (Chrome on Windows), launch Dropbox.com.
Attempt to CREATE a document. Create > Document > Word Document
Cloud Web Security
To view the logged "block" action, view TestDrive's instance of VMware SD-WAN Orchestrator where you have read only access.
Either click here to SSO with your TestDrive account into VMware SD-WAN Orchestrator or use the VMware SD-WAN Orchestrator web app in the Workspace ONE user portal.
ATTENTION VMWARE EMPLOYEES
Click here for important user account information.
Initially in VMware SD-WAN Orchestrator you'll have the SD-WAN view, switch to Cloud Web Security.
In Cloud Web Security, select Web Logs.
- Change the view to past 60 minutes.
- Filter the list to "action is block".
You should see the blocked action in Dropbox.
CWS Integration with WS1 Access
Cloud Web Security Integration with Workspace ONE Access
Instead of unknown or anonymous users listing in Web Logs, Cloud Web Security can be integrated with Workspace ONE Access and other third party IdPs for authentication and username resolution, as seen below. In TestDrive this integration is disabled for security reasons.
Inspect Network Traffic
Next, we'll inspect the network traffic on the WAN.