Cloud Web Security


To perform this demo, you either need the Dropbox service enabled on your TestDrive account or your own Dropbox account. 

Custom Security Policy

A custom security policy, Block Dropbox Operations, is configured in the SASE Cloud Web Security environment.  

Launch Dropbox

Using the managed, tunneled browser app (Chrome on Windows), launch Dropbox.com.

Attempt to CREATE a document. Create > Document > Word Document

Blocked Action

The CREATE action is blocked by the Dropbox-specific Cloud Web Security policy.

Cloud Web Security

To view the logged "block" action, view TestDrive's instance of VMware SD-WAN Orchestrator where you have read only access. 

Either click here to SSO with your TestDrive account into VMware SD-WAN Orchestrator or use the VMware SD-WAN Orchestrator web app in the Workspace ONE user portal. 


Click here for important user account information.

Initially in VMware SD-WAN Orchestrator you'll have the SD-WAN view, switch to Cloud Web Security.

Web Logs

In Cloud Web Security, select Web Logs.

  • Change the view to past 60 minutes.
  • Filter the list to "action is block".  

You should see the blocked action in Dropbox.  

CWS Integration with WS1 Access

Cloud Web Security Integration with Workspace ONE Access

Instead of unknown or anonymous users listing in Web Logs, Cloud Web Security can be integrated with Workspace ONE Access and other third party IdPs for authentication and username resolution, as seen below. In TestDrive this integration is disabled for security reasons.

Inspect Network Traffic

Next, we'll inspect the network traffic on the WAN.

Previous Article VPN with WS1 Tunnel
Next Article VMware SD-WAN Orchestrator