Topic Thread

Next Generation Firewall (NGFW)

 View Only
Expand all | Collapse all

How to configure to block github upload?

  • 1.  How to configure to block github upload?

    Posted 03-05-2019 23:20
    cert
    app control
    policytest

    My configuration is as shown above, but there are problems with the upload and download of github. What should I do?

    ------------------------------
    weiping [LastName] [Designation]
    network engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------


  • 2.  RE: How to configure to block github upload?

    Posted 03-05-2019 23:28
    Hello,

    Just one question : do you have UTM license on your firewall ? If yes, you just have to create a profile and add an "application override" by selecting "github" and apply action you want (block, monitor, pass).

    Github signature

    Hope it will help

    Yohann

    ------------------------------
    Yohann [LastName] [Designation]
    Ing?nieur syst?me / r?seaux
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 3.  RE: How to configure to block github upload?

    Posted 03-06-2019 19:13
    @Yohann
    My fortigate is a test device and I am not sure if there is a UTM license.

    3

    ------------------------------
    weiping [LastName] [Designation]
    network engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 4.  RE: How to configure to block github upload?

    Posted 03-05-2019 23:29
    Hi,
    All screenshots are in your local language so I can't understand actually what is this. But getting idea based on the option you had choosing in the configuration.

    I checked your screenshot as I can and got that you had blocked "github_file_upload" signature in the application control policy. Make it allow and check again.

    ------------------------------
    Deepak Kumar
    First Option General Trading LLC
    Dubai
    ------------------------------



  • 5.  RE: How to configure to block github upload?

    Posted 03-06-2019 18:57
    Edited by weiping yang 03-06-2019 18:58
    @Deepak
    I have allowed all apps to pass, but as soon as the app control switch is turned on, github uploads and downloads will report an error.
    1
    2

    ------------------------------
    weiping [LastName] [Designation]
    network engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 6.  RE: How to configure to block github upload?

    Posted 03-07-2019 01:12
    Hello Weiping,

    I'm not sure about what you want to do ! Because first of all, you requested to know how it's possible to block Github. And now, it seems to be blocked and you report that it's abnormal to have errors.

    So, what do you want exactly ? What application must be blocked and other unblocked ? Did you do a "debug flow" to see where is the problem ?

    Moreover, keep in mind what was said before : all your screens are in local language... Not easy for us to traduce.

    Best regards,
    Yohann

    ------------------------------
    Yohann [LastName] [Designation]
    Ing?nieur syst?me / r?seaux
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 7.  RE: How to configure to block github upload?

    Posted 03-07-2019 02:12
    hi Yohann

    I just hope that I can block the file upload of github. 
    But the effect of the test is that the github download file is also affected.
    I want to know how the configuration is correct.

    ------------------------------
    weiping [LastName] [Designation]
    network engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 8.  RE: How to configure to block github upload?

    Posted 03-07-2019 04:34
    Hello again,

    According to my screenshot, i think you have to create an application control profile.

    On it, you have to create an override :


    Then looking for Github and choose one you want to allow or block :

    Github
    Then, you have create this profile, apply it to a policy like from lan to Wan, ...

    Keep us informed.

    ------------------------------
    Yohann [LastName] [Designation]
    Ing?nieur syst?me / r?seaux
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 9.  RE: How to configure to block github upload?

    Posted 03-13-2019 00:46
    Thank you for your reply, I am not quite sure where to do it wrong, application control can only be recognized as github, and is not recognized as Github_File.Upload. So blocking is invalid
    123
    4

    ------------------------------
    weiping [LastName] [Designation]
    network engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 10.  RE: How to configure to block github upload?

    Posted 03-13-2019 01:09
    Edited by Deepak Kumar 03-13-2019 01:13
    Hi,
    Best Idea to this issue is trace packets "diag sniffer packet internal 'src host x.x.x.x and port "xxx"' 1

    For a testing purpose, allow the upload file also check a result.

    ------------------------------
    Deepak Kumar
    First Option General Trading LLC
    Dubai
    ------------------------------



  • 11.  RE: How to configure to block github upload?

    Posted 03-13-2019 02:04
    hi 
    The following is the information about the capture of the uploaded file. 

    FortiGate-VM # diagnose sniffer packet any "src host 172.16.3.198"
    interfaces=[any]
    filters=[src host 172.16.3.198]
    36.885002 arp who-has 172.16.3.190 tell 172.16.3.198
    36.885285 172.16.3.198.51015 -> 114.114.114.114.53: udp 28
    36.935006 172.16.3.198.49976 -> 52.74.223.119.443: syn 1137147361
    36.988434 172.16.3.198.49976 -> 52.74.223.119.443: ack 195050056
    36.998683 172.16.3.198.49976 -> 52.74.223.119.443: psh 1137147362 ack 195050056
    37.057631 172.16.3.198.49976 -> 52.74.223.119.443: ack 195052928
    37.058400 172.16.3.198.49976 -> 52.74.223.119.443: psh 1137147879 ack 195053692
    37.058550 172.16.3.198.49976 -> 52.74.223.119.443: psh 1137147943 ack 195053692
    37.111491 172.16.3.198.49976 -> 52.74.223.119.443: ack 195053850
    38.050816 172.16.3.198.49976 -> 52.74.223.119.443: ack 195054122
    38.105283 172.16.3.198.49592 -> 114.114.114.114.53: udp 32
    38.145384 172.16.3.198.49977 -> 13.250.168.23.443: syn 1628066268
    38.198429 172.16.3.198.49977 -> 13.250.168.23.443: ack 2010155428
    38.199808 172.16.3.198.49977 -> 13.250.168.23.443: psh 1628066269 ack 2010155428
    38.260343 172.16.3.198.49977 -> 13.250.168.23.443: ack 2010158728
    38.267245 172.16.3.198.49977 -> 13.250.168.23.443: psh 1628066425 ack 2010158728
    38.326931 172.16.3.198.49977 -> 13.250.168.23.443: psh 1628066591 ack 2010158819
    38.735392 172.16.3.198.49977 -> 13.250.168.23.443: fin 1628067028 ack 2010159928
    38.748773 172.16.3.198.49976 -> 52.74.223.119.443: psh 1137148150 ack 195054122
    38.785421 172.16.3.198.49977 -> 13.250.168.23.443: rst 1628067029 ack 2010159997
    38.785448 172.16.3.198.49977 -> 13.250.168.23.443: rst 1628067029
    39.602323 172.16.3.198.49976 -> 52.74.223.119.443: ack 195054720
    39.797922 172.16.3.198.49976 -> 52.74.223.119.443: ack 195054756
    39.862511 172.16.3.198.49976 -> 52.74.223.119.443: psh 1137148416 ack 195054756
    40.816282 172.16.3.198.49976 -> 52.74.223.119.443: ack 195055351
    41.942120 arp reply 172.16.3.198 is-at 0:50:56:b0:3b:c6
    42.621496 172.16.3.198.49976 -> 52.74.223.119.443: ack 195055434
    42.944385 172.16.3.198.49976 -> 52.74.223.119.443: ack 195055506
    42.948098 172.16.3.198.49976 -> 52.74.223.119.443: psh 1137149204 ack 195055506
    42.949247 172.16.3.198.49976 -> 52.74.223.119.443: fin 1137149228 ack 195055506
    43.000667 172.16.3.198.49976 -> 52.74.223.119.443: rst 1137149229 ack 195055530
    43.000697 172.16.3.198.49976 -> 52.74.223.119.443: rst 1137149228
    43.000921 172.16.3.198.49976 -> 52.74.223.119.443: rst 1137149229

    ------------------------------
    weiping [LastName] [Designation]
    network engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 12.  RE: How to configure to block github upload?

    Posted 03-13-2019 02:28
    Hi,
    I can see that the Client is sending an RST signal to the server. I think this is happening because the client is waiting for reply packet and replay packet is getting dropped by the firewall. 

    If possible collect more logs with below commands:
     diagnose sniffer packet any "host 172.16.3.198"
     diagnose sniffer packet any "host 52.74.223.119"

    ------------------------------
    Deepak Kumar
    First Option General Trading LLC
    Dubai
    ------------------------------



  • 13.  RE: How to configure to block github upload?

    Posted 03-13-2019 20:13
    Hi,
    The IP address of the github will change. The following is the capture of one of the destination addresses.What problems can  find?
    I tested Baidu.Cloud_File.download and upload to be well recognized and can prevent upload actions.
    I feel that application control does not recognize the difference between github upload and download traffic.
    Is there any better way to solve the problem I need?


    FortiGate-VM # diagnose sniffer packet any "dst host 13.229.188.59"
    interfaces=[any]
    filters=[dst host 13.229.188.59]
    23.449847 172.16.3.198.50700 -> 13.229.188.59.443: syn 3069350836
    23.450276 172.16.5.190.50700 -> 13.229.188.59.443: syn 3069350836
    23.501720 172.16.3.198.50700 -> 13.229.188.59.443: ack 141016232
    23.501789 172.16.5.190.50700 -> 13.229.188.59.443: ack 141016232
    23.511918 172.16.3.198.50700 -> 13.229.188.59.443: psh 3069350837 ack 141016232
    23.512394 172.16.5.190.50700 -> 13.229.188.59.443: psh 3069350837 ack 141016232
    23.568649 172.16.5.190.50700 -> 13.229.188.59.443: ack 141017668
    23.569265 172.16.5.190.50700 -> 13.229.188.59.443: ack 141019104
    23.569520 172.16.3.198.50700 -> 13.229.188.59.443: ack 141019104
    23.570706 172.16.3.198.50700 -> 13.229.188.59.443: psh 3069351354 ack 141019868
    23.570807 172.16.3.198.50700 -> 13.229.188.59.443: psh 3069351418 ack 141019868
    23.570892 172.16.5.190.50700 -> 13.229.188.59.443: psh 3069351354 ack 141019868
    23.570961 172.16.5.190.50700 -> 13.229.188.59.443: psh 3069351418 ack 141019868
    23.622582 172.16.3.198.50700 -> 13.229.188.59.443: ack 141020026
    23.622633 172.16.5.190.50700 -> 13.229.188.59.443: ack 141020026
    24.584521 172.16.3.198.50700 -> 13.229.188.59.443: ack 141020296
    24.584711 172.16.5.190.50700 -> 13.229.188.59.443: ack 141020296
    36.030558 172.16.3.198.50700 -> 13.229.188.59.443: psh 3069351625 ack 141020296
    36.030773 172.16.5.190.50700 -> 13.229.188.59.443: psh 3069351625 ack 141020296
    36.837076 172.16.3.198.50700 -> 13.229.188.59.443: ack 141020729
    36.837199 172.16.5.190.50700 -> 13.229.188.59.443: ack 141020729
    36.841849 172.16.3.198.50700 -> 13.229.188.59.443: ack 141020945
    36.841895 172.16.5.190.50700 -> 13.229.188.59.443: ack 141020945
    37.042016 172.16.3.198.50700 -> 13.229.188.59.443: ack 141020972
    37.042122 172.16.5.190.50700 -> 13.229.188.59.443: ack 141020972
    37.095585 172.16.3.198.50700 -> 13.229.188.59.443: psh 3069351891 ack 141020972
    37.095769 172.16.5.190.50700 -> 13.229.188.59.443: psh 3069351891 ack 141020972
    38.081770 172.16.3.198.50700 -> 13.229.188.59.443: ack 141021576
    38.081838 172.16.5.190.50700 -> 13.229.188.59.443: ack 141021576
    40.245354 172.16.3.198.50700 -> 13.229.188.59.443: ack 141021681
    40.245437 172.16.5.190.50700 -> 13.229.188.59.443: ack 141021681
    40.702576 172.16.3.198.50700 -> 13.229.188.59.443: ack 141021753
    40.702628 172.16.5.190.50700 -> 13.229.188.59.443: ack 141021753
    40.707979 172.16.3.198.50700 -> 13.229.188.59.443: psh 3069352687 ack 141021753
    40.708066 172.16.5.190.50700 -> 13.229.188.59.443: psh 3069352687 ack 141021753
    40.709100 172.16.3.198.50700 -> 13.229.188.59.443: fin 3069352711 ack 141021753
    40.709160 172.16.5.190.50700 -> 13.229.188.59.443: fin 3069352711 ack 141021753
    40.759415 172.16.3.198.50700 -> 13.229.188.59.443: rst 3069352712 ack 141021777
    40.759494 172.16.5.190.50700 -> 13.229.188.59.443: rst 3069352712 ack 141021777
    40.759970 172.16.3.198.50700 -> 13.229.188.59.443: rst 3069352711
    40.759987 172.16.3.198.50700 -> 13.229.188.59.443: rst 3069352712
    40.760026 172.16.5.190.50700 -> 13.229.188.59.443: rst 3069352711


    ------------------------------
    weiping [LastName] [Designation]
    network engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 14.  RE: How to configure to block github upload?

    Posted 03-13-2019 02:09
    Hello,

    From my point of view, you should do the reverse : block all github and on unblock only what you need.

    Because it's matching the global signature.

    To be sure, could you please give us the rest of configuration : policy configuration, ssl inspection config,... ? Keep in mind that is your local language, it will be a good idea to change it to english just to give us screenshot in order to better understand.

    Thanks a lot.

    Best regards,
    Yohann

    ------------------------------
    Yohann [LastName] [Designation]
    Ing?nieur syst?me / r?seaux
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 15.  RE: How to configure to block github upload?

    Posted 03-13-2019 03:29
    I tried the reverse application control strategy, the file can still be uploaded, but the log is implemented using HTTPS.BROWERS
    I have another idea to use data leak prevention. Can I disable all file uploads?

    12
    3

    ------------------------------
    weiping [LastName] [Designation]
    network engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 16.  RE: How to configure to block github upload?

    Posted 03-13-2019 03:31
    Hello,

    Which browser are you using ?

    Best regards,
    Yohann

    ------------------------------
    Yohann [LastName] [Designation]
    Ing?nieur syst?me / r?seaux
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 17.  RE: How to configure to block github upload?

    Posted 03-13-2019 18:31
    Hi,Yohann

    I using centbrowser


    ------------------------------
    weiping [LastName] [Designation]
    network engineer
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------