Advanced Application Controls
Some web-based applications offer the option to allow users to access the site but not to perform activities such as uploading, downloading, posting, or sharing content on those sites.
Depending on the destinations you select in an internet access rule, you will see an Advanced Application Controls section.
This section appears only if destinations added to the rule include one or more applications that allow granular controls on activities. These applications must be included in application lists or application categories selected as destinations, or be individual applications selected from application categories.
Use these advanced controls if you want to allow access to the site but block certain actions. If you don't want to allow access to the site at all, select the application, Application List, or Application Category in the destination list for the rule.
Table of Contents
- Applications with Advanced Controls
- Prerequisites for Advanced Application Controls
- Configure Advanced Application Controls
- Troubleshooting
Applications with Advanced Controls
If apps have advanced app controls, you can block all content for the app, block the app from uploading content including posts and shares, block the app from downloading content, or block the app from deleting content.
Cloud Storage
| Applications | Category | Upload | Download | Post/Share | Delete |
|---|---|---|---|---|---|
| Box Cloud Storage | Cloud Storage | Yes | Yes | Yes | Yes |
| Dropbox | Cloud Storage | Yes | Yes | Yes | Yes |
| Flickr | Cloud Storage | Yes | |||
| File Dropper | Cloud Storage | Yes | |||
| GrosFichiers | Cloud Storage | Yes | Yes | ||
| Google Drive | Cloud Storage | Yes | |||
| Leap File | Cloud Storage | Yes | Yes | ||
| MediaFire | Cloud Storage | Yes | Yes | ||
| Microsoft OneDrive | Cloud Storage | Yes | |||
| OpenDrive | Cloud Storage | Yes | |||
| Onehub | Cloud Storage | Yes | |||
| PicDrop | Cloud Storage | Yes | Yes | ||
| SendThisFile | Cloud Storage | Yes | Yes | ||
| SmugMug | Cloud Storage | Yes | Yes | Yes | |
| SlideShare | Cloud Storage | Yes | Yes | Yes | |
| 4shared | Cloud Storage | Yes | Yes |
Collaboration
| Applications | Category | Upload | Download | Post/Share | Notes |
|---|---|---|---|---|---|
| Cisco Webex Teams | Collaboration | Yes | |||
| Microsoft Teams | Collaboration | Yes | Yes | ||
| Gyazo Teams | Collaboration | Yes | |||
| Slack | Collaboration | Yes | Yes | Yes | |
| Collaboration | Yes | If you upload a Whatsapp file that has already been previously uploaded, Secure Access does block the upload of the file. As a workaround, manually delete the existing version of the file from the Whatsapp servers. |
Content Management
| Applications | Category | Upload | Download | Post/Share |
|---|---|---|---|---|
| Egnyte Connect | Content Management | Yes | ||
| Lucidchart | Content Management | Yes | ||
| Pastebin | Content Management | Yes |
Media
| Applications | Category | Upload | Download | Post/Share |
|---|---|---|---|---|
| Dailymotion | Media | Yes | ||
| Giphy | Media | Yes | ||
| Veoh | Media | Yes | ||
| Vimeo | Media | Yes | ||
| YouTube | Media | Yes |
Office Productivity
| Applications | Category | Upload | Download | Post/Share |
|---|---|---|---|---|
| Basecamp | Office Productivity | Yes | ||
| DocHub | Office Productivity | Yes | ||
| AOL Mail | Office Productivity | Yes | ||
| Evernote | Office Productivity | Yes | ||
| Gmail | Office Productivity | Yes Only for Gmail attachment uploads. | ||
| Mail.ru | Office Productivity | Yes Only for Mail.ru attachment uploads. | ||
| Smartsheet | Office Productivity | Yes | ||
| Trello | Office Productivity | Yes | ||
| Yandex Mail | Office Productivity | Yes | ||
| Yahoo Mail | Office Productivity | Yes |
P2P
| Applications | Category | Upload | Download | Post/Share |
|---|---|---|---|---|
| Citrix ShareFile | P2P | Yes | ||
| Filesend | P2P | Yes | ||
| GigaFile | P2P | Yes | ||
| Hightail | P2P | Yes | ||
| WeTransfer | P2P | Yes | Yes | |
| Wikisend | P2P | Yes |
Social Networking
| Applications | Category | Upload | Download | Post/Share |
|---|---|---|---|---|
| Social Networking | Yes | |||
| Facebook Messenger | Social Networking | Yes | ||
| Social Networking | Yes | Yes | ||
| Social Networking | Yes | Yes | Yes | |
| Social Networking | Yes | Yes | ||
| Tik Tok | Social Networking | Yes | Yes | |
| Social Networking | Yes | Yes |
Prerequisites
- Full Admin user rule. For more information, see Manage Accounts.
Procedure
- In an internet access rule, add as destinations any application categories or applications from the table above, or a configured application list that includes any of the above applications or categories.
- The Advanced Application Controls option will appear:
- Click Edit.
- In the pane on the left, select the types of activities to block:
- (Optional) Filter the list in the main pane by clicking All categories and choosing a category.
- In the main pane, select the activities to block for each application in the list
- (Optional) If you filtered the list, choose a different category, then select the activities to block for that category.
Repeat as needed for each category in the All categories list. - Click Save.
Troubleshooting
If advanced application control is not working as expected, check the following:
- Decryption must be enabled in the security profile selected in the rule.
- The site must not be on the Do Not Decrypt list selected in the security profile.
- The domain—for example, dropbox.com—is not configured for Bypass Web Proxy on the Connect > End User Connectivity> Internet Security page. Any domains or IPs on this list will bypass Secure Access and be routed by your local DNS server. This list applies to PAC file and AnyConnect deployments.
- When an application is blocked, a web notification page will not be displayed. Instead, an error message will be displayed in the application.
Block Internet Access to Geographic Locations < Advanced Application Controls > Global Settings for Internet Access Rules
Updated 2 months ago