A policy was created to allow users upload and download files to dropbox.com domain.

Downloading of files works fine but uploads fail. The files do not get uploaded and no error message are visible.

Cloud SWG Proxy logs confirm that the transactions vedirct is "deny" at the tcp level (not ssl or https).

SSL inspection is enabled yet the requests are blocked before they can be handled by the https proxy.

Dropbox Application and domains added to Content Filtering Policy destination.

Upload Files and Attachments added to Content Filtering Policy 'Contents and Limits' section

The policy was moved to "Group A" so it is applied as the requests are ingressing Cloud SWG.

SSL interception is disabled for dropbox.com by default, even if Cloud SWG SSL interception flag is enabled.

The Cloud SWG proxy has no way of determining upload operation or endpoint without SSL interception and thus the requests are blocked.

Make sure SSL inspection is enabled for dropbox.com domain. 

• With UPE / Management Center, we can do this by adding the following CPL

<SSL-Intercept>
  url.domain=//dropbox.com/ policy.intercept

• With Cloud SWG Portal tenants, you will need to contact Broadcom support to add CPL for the specific tenant.