Sharefile is unable to open or view PDF files when sent through Cloud SWG
search cancel

Sharefile is unable to open or view PDF files when sent through Cloud SWG

book

Article ID: 388566

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Gateway Advanced CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS

Issue/Introduction

Unable to open any PDF files to view them. Other file extensions are able to be opened and viewed with Sharefile.

Environment

Cloud SWG

Symantec CloudSOC (CASB)

Cause

PDF files fail to open when Cloud SWG IPv6 anonymized XFF headers are enabled.

Resolution

The following are possible workarounds that should help resolve the issue with opening/viewing PDF files through Sharefile. Depending on the environment in use, one option may be preferable over another. See notes related to CASB integrations. 

  1.  Add sf-cv.sharefile.com as an SSL exemption in the Cloud SWG policy. When you exempt the domain from SSL interception, the proxy will not intercept and insert the X-Forwarded-For (XFF) header.

    Exempt traffic from SSL Interception in Cloud SWG

    NOTE: If you are also leveraging a CASB integration with gatelets enabled for the Sharefile application, exempting the traffic from SSL interception in Cloud SWG may not be the best solution as exempting the traffic from SSL interception will result in information missing from logged activities related to Sharefile in the CASB console. 

    sharefile.com is part of the CASB domains of interest as outlined in the following: 

    Symantec CloudSOC - Sharefile

    The following two workarounds will be preferable when utilizing CASB as they will maintain SSL inspection for this traffic.

  2. Use Original Source IP setting found in the Cloud SWG console. (Select Policy > Header Modification > Global Rules > Select Original Source IP). For further information on this setting: 

    Anonymize Source IP Addresses in the XFF Header

    Use an anonymous IP in the X-Forwarded-For (XFF) Header Field

    NOTE: If using a Cloud SWG tenant that only utilizes the CASB component (the setting for changing the Anonymized IP to Original IP will not be available in these "CASB only" Cloud SWG tenants). If this is the case, please refer to option 3.

  3. A policy fragment (applied on the backend) can be applied specifically to sf-cv.sharefile.com. This policy fragment will have the same effect as Option 2 but will be targeted only to traffic for sf-cv.sharefile.com. If you wish to maintain the anonymized IP setting in Cloud SWG, or you have a "CASB Only" Cloud SWG tenant, please reach out to support and this can be enabled for your tenant to resolve the issue in this manner. 

Additional Information

See similar issue for Sharefile uploads/downloads: 

Sharefile uploads/downloads fail or hang when sent through Cloud SWG

 

Powered by Wolken Software