Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jhelder
Staff
Staff

Created on ‎09-06-2023 08:12 AM

Article Id 272387

Technical Tip: How to not allow users to add additional accounts on Gmail

Description This article describes a web filter use case to prevent users from adding more email accounts on Gmail. This is useful in scenarios where a company email has been set up and it is undesirable for users to add other accounts, such as personal accounts.
Scope Any version of FortiOS.
Solution

To achieve this, use a web filter with static URLs and deep inspection.
Deep inspection is mandatory because the CA for Google email is always the same and it is necessary to inspect the traffic to verify the URL.
In the firewall policy, under the web filter profile, create a new entry in the Static URL filter and define the URL for Gmail ('accounts.google.com'). This is the address that Google uses to add a new account.


The type for this filter can be set to 'Simple', and the action should be 'Block'.

 

google-webfilter.JPG

 

Next, define the DIP in the firewall policy:

 

firewall-policy.JPG

 

If a user tries to add any additional account on Gmail, they will be shown the block page:

 

test-webfilter.JPG
389
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.