|
Although the recommended method to block access to Google Drive or other Cloud Storage services is Application Control with Deep Inspection, a practical workaround is to restrict access using fully qualified domain names (FQDNs), including static and wildcard entries. This approach targets Google Drive more precisely without unintentionally blocking other essential Google services.
[Static FQDN]
googledrive.com
drive.google.com
drive.usercontent.google.com
drive-data-export.usercontent.google.com
drive-data-export-eu.usercontent.google.com
[Wildcard FQDN]
*.drive.google.com
Sample configuration for Firewall Addresses and Policies:
config firewall address
edit "GDRIVE"
set type fqdn
set fqdn "googledrive.com"
next
end
Note: The same configuration should be done for all static and wildcard FQDNs.
config firewall policy
edit 1
set name "Block_Drive"
set srcintf "port3"
set dstintf "virtual-wan-link"
set srcaddr "all"
set dstaddr "GDRIVE"
set schedule "always"
set service "ALL"
set logtraffic enable
set action deny
next
end
Static and wildcard FQDNs may change at any time by Google. For the latest updates, refer to the Google support page:
Important: Ensure DNS queries traverse the FortiGate when using wildcard FQDNs so it can cache resolutions and continuously refresh the wildcard FQDN object.
Related article:
|
