Description
This article explains how to block access to some Google accounts and services while allowing access only for specific domains
Note:
Firewall policy should be in 'proxy-based' inspection mode and web filter should be in proxy mode. SSL deep inspection is mandatory in firewall policy
Solution
To enable this feature in the GUI:
v6.2.x and above:
Go to Security Profiles -> Web Filter -> Proxy Options section.
Enable 'Restrict Google account usage to specific domains'.
Select the + button and enter the domains.
When Google services like Gmail, Google Drive are used, only traffic from the domain of www.fortinet.com can go through. Traffic from other domains is blocked.
Scenario 1:
If the Web-based Email category is blocked in the Web Filter profile, it is necessary to add mail.google.com in the Web Rating Overrides with a category that has the action Monitor in the Web Filter profile.
Scenario 2:
Access to Google Drive is not restricted only to the domain www.fortinet.com. The reason for this is that in the default SSL/SSH deep-inspection, *drive.google.com is configured as Exempt from SSL Inspection
This entry should be removed:
Related articles:
Technical Tip: Allow access for specific domains Email and Other Email Account Restriction
