Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ananth
New Contributor

Blocking Chat in Gmail.

We used to block chat in Gmail. But recently, maybe since the last 2 weeks, we noticed that users who should not have access to this service were merrily chatting away, obviously they won' t tell us they are getting this service! When we checked the settings, everything was OK, nothing has changed, we checked with our Firewall support and they told that Google chat is through https and our present firmware cannot block it. We have blocked via web filter chatenabled.mail.google.com, talk.google.com, hostedtalkgadget.google.com etc. We have asked the firmware to be upgraded soon. Just wan to know if anyone has had the same experience? Thanks a n t h

Fortigate 80C v5.2.8,build727

Fortigate 100A

Fortigate 80C v5.2.8,build727 Fortigate 100A
5 REPLIES 5
billp
Contributor

Per Google, you need to block DNS requests to chatenabled.mail.google.com. Blocking the website in the URL filter won' t work. Try the DNS trick listed below. . . Per Google. . . Disabling Gmail' s chat features for your entire network We understand that it' s sometimes necessary to disable instant messaging services on a network. If you need to prevent Gmail users on your network from chatting, we suggest blocking DNS lookups to chatenabled.mail.google.com, by returning 127.0.0.1.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Ananth
New Contributor

Thanks for the reply. I suppose this has to be done at Network level! But most of the users are mobile users and hence not tied down to any Domain. Is there any setting via Firewall to disable Gmail chatting? regards a n t h

Fortigate 80C v5.2.8,build727

Fortigate 100A

Fortigate 80C v5.2.8,build727 Fortigate 100A
billp
Contributor

You could create a firewall policy that blocks all traffic (all ports/protocols) to chatenabled.mail.google.com. Just create a custom address and then use that to block the traffic in the policy section of the firewall. I would think that would work.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Ananth
New Contributor

Sorry for the late reply! We did like that a couple of days ago, we applied that policy to all the users whom we wanted to block chat, and put this policy just above their policies. But now.. Firewall is going to conserve mode frequently.. happened once for almost 45min yesterday and then today 2 times for alomost the same length of time.... we are still drilling down on what could be the issue and this is one candidate!! Ours is a 100A.. and already the memory usage was around 50%. Any suggestions... we already trimmed down logging etc... Anth.

Fortigate 80C v5.2.8,build727

Fortigate 100A

Fortigate 80C v5.2.8,build727 Fortigate 100A
laf
New Contributor II

Don t really understand where you are. What I can tell you: v4.0 MR1, I enable from Application Control: block gmail and it works like a charm.

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors