Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Coldfirex
New Contributor

Issue with allowing gmail through FortiGuard

Howdy, We have a FW policy where web-based email is being blocked. I wanted to allow just Gmail through so I created fw addresses used by gmail, added them to a FW Address Group. I then created a fw policy from internal to wan1 with the destination address the group I created. I placed this policy above our fw policy that blocks web-based email through categories, however Gmail is still being blocked. The block page says: URL: mail.google.com/mail CAtegory: Web-Based email Any ideas? FG50B v3 MR7 P9 Thanks!
5 REPLIES 5
abelio
SuperUser
SuperUser

Any ideas? FG50B v3 MR7 P9
check WF logs; surely your fw addresses doesn' t cover all the possible IPs. Another approach could be use FQDN in place of those addresses group.

regards




/ Abel

regards / Abel
Coldfirex
New Contributor

Thanks for the reply. I left out that the addresses I used were FQDN.
ede_pfau
SuperUser
SuperUser

Hi, you could enable logging in the first (accepting) policy and look up the traffic log if any traffic hits this policy at all. That might give you a clue.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Coldfirex
New Contributor

Ya, logging was enable but the rule was never getting triggered. Support figured out that it was not working because gmail.com and mail.google.com do not use A records (they use CNames if I remember). The only workaround was to get the IP addresses associated with both and add those to a policy. After that it worked.
sriinuvas
New Contributor II

In you web filter Web-Base Email, but it will allow all web based email.

Srinivas
Srinivas
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors