Issue with allowing gmail through FortiGuard

Coldfirex · ‎11-09-2010

Howdy, We have a FW policy where web-based email is being blocked. I wanted to allow just Gmail through so I created fw addresses used by gmail, added them to a FW Address Group. I then created a fw policy from internal to wan1 with the destination address the group I created. I placed this policy above our fw policy that blocks web-based email through categories, however Gmail is still being blocked. The block page says: URL: mail.google.com/mail CAtegory: Web-Based email Any ideas? FG50B v3 MR7 P9 Thanks!

abelio · ‎11-09-2010

Any ideas? FG50B v3 MR7 P9

check WF logs; surely your fw addresses doesn' t cover all the possible IPs. Another approach could be use FQDN in place of those addresses group.

regards

/ Abel

Coldfirex · ‎11-09-2010

Thanks for the reply. I left out that the addresses I used were FQDN.

ede_pfau · ‎11-09-2010

Hi, you could enable logging in the first (accepting) policy and look up the traffic log if any traffic hits this policy at all. That might give you a clue.

Ede Kernel panic: Aiee, killing interrupt handler!

Coldfirex · ‎11-19-2010

Ya, logging was enable but the rule was never getting triggered. Support figured out that it was not working because gmail.com and mail.google.com do not use A records (they use CNames if I remember). The only workaround was to get the IP addresses associated with both and add those to a policy. After that it worked.

sriinuvas · ‎07-22-2024

In you web filter Web-Base Email, but it will allow all web based email.

Srinivas

Issue with allowing gmail through FortiGuard

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website