google ip address

Posted on 2014-09-02
Last Modified: 2014-09-03
I have setup some rules on our firewall to block https to accommodate restricting users to facebook.  My issue is now I have some strangeness getting to

I can add exceptions to the rules by including ip address that google uses, however I would like to find out if there is a list of IP address that I can add instead of doing them slowly as I notice problems reaching sites.

Any body have an idea what IPs I need?

Question by:IKtech
    LVL 9

    Expert Comment

    unblock https, youre blocking everything that uses https including
    now block instead or redirect them to whatever site you want them to see.
    LVL 3

    Accepted Solution

    The following IP address ranges belong to Google: - - - - - - -
    LVL 34

    Expert Comment

    by:Seth Simmons
    agree with natty; you're doing this backwards
    blocking an entire protocol just for one site doesn't make sense
    it puts you in the position like this to now manually add all sites that run on port 443 apparently starting with google
    you'll find users complaining they can't get to other secure sites and you'll have to start adding those which amounts to additional unecessary administrative overhead for you
    LVL 9

    Expert Comment

    by:Dan Arseneau
    And as a possible solution, add a DNS zone called and don't add any records.  Anyone machine that is joined to your domain wanting to visit that url will go nowhere.  Or point an 'A' (Host) record to an internal website that shows that you are blocking it.
    LVL 3

    Author Comment

    Well it's a little more complicated than just blocking facebook.  I use a watchguard device for our firewall/router.  I have http rules that work with a installed service called webblocker.  However, I needed https rules to get the webblocker working on sites that use https.  The watchguard device decrypts https and reencrypts it using a cert on that device (a cert is installed on all PCs as well).  This allows the WG device to determine if the traffic contains a category that is blocked or not.  This seems to work fine with all other sites except google.  So the exception is not really for the proxy instead it is for the "content inspection" of the WG device.

    Watchguard has informed me that this issue has been a problem for others as well and the fix has yet TBD.  Hopefully I won't need to add google to the content inspections exceptions once a fix has been released.
    LVL 3

    Author Closing Comment

    I added the address ranges to a rule that is processed before my proxy rules and it works a treat.  Thanks!!!

    Featured Post

    NetScaler Deployment Guides and Resources

    Citrix NetScaler is certified to support many of the most commonly deployed enterprise applications. Deployment guides provide in-depth recommendations on configuring NetScaler to meet specific application requirements.

    Join & Write a Comment

    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now