google ip address

I have setup some rules on our firewall to block https to accommodate restricting users to facebook.  My issue is now I have some strangeness getting to google.com.

I can add exceptions to the rules by including ip address that google uses, however I would like to find out if there is a list of IP address that I can add instead of doing them slowly as I notice problems reaching google.com sites.

Any body have an idea what IPs I need?

Thanks
LVL 3
IKtechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Natty GregIn Theory (IT)Commented:
unblock https, youre blocking everything that uses https including google.com.
now block facebook.com instead or redirect them to whatever site you want them to see.
0
Soufiane Adil, Ph.DIT, Network Architect - CCNP/CCDPCommented:
The following IP address ranges belong to Google:

64.233.160.0 - 64.233.191.255
66.102.0.0 - 66.102.15.255
66.249.64.0 - 66.249.95.255
72.14.192.0 - 72.14.255.255
74.125.0.0 - 74.125.255.255
209.85.128.0 - 209.85.255.255
216.239.32.0 - 216.239.63.255
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
agree with natty; you're doing this backwards
blocking an entire protocol just for one site doesn't make sense
it puts you in the position like this to now manually add all sites that run on port 443 apparently starting with google
you'll find users complaining they can't get to other secure sites and you'll have to start adding those which amounts to additional unecessary administrative overhead for you
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Dan ArseneauCommented:
And as a possible solution, add a DNS zone called facebook.com and don't add any records.  Anyone machine that is joined to your domain wanting to visit that url will go nowhere.  Or point an 'A' (Host) record to an internal website that shows that you are blocking it.
0
IKtechAuthor Commented:
Well it's a little more complicated than just blocking facebook.  I use a watchguard device for our firewall/router.  I have http rules that work with a installed service called webblocker.  However, I needed https rules to get the webblocker working on sites that use https.  The watchguard device decrypts https and reencrypts it using a cert on that device (a cert is installed on all PCs as well).  This allows the WG device to determine if the traffic contains a category that is blocked or not.  This seems to work fine with all other sites except google.  So the exception is not really for the proxy instead it is for the "content inspection" of the WG device.

Watchguard has informed me that this issue has been a problem for others as well and the fix has yet TBD.  Hopefully I won't need to add google to the content inspections exceptions once a fix has been released.
0
IKtechAuthor Commented:
I added the address ranges to a rule that is processed before my proxy rules and it works a treat.  Thanks!!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.