Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

google ip address

Posted on 2014-09-02
6
Medium Priority
?
368 Views
Last Modified: 2014-09-03
I have setup some rules on our firewall to block https to accommodate restricting users to facebook.  My issue is now I have some strangeness getting to google.com.

I can add exceptions to the rules by including ip address that google uses, however I would like to find out if there is a list of IP address that I can add instead of doing them slowly as I notice problems reaching google.com sites.

Any body have an idea what IPs I need?

Thanks
0
Comment
Question by:IKtech
6 Comments
 
LVL 14

Expert Comment

by:Natty Greg
ID: 40298949
unblock https, youre blocking everything that uses https including google.com.
now block facebook.com instead or redirect them to whatever site you want them to see.
0
 
LVL 3

Accepted Solution

by:
Soufiane Adil, Ph.D earned 2000 total points
ID: 40298950
The following IP address ranges belong to Google:

64.233.160.0 - 64.233.191.255
66.102.0.0 - 66.102.15.255
66.249.64.0 - 66.249.95.255
72.14.192.0 - 72.14.255.255
74.125.0.0 - 74.125.255.255
209.85.128.0 - 209.85.255.255
216.239.32.0 - 216.239.63.255
0
 
LVL 36

Expert Comment

by:Seth Simmons
ID: 40299027
agree with natty; you're doing this backwards
blocking an entire protocol just for one site doesn't make sense
it puts you in the position like this to now manually add all sites that run on port 443 apparently starting with google
you'll find users complaining they can't get to other secure sites and you'll have to start adding those which amounts to additional unecessary administrative overhead for you
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 40299140
And as a possible solution, add a DNS zone called facebook.com and don't add any records.  Anyone machine that is joined to your domain wanting to visit that url will go nowhere.  Or point an 'A' (Host) record to an internal website that shows that you are blocking it.
0
 
LVL 3

Author Comment

by:IKtech
ID: 40299664
Well it's a little more complicated than just blocking facebook.  I use a watchguard device for our firewall/router.  I have http rules that work with a installed service called webblocker.  However, I needed https rules to get the webblocker working on sites that use https.  The watchguard device decrypts https and reencrypts it using a cert on that device (a cert is installed on all PCs as well).  This allows the WG device to determine if the traffic contains a category that is blocked or not.  This seems to work fine with all other sites except google.  So the exception is not really for the proxy instead it is for the "content inspection" of the WG device.

Watchguard has informed me that this issue has been a problem for others as well and the fix has yet TBD.  Hopefully I won't need to add google to the content inspections exceptions once a fix has been released.
0
 
LVL 3

Author Closing Comment

by:IKtech
ID: 40301976
I added the address ranges to a rule that is processed before my proxy rules and it works a treat.  Thanks!!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question