• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 944
  • Last Modified:

FortiGate problem

Hi all , i have  problem with google site , it's not working with fortiGate  policies  put in logs  is allowed and not open with all browser  just google  site
2016-10-03_11-31-39.png
0
asfourcrystal
Asked:
asfourcrystal
  • 2
  • 2
  • 2
  • +1
1 Solution
 
bbaoIT ConsultantCommented:
> not open with all browser  just google site

the screenshot is for firewall rules. can you please also post a screenshot for the issue on browser side when accessing Google sites?
0
 
asfourcrystalAuthor Commented:
this screen shot for the issue on browser side
google.jpg
0
 
bbaoIT ConsultantCommented:
are you able to PING google.com.eg from the same computer?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
btanExec ConsultantCommented:
Maybe can try other machine besides this machine. And also try FireFox on top Chrome.

FortiOS 5.2 and above will have a new feature that allow Google Apps and block all Gmail/Google services. http://cookbook.fortinet.com/blocking-google-access-for-consumer-accounts/ 
Try to also reset all firewall session and clean your DNS cache. And will need SSL Inspection enabled on the web filter profile. I am wondering if it is blocking any other TCP/UDP ports even though the web filter profile allows it.
0
 
skullnobrainsCommented:
where is google.com.eg allowed in the screenshot ?
if you allowed google.services only, it is very possible that the url list for google services does not include the egyptian google
0
 
asfourcrystalAuthor Commented:
i already allowed  google.services and not working i try batn's solution
0
 
skullnobrainsCommented:
i'm not telling you to allow google.service

allowing google.service is not enough. you have to specifically allow google.com.eg and possibly a bunch of other urls. it will be easier if you log blocked traffic

at the very list you'll need
- google.com.eg
- google.com
- gstatic.com
just in order to get basic searches to work
0
 
btanExec ConsultantCommented:
You can also check out the list of port and service URL for google services

e.g. Google Drive firewall and proxy settings
For the following hosts, [N] means any single decimal digit and * means any string not containing a period.
www.google.com:443/HTTPS
•accounts.google.com:443/HTTPS
•googledrive.com:443/HTTPS
•drive.google.com:443/HTTPS
•*.drive.google.com:443/HTTPS
•docs.google.com:443/HTTPS
•*.docs.google.com:443/HTTPS
•*.c.docs.google.com:443/HTTPS
•sheets.google.com:443/HTTPS
•slides.google.com:443/HTTPS
•talk.google.com:5222/XMPP (needed only for Google Drive for Mac/PC)
•gg.google.com:443/HTTPS
•script.google.com:443/HTTPS
•ssl.google-analytics.com:443/HTTPS
•video.google.com:443/HTTPS
•s.ytimg.com:443/HTTPS
•apis.google.com:443/HTTPS
•*.googleapis.com:443/HTTPS
•*.googleusercontent.com:443/HTTPS
•*.gstatic.com:443/HTTPS
•lh[N].google.com:443/HTTPS
•[N].client-channel.google.com:443/HTTPS
•clients[N].google.com:443/HTTPS
https://support.google.com/a/answer/2589954?hl=en
e.g. Sites firewall settings
For the following hosts, * represents any string not containing a period.
•sites.google.com:80/HTTP
•sites.google.com:443/HTTPS
•*.sites.google.com:443/HTTPS
•*.googlegroups.com:443/HTTPS
•drive.google.com:443/HTTPS
https://support.google.com/a/answer/6163291?visit_id=1-636118732910827443-325829852&rd=1
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now