Solved

FortiGate problem

Posted on 2016-10-03
8
111 Views
Last Modified: 2016-10-15
Hi all , i have  problem with google site , it's not working with fortiGate  policies  put in logs  is allowed and not open with all browser  just google  site
2016-10-03_11-31-39.png
0
Comment
Question by:asfourcrystal
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41826099
> not open with all browser  just google site

the screenshot is for firewall rules. can you please also post a screenshot for the issue on browser side when accessing Google sites?
0
 

Author Comment

by:asfourcrystal
ID: 41826119
this screen shot for the issue on browser side
google.jpg
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41826133
are you able to PING google.com.eg from the same computer?
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41826168
Maybe can try other machine besides this machine. And also try FireFox on top Chrome.

FortiOS 5.2 and above will have a new feature that allow Google Apps and block all Gmail/Google services. http://cookbook.fortinet.com/blocking-google-access-for-consumer-accounts/ 
Try to also reset all firewall session and clean your DNS cache. And will need SSL Inspection enabled on the web filter profile. I am wondering if it is blocking any other TCP/UDP ports even though the web filter profile allows it.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 26

Expert Comment

by:skullnobrains
ID: 41836065
where is google.com.eg allowed in the screenshot ?
if you allowed google.services only, it is very possible that the url list for google services does not include the egyptian google
0
 

Author Comment

by:asfourcrystal
ID: 41839513
i already allowed  google.services and not working i try batn's solution
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 41840012
i'm not telling you to allow google.service

allowing google.service is not enough. you have to specifically allow google.com.eg and possibly a bunch of other urls. it will be easier if you log blocked traffic

at the very list you'll need
- google.com.eg
- google.com
- gstatic.com
just in order to get basic searches to work
0
 
LVL 62

Expert Comment

by:btan
ID: 41840105
You can also check out the list of port and service URL for google services

e.g. Google Drive firewall and proxy settings
For the following hosts, [N] means any single decimal digit and * means any string not containing a period.
www.google.com:443/HTTPS
•accounts.google.com:443/HTTPS
•googledrive.com:443/HTTPS
•drive.google.com:443/HTTPS
•*.drive.google.com:443/HTTPS
•docs.google.com:443/HTTPS
•*.docs.google.com:443/HTTPS
•*.c.docs.google.com:443/HTTPS
•sheets.google.com:443/HTTPS
•slides.google.com:443/HTTPS
•talk.google.com:5222/XMPP (needed only for Google Drive for Mac/PC)
•gg.google.com:443/HTTPS
•script.google.com:443/HTTPS
•ssl.google-analytics.com:443/HTTPS
•video.google.com:443/HTTPS
•s.ytimg.com:443/HTTPS
•apis.google.com:443/HTTPS
•*.googleapis.com:443/HTTPS
•*.googleusercontent.com:443/HTTPS
•*.gstatic.com:443/HTTPS
•lh[N].google.com:443/HTTPS
•[N].client-channel.google.com:443/HTTPS
•clients[N].google.com:443/HTTPS
https://support.google.com/a/answer/2589954?hl=en
e.g. Sites firewall settings
For the following hosts, * represents any string not containing a period.
•sites.google.com:80/HTTP
•sites.google.com:443/HTTPS
•*.sites.google.com:443/HTTPS
•*.googlegroups.com:443/HTTPS
•drive.google.com:443/HTTPS
https://support.google.com/a/answer/6163291?visit_id=1-636118732910827443-325829852&rd=1
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWALL SIP Transformation Problem 4 50
DNS and NSLOOKUP 21 56
More Than One Website On Same DMZ Server 3 51
Network access 4 21
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now