Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FortiGate problem

Posted on 2016-10-03
8
Medium Priority
?
733 Views
Last Modified: 2016-10-15
Hi all , i have  problem with google site , it's not working with fortiGate  policies  put in logs  is allowed and not open with all browser  just google  site
2016-10-03_11-31-39.png
0
Comment
Question by:asfourcrystal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41826099
> not open with all browser  just google site

the screenshot is for firewall rules. can you please also post a screenshot for the issue on browser side when accessing Google sites?
0
 

Author Comment

by:asfourcrystal
ID: 41826119
this screen shot for the issue on browser side
google.jpg
0
 
LVL 37

Expert Comment

by:bbao
ID: 41826133
are you able to PING google.com.eg from the same computer?
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 41826168
Maybe can try other machine besides this machine. And also try FireFox on top Chrome.

FortiOS 5.2 and above will have a new feature that allow Google Apps and block all Gmail/Google services. http://cookbook.fortinet.com/blocking-google-access-for-consumer-accounts/ 
Try to also reset all firewall session and clean your DNS cache. And will need SSL Inspection enabled on the web filter profile. I am wondering if it is blocking any other TCP/UDP ports even though the web filter profile allows it.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41836065
where is google.com.eg allowed in the screenshot ?
if you allowed google.services only, it is very possible that the url list for google services does not include the egyptian google
0
 

Author Comment

by:asfourcrystal
ID: 41839513
i already allowed  google.services and not working i try batn's solution
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41840012
i'm not telling you to allow google.service

allowing google.service is not enough. you have to specifically allow google.com.eg and possibly a bunch of other urls. it will be easier if you log blocked traffic

at the very list you'll need
- google.com.eg
- google.com
- gstatic.com
just in order to get basic searches to work
0
 
LVL 65

Expert Comment

by:btan
ID: 41840105
You can also check out the list of port and service URL for google services

e.g. Google Drive firewall and proxy settings
For the following hosts, [N] means any single decimal digit and * means any string not containing a period.
www.google.com:443/HTTPS
•accounts.google.com:443/HTTPS
•googledrive.com:443/HTTPS
•drive.google.com:443/HTTPS
•*.drive.google.com:443/HTTPS
•docs.google.com:443/HTTPS
•*.docs.google.com:443/HTTPS
•*.c.docs.google.com:443/HTTPS
•sheets.google.com:443/HTTPS
•slides.google.com:443/HTTPS
•talk.google.com:5222/XMPP (needed only for Google Drive for Mac/PC)
•gg.google.com:443/HTTPS
•script.google.com:443/HTTPS
•ssl.google-analytics.com:443/HTTPS
•video.google.com:443/HTTPS
•s.ytimg.com:443/HTTPS
•apis.google.com:443/HTTPS
•*.googleapis.com:443/HTTPS
•*.googleusercontent.com:443/HTTPS
•*.gstatic.com:443/HTTPS
•lh[N].google.com:443/HTTPS
•[N].client-channel.google.com:443/HTTPS
•clients[N].google.com:443/HTTPS
https://support.google.com/a/answer/2589954?hl=en
e.g. Sites firewall settings
For the following hosts, * represents any string not containing a period.
•sites.google.com:80/HTTP
•sites.google.com:443/HTTPS
•*.sites.google.com:443/HTTPS
•*.googlegroups.com:443/HTTPS
•drive.google.com:443/HTTPS
https://support.google.com/a/answer/6163291?visit_id=1-636118732910827443-325829852&rd=1
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question