• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1137
  • Last Modified:

FortiGate problem

Hi all , i have  problem with google site , it's not working with fortiGate  policies  put in logs  is allowed and not open with all browser  just google  site
2016-10-03_11-31-39.png
0
asfourcrystal
Asked:
asfourcrystal
  • 2
  • 2
  • 2
  • +1
1 Solution
 
bbaoIT ConsultantCommented:
> not open with all browser  just google site

the screenshot is for firewall rules. can you please also post a screenshot for the issue on browser side when accessing Google sites?
0
 
asfourcrystalAuthor Commented:
this screen shot for the issue on browser side
google.jpg
0
 
bbaoIT ConsultantCommented:
are you able to PING google.com.eg from the same computer?
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
btanExec ConsultantCommented:
Maybe can try other machine besides this machine. And also try FireFox on top Chrome.

FortiOS 5.2 and above will have a new feature that allow Google Apps and block all Gmail/Google services. http://cookbook.fortinet.com/blocking-google-access-for-consumer-accounts/ 
Try to also reset all firewall session and clean your DNS cache. And will need SSL Inspection enabled on the web filter profile. I am wondering if it is blocking any other TCP/UDP ports even though the web filter profile allows it.
0
 
skullnobrainsCommented:
where is google.com.eg allowed in the screenshot ?
if you allowed google.services only, it is very possible that the url list for google services does not include the egyptian google
0
 
asfourcrystalAuthor Commented:
i already allowed  google.services and not working i try batn's solution
0
 
skullnobrainsCommented:
i'm not telling you to allow google.service

allowing google.service is not enough. you have to specifically allow google.com.eg and possibly a bunch of other urls. it will be easier if you log blocked traffic

at the very list you'll need
- google.com.eg
- google.com
- gstatic.com
just in order to get basic searches to work
0
 
btanExec ConsultantCommented:
You can also check out the list of port and service URL for google services

e.g. Google Drive firewall and proxy settings
For the following hosts, [N] means any single decimal digit and * means any string not containing a period.
www.google.com:443/HTTPS
•accounts.google.com:443/HTTPS
•googledrive.com:443/HTTPS
•drive.google.com:443/HTTPS
•*.drive.google.com:443/HTTPS
•docs.google.com:443/HTTPS
•*.docs.google.com:443/HTTPS
•*.c.docs.google.com:443/HTTPS
•sheets.google.com:443/HTTPS
•slides.google.com:443/HTTPS
•talk.google.com:5222/XMPP (needed only for Google Drive for Mac/PC)
•gg.google.com:443/HTTPS
•script.google.com:443/HTTPS
•ssl.google-analytics.com:443/HTTPS
•video.google.com:443/HTTPS
•s.ytimg.com:443/HTTPS
•apis.google.com:443/HTTPS
•*.googleapis.com:443/HTTPS
•*.googleusercontent.com:443/HTTPS
•*.gstatic.com:443/HTTPS
•lh[N].google.com:443/HTTPS
•[N].client-channel.google.com:443/HTTPS
•clients[N].google.com:443/HTTPS
https://support.google.com/a/answer/2589954?hl=en
e.g. Sites firewall settings
For the following hosts, * represents any string not containing a period.
•sites.google.com:80/HTTP
•sites.google.com:443/HTTPS
•*.sites.google.com:443/HTTPS
•*.googlegroups.com:443/HTTPS
•drive.google.com:443/HTTPS
https://support.google.com/a/answer/6163291?visit_id=1-636118732910827443-325829852&rd=1
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now