?
Solved

FortiGate problem

Posted on 2016-10-03
8
Medium Priority
?
540 Views
Last Modified: 2016-10-15
Hi all , i have  problem with google site , it's not working with fortiGate  policies  put in logs  is allowed and not open with all browser  just google  site
2016-10-03_11-31-39.png
0
Comment
Question by:asfourcrystal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41826099
> not open with all browser  just google site

the screenshot is for firewall rules. can you please also post a screenshot for the issue on browser side when accessing Google sites?
0
 

Author Comment

by:asfourcrystal
ID: 41826119
this screen shot for the issue on browser side
google.jpg
0
 
LVL 37

Expert Comment

by:bbao
ID: 41826133
are you able to PING google.com.eg from the same computer?
0
WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 41826168
Maybe can try other machine besides this machine. And also try FireFox on top Chrome.

FortiOS 5.2 and above will have a new feature that allow Google Apps and block all Gmail/Google services. http://cookbook.fortinet.com/blocking-google-access-for-consumer-accounts/ 
Try to also reset all firewall session and clean your DNS cache. And will need SSL Inspection enabled on the web filter profile. I am wondering if it is blocking any other TCP/UDP ports even though the web filter profile allows it.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41836065
where is google.com.eg allowed in the screenshot ?
if you allowed google.services only, it is very possible that the url list for google services does not include the egyptian google
0
 

Author Comment

by:asfourcrystal
ID: 41839513
i already allowed  google.services and not working i try batn's solution
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41840012
i'm not telling you to allow google.service

allowing google.service is not enough. you have to specifically allow google.com.eg and possibly a bunch of other urls. it will be easier if you log blocked traffic

at the very list you'll need
- google.com.eg
- google.com
- gstatic.com
just in order to get basic searches to work
0
 
LVL 64

Expert Comment

by:btan
ID: 41840105
You can also check out the list of port and service URL for google services

e.g. Google Drive firewall and proxy settings
For the following hosts, [N] means any single decimal digit and * means any string not containing a period.
www.google.com:443/HTTPS
•accounts.google.com:443/HTTPS
•googledrive.com:443/HTTPS
•drive.google.com:443/HTTPS
•*.drive.google.com:443/HTTPS
•docs.google.com:443/HTTPS
•*.docs.google.com:443/HTTPS
•*.c.docs.google.com:443/HTTPS
•sheets.google.com:443/HTTPS
•slides.google.com:443/HTTPS
•talk.google.com:5222/XMPP (needed only for Google Drive for Mac/PC)
•gg.google.com:443/HTTPS
•script.google.com:443/HTTPS
•ssl.google-analytics.com:443/HTTPS
•video.google.com:443/HTTPS
•s.ytimg.com:443/HTTPS
•apis.google.com:443/HTTPS
•*.googleapis.com:443/HTTPS
•*.googleusercontent.com:443/HTTPS
•*.gstatic.com:443/HTTPS
•lh[N].google.com:443/HTTPS
•[N].client-channel.google.com:443/HTTPS
•clients[N].google.com:443/HTTPS
https://support.google.com/a/answer/2589954?hl=en
e.g. Sites firewall settings
For the following hosts, * represents any string not containing a period.
•sites.google.com:80/HTTP
•sites.google.com:443/HTTPS
•*.sites.google.com:443/HTTPS
•*.googlegroups.com:443/HTTPS
•drive.google.com:443/HTTPS
https://support.google.com/a/answer/6163291?visit_id=1-636118732910827443-325829852&rd=1
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question