https://live.paloaltonetworks.com/t5/globalprotect-discussions/restrict-access-via-globalprotect-to-permit-access-to-only-a/m-p/1251892#M7340 <P>I’m looking to enable access via<SPAN>&nbsp;</SPAN><STRONG>GlobalProtect</STRONG><SPAN>&nbsp;</SPAN>to a<SPAN>&nbsp;</SPAN><STRONG><U>specific</U> Google Drive account/folder</STRONG>, rather than granting access to <STRONG><U>all</U>&nbsp;of Google Drive</STRONG>. I’ve encountered mixed guidance on whether this is feasible—ranging from assertions that it cannot be done at all, to suggestions that it may be possible through a combination of<SPAN>&nbsp;</SPAN><STRONG>SSL decryption</STRONG>,<SPAN>&nbsp;</SPAN><STRONG>URL filtering</STRONG>, and<SPAN>&nbsp;</SPAN><STRONG>custom URL categories</STRONG><SPAN>&nbsp;</SPAN>to inspect and control HTTPS traffic.</P><P>&nbsp;</P><P>Given the strict nature of our company&nbsp;<STRONG>DLP policies</STRONG>, any exception permitting Google Drive access must include<SPAN>&nbsp;</SPAN><STRONG>fine-grained controls</STRONG><SPAN>&nbsp;</SPAN>that restrict access strictly to only what is required. My goal is to determine whether this level of granularity can realistically be enforced using GlobalProtect and the associated Palo Alto security features.</P><P>&nbsp;</P><P>Has anyone tackled a similar use case or successfully implemented this type of control? Any insights, best practices, or lessons learned would be greatly appreciated. Thank you in advance for your guidance!</P><P><A class="" href="https://live.paloaltonetworks.com/t5/c-twzvq79624/GlobalProtect/pd-p/GlobalProtect" target="_blank" rel="noopener">GlobalProtect</A><SPAN>&nbsp;</SPAN>&nbsp;</P> Wed, 08 Apr 2026 22:39:42 GMT joe.jorgensen 2026-04-08T22:39:42Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/restrict-access-via-globalprotect-to-permit-access-to-only-a/m-p/1251892#M7340 <P>I’m looking to enable access via<SPAN>&nbsp;</SPAN><STRONG>GlobalProtect</STRONG><SPAN>&nbsp;</SPAN>to a<SPAN>&nbsp;</SPAN><STRONG><U>specific</U> Google Drive account/folder</STRONG>, rather than granting access to <STRONG><U>all</U>&nbsp;of Google Drive</STRONG>. I’ve encountered mixed guidance on whether this is feasible—ranging from assertions that it cannot be done at all, to suggestions that it may be possible through a combination of<SPAN>&nbsp;</SPAN><STRONG>SSL decryption</STRONG>,<SPAN>&nbsp;</SPAN><STRONG>URL filtering</STRONG>, and<SPAN>&nbsp;</SPAN><STRONG>custom URL categories</STRONG><SPAN>&nbsp;</SPAN>to inspect and control HTTPS traffic.</P><P>&nbsp;</P><P>Given the strict nature of our company&nbsp;<STRONG>DLP policies</STRONG>, any exception permitting Google Drive access must include<SPAN>&nbsp;</SPAN><STRONG>fine-grained controls</STRONG><SPAN>&nbsp;</SPAN>that restrict access strictly to only what is required. My goal is to determine whether this level of granularity can realistically be enforced using GlobalProtect and the associated Palo Alto security features.</P><P>&nbsp;</P><P>Has anyone tackled a similar use case or successfully implemented this type of control? Any insights, best practices, or lessons learned would be greatly appreciated. Thank you in advance for your guidance!</P><P><A class="" href="https://live.paloaltonetworks.com/t5/c-twzvq79624/GlobalProtect/pd-p/GlobalProtect" target="_blank" rel="noopener">GlobalProtect</A><SPAN>&nbsp;</SPAN>&nbsp;</P> Wed, 08 Apr 2026 22:39:42 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/restrict-access-via-globalprotect-to-permit-access-to-only-a/m-p/1251892#M7340 joe.jorgensen 2026-04-08T22:39:42Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/restrict-access-via-globalprotect-to-permit-access-to-only-a/m-p/1251907#M7341 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/154152855">@joe.jorgensen</a>&nbsp;,</P> <P>&nbsp;</P> <P data-end="96" data-start="78">Hope you are well. I would first start off by saying this would be a hard pitch.</P> <P data-end="159" data-start="98">&nbsp;</P> <P data-end="514" data-start="161">You may be able to get some control around approved Google accounts or domains using SSL decryption and <A href="https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/app-id/http-header-insertion/http-header-insertion-understand-custom-headers?utm_source=chatgpt.com" target="_self">HTTP header</A> insertion for Google. For example, you could allow users to sign in only with accounts from yourcompany.com, while blocking personal gmail&nbsp;accounts or accounts from other domains. I have not personally implemented this myself.&nbsp;</P> <P data-end="514" data-start="161">&nbsp;</P> <P data-end="514" data-start="161">As far as the file/folder restriction, I would lean on Google Drive / Google Workspace for that level of control. That is less firewall/VPN territory and more a matter of granular SaaS permissions.</P> Thu, 09 Apr 2026 04:58:07 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/restrict-access-via-globalprotect-to-permit-access-to-only-a/m-p/1251907#M7341 JayGolf 2026-04-09T04:58:07Z