I want to allow gmail access to specific users on my LAN segment.

S.Muhammad477648 — Thu, 21 Nov 2024 11:19:01 GMT

I have created a policy which says "Src: FQDN of 2users" "DST:Any" "App: gmail-base, gmail-posting, ssl, stun, vidyo, web-browsing" "URL CATEGORY: Computer and internet info, web-based-email" "Action: Allow"

But the logs I see is, those users are not hitting this policy (They are still passing through the default policy even the above created policy is above the default one) and "Session-End-Rease: Threat".

Basically what I understand is that L7 inspection is blocking the traffic.

Need help...

Re: I want to allow gmail access to specific users on my LAN segment.

BPry — Thu, 21 Nov 2024 19:48:10 GMT

@S.Muhammad477648,

I would generally recommend creating a much more targeted policy. The firewall can easily identify Gmail traffic just through app-id regardless of whether or not you're actually decrypting that traffic or not. So you could just build a rule for those two users targeted app-id and utilize the container 'gmail' application if you wanted. I wouldn't utilize the URL categories that you have specified at all. Either build one specific to Google or exclude it from your policy outright.

Once that is done if it's still not matching you will need to ensure that your FQDN objects are resolving properly and actually take a detailed look at your logs.

topic I want to allow gmail access to specific users on my LAN segment. in General Topics

I want to allow gmail access to specific users on my LAN segment.

Re: I want to allow gmail access to specific users on my LAN segment.