This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

block gmail personal ID and allow gmail official ID in palo alto

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

block gmail personal ID and allow gmail official ID in palo alto

Satish
L4 Transporter

‎02-05-2015 12:11 AM

Hi Friends,

please suggest,block gmail personal ID and allow gmail official ID in palo alto.

Regards

Satish

5 people had this problem.
8 REPLIES 8

ssharma
L5 Sessionator

‎02-05-2015 05:47 AM

Hi Satish,

I don't think that is possible with current design. Unless you can verify if the URL you navigate to for both personal and official are unique. If that is the case the case then you can configure ssl decryption on device and allow or deny specific URLs. Which I think is highly unlikely. Hope this helps. Thank you.

0 Likes Likes

emr_1
L5 Sessionator

‎02-05-2015 06:18 PM

Hi,

Google is suggesting as below

Block access to consumer accounts - Google Apps Help

PAN device can decrypt ssl traffic, though it can't insert HTTP header X-GoogApps-Allowed-Domains.

This means PAN device can't handle such a case.

If you have proxy server, you can do it on the proxy.

Satish
L4 Transporter

‎10-26-2015 04:25 AM - edited ‎10-26-2015 04:26 AM

Hello Friends,

 

Please try this one :- 

 

Create a Custom Data Pattern

 

Objects - custom-objects - data-patternsUntitled.png

 

match regex pattern @gmail\.com

 

Create a Data Filtering profile

 

Objects - security-profiles - data-filtering

 

Match the previously created custom data pattern in the Data filtering profile and application as gmail-base.

Untitled.png

 

Create a rule allowing all apps with the data security profile attached to it.

 

Policies – security – rulebase

Untitled.png

 

 

Data Filtering log: note the first log as it matches the data pattern

Untitled.png

 

Thnaks 

santonic
L6 Presenter
In response to Satish

‎10-26-2015 04:27 AM

Have a look at PA Aperture:

https://www.paloaltonetworks.com/products/aperture.html

 

This might be your solution. But so far there isn't much info about it yet.

0 Likes Likes

fsheikh
L1 Bithead

‎07-23-2020 05:54 AM

Step1: Add HTTP Header Insertion under URL Filtering Profile

Screenshot 2020-07-23 at 6.16.45 PM.png

Step2: Create Decryption Profile and enable "Strip ALPN" Under Client Extension

Screenshot 2020-07-23 at 6.18.03 PM.png

Step3: Add Decryption Profile in your Decryption Policy

Screenshot 2020-07-23 at 6.20.48 PM.png

Step4: Make Sure the URL Filtering is added in your Security Policy

Result: Personal Gmail is blocked

Screenshot 2020-07-23 at 6.23.20 PM.png

FAIZAN SHEIKH
FOLLOW MY FACEBOOK GROUP - Palo Alto Networks Q/A

fsheikh
L1 Bithead

‎07-23-2020 06:20 AM

Step1: Add HTTP Header Insertion under URL Filtering Profile

Screenshot 2020-07-23 at 6.16.45 PM.png

Step2: Create Decryption Profile and enable "Strip ALPN" Under Client Extension

 

Screenshot 2020-07-23 at 6.18.03 PM.png

Step3: Add Decryption Profile in your Decryption Policy

 

Screenshot 2020-07-23 at 6.20.48 PM.png

 

Step4: Make Sure the URL Filtering profile is added in your Security Policy

 

Result: Personal Gmail is blocked

Screenshot 2020-07-23 at 6.23.20 PM.png

Cheers,

Faizan Sheikh 

FAIZAN SHEIKH
FOLLOW MY FACEBOOK GROUP - Palo Alto Networks Q/A
(1)

Alvaro_Arango
L1 Bithead

‎05-26-2021 08:02 AM

Thank you so much for the "how to" it really works so well. However I having a particular situation, if a add a a second header, only the first one created works, any suggest?

0 Likes Likes

yad2nus
L1 Bithead
In response to Alvaro_Arango

‎03-21-2022 08:29 AM

just simple.

follow google.com example 

input 111.com, 222.com in value

Example: X-GoogApps-Allowed-Domains: mydomain1.com, mydomain2.com

mydomain1.com, mydomain2.com

0 Likes Likes
  • 17758 Views
  • 8 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks