Allow LAN, Google Docs, but block everything else

I need to only allow LAN (company network) and Google documents but block all other internet (such as youtube, yahoo, anything that's not Google Documents)

Do I just create an Alias called 'Google Documents', and put the below IPs in it, then allow 'Google Documents' to the computers I want?

https://support.google.com/a/answer/2589954?hl=en

Comments

  • I have more than computer that I like to apply this rule to, so I'll also create an alias for these computer and put their IP or FQDN in it.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    You may be able to do this, but keep in mind that google uses many of their own services for these apps. Attempting to disable gmail but allowing drive may just simply break your ability to log into their site.

    Please also keep in mind that the entirety of google is presented via HTTPS. For the firewall to have any chance of seeing anything but the SNI in the certificate (which will almost always be *.google.com) content inspection will likely need to be enabled for your HTTPS proxy.

    -James Carson
    WatchGuard Customer Support

  • Application Control has a setting Google Docs.
    If you have that, you could set up a test policy From: a specific IP addr and see what App Control settings are actually needed to log into Goggle and access the docs, and nothing else.

  • thank you

Sign In to comment.