How to restrict personal Gmail and other Google services

Description

Data loss prevention and employee productivity are always a concern when on the corporate network, this article explains how you can restrict Google services to only the corporate domain.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Prerequisites

  1. You have rolled out the DPI-SSL certificate to all machines subject to this policy.
  2. You have an existing CFS policy in place.
  3. You are blocking Google Quic (if using Chrome as a browser) via application or firewall rules. 

Restricting Google Services

1. Go to Object | Match Objects | Zones  and enable DPI-SSL Client on the required zones.

2. Go to Policy | DPI-SSL | Client SSL and Enable SSL Client Inspection along with Content Filter.

 Image

3. Go to Object | Profile Objects | Content Filter and edit the profile that you are using in your policy

  • Go to the Custom Header Tab and Enable Custom Header Insertion and add the following (replace sonicwall.com with your own domain):

Image

4. Try logging into a personal account. 

Image

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Prerequisites

  1. You have rolled out the DPI-SSL certificate to all machines subject to this policy.
  2. You have an existing CFS policy in place.
  3. You are blocking Google Quic (if using Chrome as a browser) via application or firewall rules. 

Restricting Google Services

1. Go to Manage | Network | Zones  and enable DPI-SSL Client on the required zones.

2. Go to Manage | Decryption Services | DPI-SSL/TLS Client and Enable SSL Client Inspection along with Content Filter.

Image

3. Go to Manage | Objects | Content Filter Objects | CFS Profile Objects and edit the profile that you are using in your policy

  • Go to the Custom Header Tab and Enable Custom Header Insertion and add the following (replace sonicwall.com with your own domain):

Image

4. Try logging into a personal account. 

Image

Related Articles

  • Using 31-Bit Prefixes on IPv4 Address Error: Index of the interface: Invalid IP Address
    Read More
  • How to block a website using CFS 4.0 CLI commands
    Read More
  • How to Configure Wire / Tap mode in SonicOS
    Read More

Categories

Firewalls
NSv Series
Content Filtering Service
Firewalls
SonicWall NSA Series
Content Filtering Service
Firewalls
TZ Series
Content Filtering Service
Firewalls
NSsp Series
Content Filtering Service
not finding your answers?
Ask the Community
was this article helpful?
YesNo