Restrict Google Apps to Allowed Domains

You can use the HTTPS proxy (with content inspection enabled) to block user access to personal Google services. You can specify which domains are allowed to use Google services. For example, you can allow domains used for Google for Work services, but block user connections to Google Gmail or other personal Google service accounts. Because most Google services are SSL encrypted, you must enable content inspection in the HTTPS proxy.

When you enable this feature, the web proxy server on the Firebox inserts an X-GoogApps-Allowed-Domains HTTP header, followed by a comma-separated allowed domain name list, into all requests for *.google.com.

Google services that do not require authentication, such as Google Search or YouTube, cannot be blocked.

To configure allowed domains for Google Apps access:

1. Enable content inspection in an HTTPS proxy action.
2. Select the Restrict Google Apps to Allowed Domains check box.

Allowed Google Domains configuration in Fireware Web UI

Allowed Google Domains configuration in Policy Manager

3. To add a domain, type the domain in the text box and click Add.
   For example, type example.com.
4. To remove a domain from the list, select the domain and click Remove.
5. Save the configuration.

See Also

About Proxy Policies and ALGs

About the HTTPS-Proxy

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.