CloudMask Integration Guide

This document describes the steps to integrate the CloudMask browser plug-in to protect Gmail and Google Drive content with your WatchGuard Firebox.

Platform and Software

The hardware and software used to complete the integration steps outlined in this document include:

  • WatchGuard Firebox T70 installed with Fireware v12.5
  • Client computer installed with Windows 10 (64-bit)
  • CloudMask v2.0.985
  • Chrome v75.0.3770.142 (Official Build) (64-bit)

Test Topology and Workflow

This diagram shows an overview of the setup for CloudMask. You can use either a trusted or optional interface on your Firebox for this integration.

CloudMask Integration Overview

Set Up the Firebox

To integrate CloudMask with your Firebox, complete these steps in the Fireware Web UI:

  • Create a proxy action
  • Add a proxy policy

To create a proxy action:

  1. Select Firewall > Proxy Actions.
  2. Select a predefined HTTPS-Client proxy action to clone. Click Clone.
  3. In the Name box, type a new name for the proxy action.
    In this example, the new proxy action is HTTPS-Client.1.
  4. Select the Content Inspection tab.
  5. screenshot of firebox, firewall, proxy actions

  6. In the Domain Names section, click Add.
    The Add Rule dialog box appears.
  1. In the Rule name text box, type the object name.
    In this example, the name is cloudmask.
  2. In the Value text box, type *.cloudmask.*.
  3. Keep all other settings as the default values.
  4. screenshot of firebox, add a new domain name

  5. Click OK.
  1. From the Action drop-down list, select Inspect.
  2. screenshot of firebox, proxy actions's diagram

  3. Select the Log check box.
  4. Click Save.

To add a proxy policy:

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. Select the Proxies option and, from the Select a proxy drop-down list, select HTTPS-proxy.
  4. From the Select a Proxy action drop-down list, select the proxy action you created in the previous procedure.
    In this example, the proxy action is HTTPS-Client.1.
  5. screenshot of firebox, select a policy type

  6. Click Add Policy.
  1. From the Connections are drop-down list, select Allowed.
  2. Configure the HTTPS-proxy policy to allow traffic from Any-Trusted and Any-Optional to Any-External.
  3. screenshot of firebox, the https-proxy policy

  4. Click Save.

Install CloudMask

Install CloudMask in your Chrome browser. When the installation is successful, you see the CloudMask icon in the browser extensions list.

Test the Integration

To test the integration with Gmail:

  1. With CloudMask protection enabled, use Gmail to send an encrypted email with an attachment.
  2. screenshot of CloudMask, picture1

  3. With CloudMask protection enabled, use Gmail to open an encrypted email. Make sure that it opens correctly and the attachment is still attached.
  4. screenshot of CloudMask, picture2

  5. Download the attachment and make sure that it displays correctly.
  6. With CloudMask protection disabled, use Gmail to open an email with an encrypted attachment.
  7. screenshot of CloudMask, picture3

  8. Download the attachment and make sure that it does not open correctly.

To test the integration with Google Drive:

  1. With CloudMask protection enabled, open Google Drive and make sure that you can successfully update and save files.
  2. screenshot of CloudMask, picture4

  3. With CloudMask protection disabled, open Google Drive and make sure that files you updated do not display correctly.
  4. screenshot of CloudMask, picture5

To confirm the content inspection rules are applied:

  1. From Fireware Web UI, select Dashboard > Traffic Monitor.
  2. Confirm that log messages similar to the ones in this image are visible.
  3. screenshot of firebox, traffic monitor