Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: How to restrict Gmail access to a custom domain

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Overview

This Recommended Read explains how to block Gmail except for a certain Google domain. Users can no longer access their private Gmail accounts and only log onto Gmail for a custom domain.

This applies to the following Sophos products and versions:

Sophos Firewall [SFOS v19.0 & v19.5]. The following sections are covered:

Add a firewall rule

1. Navigate to PROTECT>Rules and Policies
2. Click the +Add Firewall rule or edit an existing one.

3. Ensure that under the Security features, the options "use web proxy instead of DPI engine" and "Decrypt HTTPS during web proxy filtering" are turned on and that a web Policy is in use, as illustrated in the screenshot below.

Note: This rule can be applied to any existing policy; admins don’t need to create a new policy. Because this feature is compatible only with web proxy, we have enabled "Use web proxy instead of DPI engine" in the firewall rule and "Decrypt HTTPS during web proxy filtering," as Gmail is an HTTPS-based website.

Reference - The new DPI Engine for web proxy explained.

Allow Custom Google Domain

1. Navigate to Web > Policies.
2. Edit the web policy used in the firewall rule above.
3. Open the Advanced Settings option at the bottom of the policy edit screen.
4. Enable Restrict login domains for Google Apps by checking the box.


5. Next, Enter the domain(s) to be allowed to access GoogleApps in the "Allowed domain(s)"
6. More information regarding “Add a web policy” & “Add a rule to a web policy.

Note: Certificate Authority must be installed in the user's computers to avoid certificate warnings.

I hope this Recommended Read has helped you achieve your requirements




Grammar
[edited by: Raphael Alganes at 2:42 PM (GMT -8) on 8 Nov 2024]