So, I inherited the current UTM 9 config and have been working on updating the definitions (some were out of date, some were no longer needed, etc). I found a large group called "Google Server Group" with the following entries:
accounts.google.com
apps.googleusercontent.com
clients3.google.com
docs.google.com
drive.google.com
gg.google.com
gmail.com
(Google Network 1-10) - these are IP ranges
google.com
googleapis.com
googlegroups.com
googleusercontent.com
lh3.google.com
lh4.google.com
lh5.google.com
lh6.google.com
mail.google.com
s.ytimg.com
spreadsheet.google.com
spreadsheets.google.com
ssl.gstatic.com
talk.google.com
video.google.com
www.google.com
www.googleapis.com
This group is under intrusion prevention exclusions. Is there any reason this would be necessary? We are heavy G Suite users, but I really don't trust content from the web unless I have to. Any input into issues with Google and IPS would be appreciated.
Thank you.
This thread was automatically locked due to age.
