Creating an add_hdr rule to allow Google enterprise gmail

Google provides a mechanism in the form of a custom header in the request, that allows Google to recognize and allow or block access to enterprise gmail and other Google Apps for Business.

To make Google's solution work for enterprise gmail:

In the Web Security module of the Forcepoint Security Manager, permit the category Internet Communication > General Email.

In the Content Gateway manager enable HTTPS (SSL decryption). If your site does not already use SSL support, acquaint yourself with the feature before enabling it.

In the Content Gateway manager, on the Configure > Security > Access Control page, open filter.config and create an add_hdr rule.


	Note The add_hdr rule type can be used with any site that uses a custom header-value pair to accomplish special handling.

Select add_hdr.

For Primary Destination Type select dest_domain.

For Primary Destination Value specify "mail.google.com".

In the Custom Header field, specify "X-GoogApps-Allowed-Domains".

In the Header Value field, specify your domain, or a list of domains separated by commas. For example: www.example1.com,www.example2.com

Optionally, in the Source IP field specify the source IP address or address range to which this rule will be applied. For example: 10.10.20.30 or 10.10.1.1-10.30.40.50.

Click Add to add the rule.

Click Apply to save all the changes, and then click Close to close the edit window.

When a user attempts to access Google services from an unauthorized account, Google displays a block page similar to this:

For Google's description of the filtering solution, see the article Block access to consumer accounts and services while allowing access to Google Apps for your organization.