01-13-2017 01:42 AM - edited 03-12-2019 01:46 AM
Hi All,
Our company is trialing a proof of concept for Google G-Suite (Google Apps). Our security team have requested us to block access to G-suite so that only our company email domains can sign in and block personal Google accounts.
Google's solution is to add a http header to all packets going to google.com and specify which domains are allowed to sign in.
https://support.google.com/a/answer/1668854?hl=en
We currently have a Cisco ASA 5515 firewall. Does anyone know if this is possible on a Cisco ASA firewall and what steps are required?
Any help would be appreciated.
Thanks
Stuart
01-13-2017 07:38 AM
You cannot do that directly with an ASA. The Google-recommended solution might be possible with a Cisco Web Security Appliance.
A more apt solution from Cisco would be to look into the Cloudlock product.
01-13-2017 07:55 AM
Hi Marvin,
Thanks for the response. Do you now if there are any features which are part of the FirePOWER services which could do what Google recommend?
Thanks
Stuart
01-13-2017 07:58 AM
You can decrypt and inspect SSL payload with FirePOWER but I don't believe anything in FirePOWER allows you to insert or modify headers.
01-13-2017 08:15 AM
Ok, thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide