Cisco ASA - Block access to Google G-Suite consumer accounts

stuart.kirby1 · ‎01-13-2017

Hi All,

Our company is trialing a proof of concept for Google G-Suite (Google Apps). Our security team have requested us to block access to G-suite so that only our company email domains can sign in and block personal Google accounts.

Google's solution is to add a http header to all packets going to google.com and specify which domains are allowed to sign in.

https://support.google.com/a/answer/1668854?hl=en

We currently have a Cisco ASA 5515 firewall. Does anyone know if this is possible on a Cisco ASA firewall and what steps are required?

Any help would be appreciated.

Thanks

Stuart

Marvin Rhoads · ‎01-13-2017

You cannot do that directly with an ASA. The Google-recommended solution might be possible with a Cisco Web Security Appliance.

A more apt solution from Cisco would be to look into the Cloudlock product.

stuart.kirby1 · ‎01-13-2017

Hi Marvin,

Thanks for the response. Do you now if there are any features which are part of the FirePOWER services which could do what Google recommend?

Thanks

Stuart

Marvin Rhoads · ‎01-13-2017

You can decrypt and inspect SSL payload with FirePOWER but I don't believe anything in FirePOWER allows you to insert or modify headers.

stuart.kirby1 · ‎01-13-2017

Ok, thanks for your help.