On our wireless network, I need to whitelist gmail. Normally web mail is blocked for lower level employees, however it is correctly allowed for IT and Executive Management.
Now on the wireless it's done by IP range. I have the IP's added to an access policy that does not require authentication, because lots of wireless devices can't use NTLM auth (iphones/ android phones / ipad / etc..). This is tied into our IT access policy which DOES NOT BLOCK GMAIL. However on an iphone or ipad for example, when you click the mail icon, you always see:
Cannot get mail
The mail server "imap.gmail.com" is not responding. Verify that you have entered the correct account info in Mail settings". If it's an iphone, and you turn off wireless, it instantly works (from going through AT&T instead of our WLAN).
So I do a trace to imap.gmail.com as the IP address of a device in question and I get this:
-
User Information User Name: None Group Membership: None User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2 Custom URL Category: IT Allowed Policy Match IronPort Data Security policy: None Decryption policy: None Routing policy: Global Routing Policy Identity policy: servers_needing_downloads Access policy: Information_Technology Final Result Request blocked Details: ERR_GATEWAY Trace session complete |
-
What is ERR_GATEWAY? If there is an issue, why can gmail be accessed on a desktop PC on a person that also applies to that identity policy?
I have no idea why this is blocking. In the IT Allowed URL category I have these:
.gmail.com, imap.gmail.com, .google.com
You see it's hitting on that policy because in the trace it says IT Allowed. It's also hitting on the Identity policy servers_needing_downloads, which is basically an all open policy to allow servers to contact update services, or webex/go2meeting for support and other things.
Any ideas?
