Know how to add access filters that identify and control HTTP web traffic related to G Suite, and apply them to cloud access rules.
This feature is not available for the Standard license. To use this feature, purchase an Advanced license, or you can purchase an add-on license to upgrade your service to the Advanced (Standard plus add-on) license.
Before adding any configurations under G Suite Cloud Access Filter, please make sure to set the following configurations:
- Navigate to Policies tab. Under HTTPS Inspection > HTTPS Tunnels Exception list, add the domain/service used for G Suite (e.g. mail.google.com, drive.google.com).
Click Save.The reason for adding such URLs in HTTPS Tunnels exception is that when URLs are automatically placed in Tunneled Domains List, it will bypass the filters and it will bypass the Cloud Service Filter.
- Go to Policies tab. Under Approved/Blocked URLs, make sure that domains used by G Suite are not listed in either Approved URLs or Blocked URLs (e.g. mail.google.com, drive.google.com).
- Go to Administration tab. Under Service Deployment, select PAC Files. Select the default PAC file or the PAC file in use and verify if Google domain(s) are included under "Bypass proxy for these hosts & domains". If yes, delete them from the list.
The reason for removing related URLs used in Cloud Service Filters is that if these URLs are listed on the Skip Hosts, PAC script will instruct the browser to access such URLs directly, bypassing the proxy. This only applies if you are using PAC file.
- After these settings are configured, go to Policies > Cloud Service Filters and select G Suite access filter. Under URLs, add the URL for the specific service under G Suite. Under Actions on Header, add your G Suite domain under Value.
- Go to Cloud Access Rules. Open a particular rule that you will use. Under Cloud Services, select G Suite access filter you configured earlier.
Under Action, select Allow.
For more information, refer to the G Suite Admin Help article, Block access to consumer accounts.