Prohibit Gmail chat - InterScan Web Security Virtual Appliance

Blocking Gmail chat using InterScan Web Security Virtual Appliance (IWSVA)

- Updated:
- 24 Nov 2016
- Product/Version:
- InterScan Web Security Virtual Appliance 5.6
- InterScan Web Security Virtual Appliance 5.6
- InterScan Web Security Virtual Appliance 6.0
- InterScan Web Security Virtual Appliance 6.0
- InterScan Web Security Virtual Appliance 6.5
- InterScan Web Security Virtual Appliance 6.5
- Platform:
- N/A N/A

To block Gmail chat through IWSVA:

On the IWSVA console, enable HTTPS Decryption.
Under Communications and Search, select the Email category and save the policy.
Go to Application Control > Policies, select a policy and set the action to "Block" for the Instant Messaging > Google chat.
Access your Gmail account.
You will see the following error message when accessing Gmail chat:

Unable to reach Gmail. Please check your internet connection or company's network settings.

To see if IWSVA actually blocked Gmail chat traffic, check the IWSVA packet capture and http log (verbose mode).

The sample packet capture screenshot below shows a failed Gmail chat connection.

Note: Because the IWSVA deployment method used in this screenshot is transparent bridge mode, you could see that the client was directly connected to the IP address of Gmail chat.

The http log will show results similar to this:

2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> HTTP request -- method "CONNECT" version "1.1" URI "74.125.128.189:443"
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> HTTPS: connect: https://*.mail.google.com:443/ : will be decrypt policy chceck:category 5
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Evaluating HTTPS Decrypting policy, pid = [3] rid = [6]
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> CheckHTTPSDecryptPolicy: Categorization ID is 52
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> HTTPS decrypt for URL [https://*.mail.google.com:443/]
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Category is [52:Email]
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> HTTPS traffic will be decrypted after force handshake, pState->m_bRequestClientCert: 0, pCCache->m_bTunnelClientCertConnection: 1
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Resign client cert for: MD5_i15f4BISQnKPpFq8UbYTAA__ status modified
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> TmSecureHandler for site: (null) is to be created
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> TmSecureHandler: error code is get as 0
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> TmSecureHandler construtor created, socket [274]
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> TmSecureHandler: error code is get as 0
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Get client handler, client_handler = 0xe85f63c8.
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Shakehand, client_handler = 0xe85f63c8.
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> [274] HandleIO returned TRANSACTION_TERMINATED\n
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Close server connection [276]

Note: 74.125.128.189 is the IP address of chatenabled.mail.google.com.

Need More Help?

Blocking Gmail chat using InterScan Web Security Virtual Appliance (IWSVA)