Blocking Google access for consumer accounts


In this recipe, you will block access to Google services for consumer accounts, while allowing access for corporate accounts.

If your organization has set up a Google corporate account to be able to use Google services, such as Gmail and Google Docs, this recipe can be used to block users from accessing those services with their own personal accounts. In this example, a corporate account has been created that uses the domain

1. Editing the default web filter profile to restrict Google access

Go to Security Profiles > Web Filter and edit the default profile.

Make sure that Inspection Mode is set to Proxy. Under Proxy Options, select Restrict Google Account Usage to Specific Domains.

Select Create New in the list that appears and add an entry for the domains for your Corporate Google accounts (in the example,


Due to a known issue, if you are running FortiOS 5.2.2, this feature can only be configured using the CLI.

The commands shown on the right will duplicate the web filter profile created in the above GUI steps.

See the Security Profiles handbook for FortiOS 5.2 for more details about this feature.

config web-proxy profile
   edit restrict-google-accounts-1
     config headers
       edit 1
         set name X-GoogApps-Allowed-Domains
         set content

config webfilter urlfilter
   edit 1
     set name default
     config entries
       edit 1
         set url *
         set type wildcard
         set action allow
         set web-proxy-profile restrict-google-accounts-1

config webfilter profile
   edit default
     config web
       set urlfilter-table 1

2. Adding the profile to your Internet-access policy

Go to Policy & Objects > Policy > IPv4 and edit the policy that allows connections from the internal network to the Internet.

Enable Web Filter and set it to use the default profile. Doing this will automatically enable SSL/SSH Inspection. Set this to use the deep-inspection profile.


3. Results

Log in to Google using a personal account. After you are authenticated, attempt to access a Google service, such as Gmail or Google Drive.

A message appears from Google stating that the service is not available.


Sign out of the personal account and instead use your corporate account (in the example,

You can now access the Google service.


For further reading, check out Web filter in the FortiOS 5.2 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
Using the deep-inspection profile may cause certificate errors. For information about avoiding this, see Preventing certificate warnings.