Connecting Google Workspace

This page includes:

• Connecting Google Workspace
  • About connecting Google Workspace email services
  • A bit more about the Google Workspace integration
  • Which users are protected
  • Email size limitations
  • The Google Workspace connection procedure
  • Flow chart diagram

About connecting Google Workspace email services

You can integrate FortiMail Workspace Security with Google Workspace. This enables FortiMail Workspace Security to protect incoming email to Google Workspace.

Integration with Google Workspace uses semi-inline integration - with no MX record change.

Note:  By default, the Google Workspace integration monitors incoming emails only - not outgoing emails. [Outbound monitoring can't be configured for Google Workspace.] By default, internal email is not monitored. To add monitoring for internal email, contact FortiMail Workspace Security Support [support@perception-point.io]. There may be additional licensing requirements for enabling internal scanning. You can't configure FortiMail Workspace Security to protect personal Gmail accounts. FortiMail Workspace Security is designed exclusively for enterprise platforms such as Google Workspace and Microsoft 365.

Important: Make sure that Google Workspace "comprehensive mail storage" is disabled before implementing an integration with Google Workspace. If "comprehensive mail storage" is enabled, Malicious emails may not be successfully quarantined. To disable Google Workspace "comprehensive mail storage": Go to your Google Workspace admin center > Google Workspace > Gmail > Compliance. Scroll down to Comprehensive mail storage, and then clear the "Ensure that a copy of all sent and received mail is stored in associated users' mailboxes" check box. For more information about Google Workspace "comprehensive mail storage", see the official documentation here.

A bit more about the Google Workspace integration

Onboarding process

• Customer onboarding involves adding the domain name and verifying a TXT record in the system.

• Configuring the required rules and expressions is done manually.

Email flow overview

• Inbound emails initially route through the Google servers for initial analysis by Google Security.

• Leveraging Content Compliance Rules, emails that meet specific criteria are redirected to the Perception Point scanner.

Scanning and response

• Clean: Emails that are assigned the clean verdict are sent back to the Google Workspace servers through the configured next-SMTP for final delivery.

• Spam: Emails that are assigned the spam verdict are given a "X-PERCEPTION-POINT-SPAM: FAIL" header.

  • In Google Workspace, the Message Tagging header-based system identifies the Perception Point Spam header and redirects the email to the Spam folder.

• Malicious: Emails that are assigned the malicious verdict do not return to the Google Workspace servers.

  • This proactive prevention stops the malicious emails from reaching the recipient's Inbox.

Which users are protected

Commercial installations

All users in the Google Workspace account will be included in the billing - it is not possible to bill for only a partial group of users. This is true for billing even if partial protection is configured. Partial protection and billing can be used for POC installations only. [See PoC installations below.] If partial protection is configured for an organization with a Commercial contract type, then billing will still be based on the number of licenses that are included in the Google Workspace account - not on the number of "partial protection" users.

PoC installations

It is possible to protect a partial group of users. When you onboard a Google Workspace email service for a PoC customer, you specify which users to protect. You can choose to protect: specific users specific user groups entire domains After onboarding Google Workspace for a PoC installation, you can modify the set of users to protect. For details, see Modifying the list of users to protect [Google Workspace] - PoC only.

Email size limitations

• FortiMail Workspace Security scans email messages up to a maximum size of 40 MB [including attachments]. Emails [including attachments] that are larger than 40 MB are not scanned by FortiMail Workspace Security - neither the email messages themselves, nor their attachments - and will be delivered "unscanned" to the specified recipients.

  Note: Due to external technical limitations, the 40 MB limitation can't be increased. We recommend that you limit receiving email attachments up to 30 MB in size. Files that are larger than 30 MB should be shared using a different file sharing service, such as Microsoft OneDrive or Google Drive.

The Google Workspace connection procedure

Perform the following procedure to integrate Google Workspace with FortiMail Workspace Security:

See the available video.

Flow chart diagram

See also: 

• FortiMail Workspace Security