Skip to main content

Configure GMail using Google Workspace for GravityZone Security for Email

Follow these procedure to integrate GravityZone Security for Email with Google Workspace Gmail, for inbound and outbound email delivery.:

To configure GravityZone Security for Email for use with Google Workspace follow the steps below:

Configuring Inbound Mail

  1. Go to Products > GravityZone Security for Email > Product Configuration.

  2. Go to Inbound Mail.

  3. Click the Add button emailsecadd.png to add a new delivery route.

  4. Select your Domain from the drop-down list.

  5. Under Cost set route priority to 5.

    The cost defines route priority for multiple routes.The lower the number, the higher the priority.

  6. Under Route enter the following: ASPMX.L.GOOGLE.COM

  7. Update to save changes.

  8. Repeat steps 3 to 7 to add the following routes and associated costs:

    ALT1.ASPMX.L.GOOGLE.COM with the cost of 10

    ALT2.ASPMX.L.GOOGLE.COM with the cost of 15

    ALT3.ASPMX.L.GOOGLE.COM with the cost of 20

    ALT4.ASPMX.L.GOOGLE.COM with the cost of 25

    The final routes should look similar to the ones in the screenshot below.

    gsuite_final_routes.png

Configuring Outbound Mail

  1. Go to Products > GravityZone Security for Email > Product Configuration.

  2. Go to Outbound Mail.

  3. Click the Add emailsecadd.png button.

  4. Under Hostname enter the following hostname:

    spf://_spf.google.com

  5. Update to save changes.

You should configure GMail using Google Workspace to block any inbound email that does not originate from the GravityZone Security for Email (EMS) product. However, you will need to do this via a two-step process. This section is split into two sections – prior MX record change and post MX record change.

Prior to changing MX records

Before changing MX records it is recommended that the GravityZone Security for Email IP addresses are added to the inbound gateway so that when MX records are changed all messages are not quarantined.

Note

You may already have inbound gateway entries listed. If this is the case you need to append the entries below to the existing list and then remove the existing entries once the MX records have been changed.

Follow the steps below:

  1. Login to the Google Workspace Admin Console with an administrators account.

  2. Click on the Menu button google_workspace_dots.PNG.

  3. Select Admin > Apps > Google Workspace.

  4. Click on GMail to take you to Settings for Gmail.

  5. Click on Advanced Settings at the bottom of the page.

  6. Scroll down to Spam, phishing, and malware and configure/edit the Inbound Gateways.

  7. Add a Name to the Inbound setting.

  8. Add the IP addresses for our service and click Save.

    The entries should look like this if using the EU servers:

    104340_1.png

    Note

    Ensure you do not check the Reject all mail not from gateway IPs box.

  9. At the bottom of the Advanced Settings page, click Save to apply the changes.

  10. Ensure that this configuration is replicated to Google Workspace before changing any MX records.

    Note

    It can take up to an hour for changes to propagate to user accounts for GMail using Google Workspace You can track changes in the Admin console audit log.

Post MX record change

Once MX records have been changed and replicated to the internet email should start flowing through the GravityZone Security for Email product. You can verify this via the GravityZone Security for Email Activity reports and charts.  You can also check this in the Google Workspace portal by following these steps:

  1. Login to the Google Workspace Admin Console with an administrators account.

  2. Click on the Menu button google_workspace_dots.PNG.

  3. Select Admin > Apps > Google Workpace.

  4. Click on GMail to take you to Settings for Gmail.

  5. Click on Setup.

  6. Check that the MX records match the below:

Additional Options

By default, Gmail using Google Workspace will still scan all emails for spam.  If you do not want Google Workspace to quarantine any of the messages, you can whitelist the GravityZone Security for Email service IP’s. To do this follow these steps:

  1. Login to the Google Workspace Admin Console with an administrators account.

  2. Click on the Menu button google_workspace_dots.PNG.

  3. Select Admin > Apps > Google Workpace.

  4. Click on GMail to take you to Settings for Gmail.

  5. Click on Advanced Settings at the bottom of the page.

  6. Scroll down to Spam, phishing, and malware and under Email whitelist add the GravityZone Security for Email service IP addresses:

    The entries should look like this if using the EU servers:

    104340_2.png
  7. At the bottom of the Advanced Settings page, click Save to apply the changes

Warning

If there are valid reasons for inbound messages to be delivered direct to Google Workspace the IP addresses of the sending servers should be added to the Inbound Gateways section prior to making this change. Failure to do so will block messages coming from those servers.

  1. Login to your Google Workspace Admin Console with an administrator account.

  2. Click on the Menu button google_workspace_dots.PNG.

  3. Select Admin > Apps > Google Workpace.

  4. Click on GMail to take you to Settings for Gmail.

  5. At the bottom of the page, click Advanced Settings.

  6. Go to Hosts > Add Route.

  7. Enter a Name for the route, such as GravityZone Security for Email Outbound.

  8. In the Specify email server select Multiple hosts.

  9. Add a primary entry for each of the outbound servers based on your region.

    • For US and ROW open ports 25 and 587 and add the following hosts:

      smtp1.us.scanscope.netsmtp2.us.scanscope.net
    • For EU open ports 25 and 587 and add the following hosts:

      smtp1.scanscope.netsmtp2.scanscope.net
      gsuite_ems_outbound.png
  10. Click Save.

  11. Navigate back to General settings > Routing > Routing section.

  12. Click Configure for routing.

    The Add settings option appears.

  13. Enter a Name for the rule, such as GravityZone Security for Email Outbound Rule.

  14. Under Messages to affect(section 1), select Outbound.

  15. Under For the above types of messages, do the following(section 3), select Change route.

  16. Change Normal routing to GravityZone Security for Email Outbound Rule, created above.

  17. (Optional)Under Encryption (onward delivery only), select Require Secure Transport (TLS).

  18. Click Add Settings or Save if you are editing an existing configuration.

  19. At the bottom of the Advanced Settings page, click Save to apply changes.

    Note

    It can take up to one hour for your settings to come into effect. You can track changes in the Admin console audit log.

  1. Login to the Google Workspace Admin Console with an administrators account.

  2. Click on the Menu button google_workspace_dots.PNG.

  3. Select Admin > Apps > Google Workpace.

  4. Click on GMail to take you to Settings for Gmail.

  5. Click on Hosts section.

  6. Click on the Add Route button.

  7. Give the route a Name like “Google Internal”.

  8. In the Specify Email server select Multiple hosts.

  9. Add a primary entry for each of the GMail Servers listed below:

    aspmx.l.google.com
    alt1.aspmx.l.google.com
    alt2.aspmx.l.google.com
    alt3.aspmx.l.google.com
    alt4.aspmx.l.google.com
    104340_3.png
  10. Click Save.

  11. Go to the General setting tab and scroll to the Routing setting in the Routing section.

  12. Click on Add Another for Routing. This will open up a new Add setting option.

  13. Enter a name like Internal Route.

  14. Select the checkbox for Internal – Sending  in Messages to affect.

  15. Select only affect specific envelope recipients and define a REGEX for your internal domain.

    104340_4.png

    Note

    For multiple domains you can add them into the regex in this format:

    .*@firstdomain\.com|.*@seconddomain\.co\.uk
  16. Select Change route in For the above types of messages, to do the following.

  17. Change the Normal routing to the one created above.

    104340_5.png
  18. Click on Show Options at the bottom of this page and Select Users and Groups” under Account types to affect:

    104340_6.png
  19. Click the Add Setting button, then click Save.

  20. At the bottom of the Advanced Settings page, click Save.

Note

Now all internal mail is routed directly to Google servers, and all other mail routes through the GravityZone Security for Email Outbound Gateway.

Video tutorials