search cancel

Google Chrome search is not blocked by policy in transparent deployment


Article ID: 168626


Updated On:


ProxySG Software - SGOS


Policy is configured to block access to the entire Google domain. When an internal user tries to search using Microsoft Internet Explorer or Mozilla Firefox, the search is blocked, but when the user types a search string in the address bar in Google Chrome, the browser displays search results.


QUIC (Quick UDP Internet Connections, pronounced "quick") is an experimental transport layer network protocol developed by Google that supports a set of multiplexed connections between two endpoints over User Datagram Protocol (UDP).

When a search string is provided in the browser address bar, Chrome tries to send the request through UDP. The client side/proxy side PCAP shows UDP traffic and lines such as the following:

1    0.002262           UDP           Source port: 55705  Destination port: https
2    0.050983           UDP           Source port: https  Destination port: 55705


The appliance does not intercept UDP traffic in a transparent deployment, so the firewall must either allow or deny it; the appliance has no control over this connection.
For more information about QUIC protocol, refer to