Google Chrome search is not blocked by policy in transparent deployment
book
Article ID: 168626
calendar_today
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Policy is configured to block access to the entire Google domain. When an internal user tries to search using Microsoft Internet Explorer or Mozilla Firefox, the search is blocked, but when the user types a search string in the address bar in Google Chrome, the browser displays search results.
Cause
QUIC (Quick UDP Internet Connections, pronounced "quick") is an experimental transport layer network protocol developed by Google that supports a set of multiplexed connections between two endpoints over User Datagram Protocol (UDP).
When a search string is provided in the browser address bar, Chrome tries to send the request through UDP. The client side/proxy side PCAP shows UDP traffic and lines such as the following:
The appliance does not intercept UDP traffic in a transparent deployment, so the firewall must either allow or deny it; the appliance has no control over this connection.