HTTP2 sites access using Chrome browser fails with Edge SWG. User will see either "Access Denied" or captchas will be triggered from OCS. This issue is observed by websites hosted on Cloudflare.
SGOS is reordering the HTTP/2 pseudo header. Some of the websites are triggering some extra security checks.
This issue will be addressed in future SGOS release. Please use one of the following workaround:
<proxy> url.domain="www.testsite.com" detect_protocol(none)
This workaround will disable the SSL interception and policies will not apply.
<proxy> client.connection.ssl_server_name.substring=testsite.com http2.client.accept(no) http2.server.request(no)
This workaround will selectively disable HTTP/2 on the proxy for just the specific site. This will downgrade the browser connections to HTTP/1.1 . However, you can still do the SSL interception and policy evaluation.
Please follow the article: https://knowledge.broadcom.com/external/article/174021/support-of-http2-by-proxysg-or-advanced.html
Note: This issue is fixed in SGOS 7.3.10.