Cannot reach google.com when Protocol restrictions feature is enabled.
search cancel

Cannot reach google.com when Protocol restrictions feature is enabled.

book

Article ID: 380353

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Customer is setting up his Cloud SWG tenant and once using Google Safe search policy and the Protocol Restrictions feature the google.com website is not reachable.

Along with that, there are other features enabled like DNS Proxy, CFS.

 

Environment

Cloud SWG

Google Safe search

Proxy Restrictions

CFS

DNS Proxy

 

Cause

When Safe Search is enabled we force the user to use CNAME "forcesafesearch.google.com" to resolve google.com and this will resolve to "216.239.38.120"

Part of the Safe Search policy will disable Protocol Detection for the IP "216.239.38.120". When protocol detection is disabled, the SG is unable to detect the protocol used by the browser therefore it will match the Proxy Restriction (Web Protocols Only) policy and block the request.

Resolution

Temporary workaround is to put google.com into the DNS Proxy exemptions and permanent fix is on it's way.