Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 12391 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[solved] www.googleadservices.com hidden from proxy (unable to filter)

dirkkotte

Hello everybody,
I watch some incomprehensible things.
On some PCs (home PCs) www.googleadservices.com Pages that pass through my proxy (should be blocked) when using Google Chrome. issuing CA is from google.
When using FireFox the page is blocked and i see my Proxy-CA as issuing CA.
I can't see a single line from the passed googleadservices traffic in the proxy log.
This not occur, if i use my corporate device with google chrome.

Is there a new way to pass proxy or simple an encryption where SG is unable to decrypt?



This thread was automatically locked due to age.
  • +1

    Have you blocked UDP 443 with a firewall rule?   If not, please do.  It is probably the solution your problem.

    Google's normal behavior tries to use their QUIC protocol (UDP 443) first, which has the effect of bypassing the proxy:

    This is there connection sequence, which I determined through experimentation:

    1. Try UDP 443 through the Standard proxy (Standard Mode will block it as a non-allowed target)
    2. Try UDP 443 bypassing the Standard proxy (Transparent Mode only examines TCP 80 and 443, so the packet is allowed unless a firewall block is in place.)
    3. Try TCP 443 through the Standard proxy (Standard Mode will filter the packet)
    4. Try TCP 443 bypassing the standard proxy  (Transparent Mode will filter the packet.)

    If you are not using Standard Mode, then only steps 2 and 4 apply, but the issue is the same.  You have to block UDP 443 as a firewall rule.

    Note:  Do not configure UDP 443 as a standard mode allowed target, as this not an appropriate workaround.  This configuration will cause the Standard Mode proxy to handle the traffic, but Sophos has told me that traffic will not be properly filtered.

  • 0 in reply to DouglasFoster

    Is this rule all that's necessary? And Reject? Using Transparent Mode Web Filtering.

  • 0 in reply to James Grafe

    No need-for port UDP 80.   QUIC is for https only

    Destination should be ANY, not WAN network  WAN network is only 9th be local subnet on th he WAN iknterface.

    If your internal network has multiple subnets, you will need to define an object that includes all subnets.

Unfiltered HTML