This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Appliance v4.3.1.4 local site gmail policies not applying to Google Chrome

I am blocking most web based email by using local site list policies. Gmail policies are applying to IE and Firefox but are not applying to Chrome. How can I block gmail using policies in Chrome?



This thread was automatically locked due to age.
  • Difficult to answer that in a forum, there are many factors..  Whatever browser you are using does not affect the appliance's ability to police traffic. 

    that been said there are a bunch of things to check.

    #1 what is the deployment mode and what action do you get when you specifically enter proxy information 10.29.12.1 port 8080 click bypass local traffic.  If in bridged mode, is the ip in the exclusions list?

    #2 do you meet the authentication requirements? https://community.sophos.com/kb/en-us/126599

    #3 do you have a bypass for the browser's user agent string or site its self?

    #4 export the sophos_log and check the log entries for act -1 or reason codes ..  http://wsa.sophos.com/docs/wsa/webhelp/index.html#swa/concepts/InterpretingLogFiles.html

    as well verify the traffic is making it from your workstation to the appliance. 

    #5 HTTPS scanning is required to police policy on any HTTPS site.. you must install the appliances root certificate into the browsers.

     

    If you're still having issues past this, I would call support and do some live monitoring.

  • One other possibility - especially since the problem only exists when using Chrome - is that Chrome is likely using the QUIC protocol to connect to Google. This protocol uses UDP packets to port 443 instead of TCP and is not currently supported by Sophos Web Appliance.

    The recommended workaround in this situation is to block outbound UDP packets to port 80 or port 443 using your network firewall. This will force Chrome to switch back to using regular HTTP/HTTPS.