How can I block a certain link?

If you are new to UTM, it is important to understand how UTM works.   Start by reading the articles and some of the other links that are referenced there.   They contain important information that is not in the manual.

Additionally, there is a lot of information about Chrome that is not well documented, which fortunately has been explored on this forum.   Chrome has a feature called QUIC which uses UDP 443 to provide faster browsing of https sites (when the server is also a Google system).   Chrome's attempt sequence is:

1. Try UDP 443 with the Standard Proxy (if configured)
2. Try UDP 443 ignoring the Standard Proxy
3. Try TCP 443 with the Standard Proxy (if configured)
4. Try TCP 443 ignoring the Standard Proxy

By default, the following result will occur:

1. UTM standard proxy blocks UDP 443.   UTM transparent proxy ignores UDP 443.   Either way the UTM Web Proxy is bypassed
2. UTM firewall allows UDP 443 (because you probably configured a default-allow rule for outbound traffic.

The solution is to block outbound UDP 443 using a firewall rule. 

It is possible to force UDP 443 through the Standard Proxy by adding UDP 443 to the Allowed Ports list, but Sophos has never said that they have tested UDP 443 with their web filter, so I prefer to block it completely.

With UDP 443 blocked at the firewall, Chrome will be forced to use TCP 443, which will be handled by either the Standard Mode or Transparent Mode web proxy.

This issue comes up a lot.   I just don't know how to post it so that people see it before they need it.

To prove to yourself that Doug's analysis and prescription is correct, search for that URL in the Web Filtering log.  I bet you'll find that it's not logged because the traffic is not being handled by the Proxy.

I'm more sanguine about adding UDP 443 to 'Allowed Target Services', but that only helps in Standard mode, so I would both add it and block UDP 443 for devices using the Proxy in Transparent.

Cheers -  Bob