This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering Not Working in Chrome Unless Using Internet Explorer Initially

We've got an issue on our UTM 9.602-3, whereby we have we filtering rules that do not get applied in Chrome, unless we access the require site in IE first.  For example, we have Youtube.com blocked in our base policy but then we have a "Staff" policy that allows it if in the staff AD group.  When accessing Youtube using Chrome, it gets blocked by the base policy, which is not how it should be.  If we then access Youtube in Internet Explorer, it correctly allows it, as per the Staff policy.  If we then go back into Chrome, Youtube is then allowed.  Interestingly, when we initiall try and access in Chrome, there doesn't seem to be any valid entries in the web filtering log but then once we access in IE, the log is then populated.

I've blocked the quick protocol in our firewall, so I don't think it's to do with that.

Can anyone offer any advice?

Thanks



This thread was automatically locked due to age.
Parents
  • Show us the two lines you see in the Web Filtering log when YouTube is blocked and then later when it's allowed.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Show us the two lines you see in the Web Filtering log when YouTube is blocked and then later when it's allowed.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • That's part of the issue, Bob - there are no entries in the log when it's blocked.  Log entries only start appearing once accessing via Internet Explorer (when it isn't blocked).

  • Before doing a packet capture, what does doing #1 in Rulz (last updated 2019-04-17) tell you about the blocked attempt?  Also, post a picture of the Edit of the firewall rule that should block QUIC.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    I'm not seeing anything in the intrusion prevention, firewall, or application control logs relating to this.  I've tried disabling intrustion prevention but that makes no difference.  I've attached my firewall rule that blocks QUIC - this does seem to be doing so, according to the firewall logs.

     

     

  • After investigation, I believe that this issue is due to the limitations of transparent mode with AD SSO.  The red herring with Internet Explorer I think is that its home page is a non https page, which I think will result in authentication taking place, whereas the Chrome startup page is https, resulting in authentication not occurring and thus the UTM falls back to the base web filtering policy.

    Am i correct in thinking that once Internet Explorer authenticates, that Chrome will use this?  That's the only explanation that I can conclude from what I'm seeing.

    The workaround I'm using is to set Chrome to open up a non-https site when it starts up - this seems to have the desired effect and the policies then seem to work as they should.

    The other option might be STAS - would this generally be a better option for domain machines when using AD SSO in transparent mode?