This is a weird phenomenon I noticed today: even though Social Networking Sub-category is set to "block" on Web Filter, users who use Google Chrome still have access to it.
I tried with Firefox and Opera and Web Filter works properly.
Changing my settings to use Explicit proxy, I can get it to block facebook with no problems. But if I apply my Web Filter Profile to the ACL, facebook bypasses the Web Filter.
I even blocked everything on my Web Filter profile, added a wildcard filter, etc., it didn't work with facebook.
My firmware is v5.4.8, build 1183 running on a FG30E.
I tried with another firmware version (v5.2.10, build 742) on another appliance (FG500D) and WebFilter is working properly. Can someone else confirm the issue with v5.4.8, build 1183?
My real concern is that the appliance is in production and I can't upgrade without being sure that it will solve the issue.
Any ideas?
Best Answer
Are you allowing QUIC access to the internet? Chrome uses a new protocol to speed TLS connections called QUIC which uses UDP ports 80 and 443. The 5.6 firmware has a setting in the "Proxy Options" to handle it, but in previous versions, you may need to block it?