Embed Size (px)
Citation preview
HTTPS inspection is not happening to most of the Google websites with Google Chrome browser!
Is anyone experienced?
Even after enabling the HTTPS inspection you are not able to see the certificate that you imported from the Gateway HTTPS inspection section.
Most of the Google sites are not blocking as per the rules defined?
Please have a look on the below screenshots for Google.com and facebook.com (even after importing the Gateway Certificate),
Have you noticed any difference in those 2 websites connection properties and the certificate section?
“Google websites (google.com) uses the QUIC protocol and the certificate issued by VeriSign not the gateway, while other websites like facebook.com uses the TLS v1.2 and uses the certificate from the gateway (www.gcase.com)”.
Google’s most awaited protocol QUIC:
QUIC is Google’s experimental, low-latency Internet transportation protocol over UDP, a protocol that is often used by gaming, streaming media and VoIP services. The name ‘QUIC’ stands for Quick UDP Internet Connection.
Google servers support QUIC. Google has also published a prototype server.Currently most of the Google sites are working on QUIC protocol.
Please refer the below links for more info,
Wikipedia: https://en.wikipedia.org/wiki/QUIC
Techcrunch: http://techcrunch.com/2015/04/18/google-wants-to-speed-up-the-web-with-its-quic-protocol/#.ik1x71:c1SG
Starting from 2015, most of the Google sites offer connection via QUIC protocol. Google Chrome supports it in latest version by default.
QUIC uses UDP port 80 and port 443 and often permits clients to bypass transparent proxies, in which Firewall feature such as web filtering may not work properly on Google Chrome only, but works perfectly on other browsers such as Internet Explorer or Mozilla Firefox.
Security Concerns:
Yes we have achieved the low-latency internet experience using QUIC, but as per the requirements like,
1. Blocking upload in Gmail
2. Users can able to access the already established Gmail sessions (or Google sessions) after entering to the company security environment.
So, we have to block the QUIC for the users for whom the customer wants the above or similar requirements to be applicable,
Create custom UDP 80 and UDP 443 and apply it in the firewall rule base.
Or
Select the QUIC protocol under Application and URL filtering section and block it.
Or
Disable Experimental QUIC protocol on Google Chrome browser (“tedious to check with every user”).This can be done by opening Google Chrome, in the URL type "chrome://flags". Look for Experimental QUIC protocol and disable it, as depicted in the below screenshot
Please send any feedback or suggestions in the same email thread!
Thank you!
