Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Florian_Heindl
Contributor

No Block Message on 1400 SMB - Appliances when accessing youtube.com

Hello,

 

currently I'm testing a combination of Application Control, URL - Filtering, HTTPS Inspection and Identity Awareness with Identity Agent as an alternative proxy system on 1400 SMB Appliances.

Most things work like a charme but I can see that any time I try to access https://www.youtube.com I don't get any block message if I want to block this access.

 

Instead I get error messages of the Browsers (Tested with IE, Firefox Chrome) like Trusted connection failed, PR_END_OF_FILE_ERROR or ERR_CONNECTION_CLOSED 

 

I don't understand this behaviour and I did only see this on 1400 SMB Appliances. 1500 Appliances and FullGaia R80.x - Systems don't have this issue.

 

Does anybody know what can be the root cause or should I create a TAC - Case?

0 Kudos
2 Replies
Pedro_Espindola
Advisor

For the block page to be shown the gateway needs to intercept the communication and reply with a redirect instruction to the browser.

For HTTPS pages, this can only be done if HTTPS Inspection is enabled, or else the communication is encrypted between the client and the youtube server and the HTTP header can't be modified. In this case, the only thing the gateway can do is send a reset to the client, rejecting the connection and causing the rejection error in the browser.

I don't know why this happens only in your 1400, this should be same behavior in all appliances, unless you have HTTPS Inspection enabled.

Also, remember that connections to youtube might use quic protocol (UDP/443) and this will not be inspected by https inspection. So you might have to block it for the connection to use https instead.

0 Kudos
Florian_Heindl
Contributor

Hello, quic protocol gets blocked. I also tried to unlock them but the Block Message won't be displayed.

I will open a TAC case for that and let you know what was the solution.
0 Kudos