Articles in this section

See more

Symptoms of QUIC enabled on Google Chrome

Avatar
Joshua Prime
  • Updated
Follow

Overview

Umbrella customers who are using AnyConnect Secure Mobility Client + Secure Web Gateway (SWG) may find that they need to disable the QUIC protocol within their Google Chrome settings in order to avoid encountering issues such as Google related pages not displaying correctly, Youtube videos not loading as expected, or issues where application enforcement fails to apply.

You may see an error similar to the one in the screenshot below, for example.

image003__3_.png

Google Chrome uses QUIC to connect to all google services by default. As such all requests to google services via the Google Chrome browser use UDP instead of TCP. Therefore the AnyConnect Secure Mobility Client will not intercept these requests and therefore the proxy will not see them.

Currently a default Chrome installation is not fully supported for Google Products with SWG at this time. QUIC must be disabled. Application controls and page loads may not function as expected without disabling QUIC.

 

QUIC in Google Chrome

 

Symptoms of QUIC enabled on Google Chrome

  • Google sites may fail to load
  • SWG settings for Google sites may fail to apply
    • Application Control
    • Advanced Application Control (like uploads)
    • Policy enforcement

Disabling QUIC in Google Chrome

For more information on disabling QUIC on a managed device, see https://support.google.com/chrome/a/answer/7649838?hl=en. You can manually disable QUIC in Google Chrome using the Experimental QUIC protocol (#enable-quic) flag:

  1. In the address bar, type:  chrome://flags#enable-quic
  2. Set the Experimental QUIC protocol flag to Disabled
  3. Relaunch Chrome for the setting to take effect.

The following Windows registry key (or Mac/Linux preference) can be used to disable QUIC in Chrome, and can be enforced via GPO or equivalent:


Data type:

Boolean [Windows:REG_DWORD]

Windows registry location for Windows clients:

Software\Policies\Google\Chrome\QuicAllowed

Windows registry location for Google Chrome OS clients:

Software\Policies\Google\ChromeOS\QuicAllowed

Mac/Linux preference name:

QuicAllowed

Description:

If this policy is set to true (or not set), usage of QUIC is allowed. If the policy is set to false, usage of QUIC is not allowed.

Recommended value:

Windows: 0x00000000 , Linux: false, Mac: <false />

 

Blocking QUIC on your Firewall

You can also block QUIC protocol on the firewall – this will either be by blocking UDP 443 (via port) or blocking QUIC by application name (if the Firewall supports L7).  In both cases, you will need to allow Umbrella-related IP addresses from your firewall rules to facilitate encrypted DNS: Secure Web Gateway's IP List and Domains to Allow in Customer Firewalls.

Related articles

Comments

0 comments

Please sign in to leave a comment.