Umbrella customers who are using AnyConnect Secure Mobility Client + Secure Web Gateway (SWG) may find that they need to disable the QUIC protocol within their Google Chrome settings in order to avoid encountering issues such as Google related pages not displaying correctly or Youtube videos not loading as expected or issues where application enforcement fails to apply.
You may see an error similar to the one in the screenshot below, for example.
Google Chrome uses QUIC to connect to all google services by default. This means all requests to google services via the Google Chrome browser use UDP instead of TCP. This means the AnyConnect Secure Mobility Client will not intercept these requests and therefore the proxy will not see them.
Therefore, at this time, a default Chrome installation is not fully supported for Google Products with SWG at this time. QUIC must be disabled. Application controls and page loads may not function as expected without disabling QUIC.
Symptoms of QUIC enabled on Google Chrome
- Google sites may fail to load
- SWG settings for Google sites may fail to apply
- Application Control
- Advanced Application Control (like uploads)
- Policy enforcement
Disabling QUIC in Google Chrome
For more information on disabling QUIC on a managed device, see https://support.google.com/chrome/a/answer/7649838?hl=en. You can manually disable QUIC in Google Chrome using the Experimental QUIC protocol (#enable-quic) flag:
- In the address bar, type: chrome://flags#enable-quic
- Set the Experimental QUIC protocol flag to Disabled
- Relaunch Chrome for the setting to take effect.
The following Windows registry key (or Mac/Linux preference) can be used to disable QUIC in Chrome, and can be enforced via GPO or equivalent:
Data type:
Boolean [Windows:REG_DWORD]
Windows registry location for Windows clients:
Software\Policies\Google\Chrome\QuicAllowed
Windows registry location for Google Chrome OS clients:
Software\Policies\Google\ChromeOS\QuicAllowed
Mac/Linux preference name:
QuicAllowed
Description:
Recommended value:
Windows: 0x00000000 , Linux: false, Mac: <false />
Comments
0 comments
Please sign in to leave a comment.