Update of google chrome is geeting block in firewall through application control. In logs we didn't get a prevention logs also I found update for google chrome is allowed in application control setting.
Please navigate to MANAGE | Log | Log settings and disabled the log events for App control Detection alerts as below.
Also, make sure that the App control Prevention alerts are enabled with log redundancy value set to 0.
You should be then able to see the signature that is blocking the update for Google Chrome.
Also, feel free to perform packet capture for the source IP from where you are testing using the packet capture tool to make sure there is no other security feature interfering. You can check for dropped packets to confirm the same.
To Add to the above information, Can you please check the App rules on the Sonicwall and policies if you have any that would be blocking the Chrome updates ?
What is the drop reason that you see on packet capture? It could be either CFS or App control. When packets are dropped by CFS it tells 'Enforced Content Filter Policy' and 'IDP detection' for App control.
Could you please try to perform a packet capture so that we can narrow down which security service might be an issue?
I would suggest looking for logs using the source IP field. There might be a different App control signature causing this.
We have a lot of Google related signatures. Can you filter the logs for the source IP you are testing from and look for all App control prevention alerts.
I would agree with @shiprasahu93 . Please enable the logging under the App control and filter the logs for the source IP of the machine and set the log redundancy to 0 for App control prevention category and then monitor it.
Answers
Hello @Darshil,
Please navigate to MANAGE | Log | Log settings and disabled the log events for App control Detection alerts as below.
Also, make sure that the App control Prevention alerts are enabled with log redundancy value set to 0.
You should be then able to see the signature that is blocking the update for Google Chrome.
Also, feel free to perform packet capture for the source IP from where you are testing using the packet capture tool to make sure there is no other security feature interfering. You can check for dropped packets to confirm the same.
If you still need further help, let us know!
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi @Darshil ,
To Add to the above information, Can you please check the App rules on the Sonicwall and policies if you have any that would be blocking the Chrome updates ?
Thanks
Nevyaditha P
Technical Support Advisor, Premier Services
@shiprasahu93 I already did that but havent found any signature related to google chrome blocking.
@Nevyaditha No app rule policy is configured in firewall. we only do blocking via app control and cfs.
Hi @Darshil,
Can you confirm if these signatures ID "11819 and 14146" on App Control are enabled or disabled ?
Also as a workaround, can you add a IP address to the App control exclusion and check if the chrome updates is working or not ?
Nevyaditha P
Technical Support Advisor, Premier Services
@Darshil,
What is the drop reason that you see on packet capture? It could be either CFS or App control. When packets are dropped by CFS it tells 'Enforced Content Filter Policy' and 'IDP detection' for App control.
Could you please try to perform a packet capture so that we can narrow down which security service might be an issue?
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@Nevyaditha I will check by tomorrow whether signature you given i disable or not.
Yes we tested by excluding IP address in app control, its works fine after excluding from app control.
@shiprasahu93 we were getting drop code"IDP detection" in packet capture.
@Darshil ,
Please verify and keep us updated as how it goes.
Nevyaditha P
Technical Support Advisor, Premier Services
@Nevyaditha we checked and found both the signataure is disable in our firewall.
@Darshil,
I would suggest looking for logs using the source IP field. There might be a different App control signature causing this.
We have a lot of Google related signatures. Can you filter the logs for the source IP you are testing from and look for all App control prevention alerts.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@Darshil ,
I would agree with @shiprasahu93 . Please enable the logging under the App control and filter the logs for the source IP of the machine and set the log redundancy to 0 for App control prevention category and then monitor it.
Nevyaditha P
Technical Support Advisor, Premier Services
Hi @Darshil ,
Please check the below KB on how to filter the Logs:
Please filter the logs for the App control Prevention category and find the signature that is blocking the Chrome update.
Thanks!!
Nevyaditha P
Technical Support Advisor, Premier Services