Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

CFS not working with Firefox and Chrome HTTPS

I have a TZ570 with a CFS license. I have imported our CA root to the firewall and enabled for the SSL-DPI. Enabled the forebined URIs for social media sites. Blocking is working on Edge, however most users are on Chrome and some on Firefox. Running latest firmware on the TZ.
Category: Mid Range Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @Chechler_2 did you blocked QUIC (udp/443)? Because this is used by some high-volume Sites and currently not handled by most of the Firewalls out there.

    Just create an Access Rule with a Priority of 1 from LAN to WAN dropping all Packets for a new manually created Service QUIC (udp/443). This only applies if you're not dropping unknown/unhandled Ports already.

    --Michael@BWC

Answers

  • Chechler_2Chechler_2 Newbie ✭

    Michael@BWC

    Thanks for the quick response. Your solution has solved the issue with Firefox and Chrome not supporting the blocked Social media sites


    --Cheers

  • Chechler_2Chechler_2 Newbie ✭

    Michael@BWC

    I sopke to soon.. I tested with Firefox and the site was blocked, however when I tried Chrome the social media site came up in the browser

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Chechler_2 did you tried on different Endpoints, cleared the Browser Cache or used the Incognito Mode in Google Chrome to avoid any caching issues?

    If it's working in Firefox I cannot see a reason why not in Chrome.

    --Michael@BWC

  • Chechler_2Chechler_2 Newbie ✭
    @BWC I found the issue, the new firewall rule to block UDP 443 had the source port blocked bs the destination
  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Chechler_2 hehe ... this is a tricky one, easy to be overlooked.

    --Michael@BWC

Sign In or Register to comment.