How to Filter Traffic Coming from Mobile Chrome with Bandwidth Management Enabled
When a user enables bandwidth management on mobile Chrome, the application establishes an SSL tunnel on port 80 to Google servers. Therefore, the requests made by the client cannot be filtered by Palo Alto Networks devices.
In order to overcome this, the administrator can add check.googlezip.net/connect to the block list. With this in place, the mobile browser app will stop using encrypted tunnel and the Palo Alto Networks device will be able to filter the content.
To add the URL to block list:
- Go to Object > Security Profiles > URL Filtering
- Choose the applicable profile (the one that is used on security rule allowing traffic from mobile devices) and add the URL check.googlezip.net/connect to the Block List