Palo Alto Networks Knowledgebase: How to Filter Traffic Coming from Mobile Chrome with Bandwidth Management Enabled

How to Filter Traffic Coming from Mobile Chrome with Bandwidth Management Enabled

4201
Created On 02/07/19 23:55 PM - Last Updated 02/07/19 23:56 PM
URL Filtering
Resolution

Overview

When a user enables bandwidth management on mobile Chrome, the application establishes an SSL tunnel on port 80 to Google servers. Therefore, the requests made by the client cannot be filtered by Palo Alto Networks devices.

Resolution

In order to overcome this, the administrator can add check.googlezip.net/connect to the block list. With this in place, the mobile browser app will stop using encrypted tunnel and the Palo Alto Networks device will be able to filter the content.


To add the URL to block list:

  1. Go to Object > Security Profiles > URL Filtering
  2. Choose the applicable profile (the one that is used on security rule allowing traffic from mobile devices) and add the URL check.googlezip.net/connect to the Block List
    url_google.png

owner: rwelgarz



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClK6CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language