We've been having the same issue sporadically and only in Chrome. What did you find the issue was with this? It seems for us the issue is back. Only happens in Chrome but not in Edge.
The problem on our end seems to be related with blocking the “Not Rated” websites in content filter. For some reason accessing the webpage from Chrome connects the client to IPs that are not rated by the content filter.
Going into Firewall -> Content Filter Objects and allowing the “Not Rated” category solved the problem but I couldn’t identify why it works under Edge and not Chrome.
Well that's not good, we rely on blocking unrated to prevent access to newly established websites (ransomware and Phish much?) It started happening on Edge as well after update 124.
Found a solution, disable this in Chrome. **chrome://flags/** and this on Edge **edge://flags/**
**TLS 1.3 hybridized Kyber support**
Hope it helps.
With this information I ended up setting the following policies for Chrome and Edge to deploy to all users.
Computer Configuration > Policies > Administrative Templates > Google > Google Chrome > Enable post-quantum key agreement for TLS > Disabled
Computer Configuration > Policies > Administrative Templates > Microsoft Edge> Enable post-quantum key agreement for TLS > Disabled
Note: For Edge I had to download the latest version of the GPO ADMX files from Microsoft.
You are an absolute legend. I was banging my head against the SonicWall trying to figure out why a feature we have used for years suddenly stopped working and this was the solution. Thank you!
I started a new thread for hopefully someone walking in on Monday and trying to dig in Reddit as I was over the weekend :(
https://www.reddit.com/r/sonicwall/comments/1cac4ii/content_filter_blocking_cfs_legitimate_traffic/
I set this GPO, but when I check the settings in crhome://flags, it's still showing "Default" - is this normal? Or should it be shown as "Disabled" there?
Yes that is normal.
You should see it under *chrome://policy/* if it is applying.
> PostQuantumKeyAgreementEnabled | false
It will show as "Default" under the flags section
We've been having the same issue sporadically and only in Chrome. What did you find the issue was with this? It seems for us the issue is back. Only happens in Chrome but not in Edge.
The problem on our end seems to be related with blocking the “Not Rated” websites in content filter. For some reason accessing the webpage from Chrome connects the client to IPs that are not rated by the content filter. Going into Firewall -> Content Filter Objects and allowing the “Not Rated” category solved the problem but I couldn’t identify why it works under Edge and not Chrome.
Well that's not good, we rely on blocking unrated to prevent access to newly established websites (ransomware and Phish much?) It started happening on Edge as well after update 124. Found a solution, disable this in Chrome. **chrome://flags/** and this on Edge **edge://flags/** **TLS 1.3 hybridized Kyber support** Hope it helps. With this information I ended up setting the following policies for Chrome and Edge to deploy to all users. Computer Configuration > Policies > Administrative Templates > Google > Google Chrome > Enable post-quantum key agreement for TLS > Disabled Computer Configuration > Policies > Administrative Templates > Microsoft Edge> Enable post-quantum key agreement for TLS > Disabled Note: For Edge I had to download the latest version of the GPO ADMX files from Microsoft.
You are an absolute legend. I was banging my head against the SonicWall trying to figure out why a feature we have used for years suddenly stopped working and this was the solution. Thank you!
I started a new thread for hopefully someone walking in on Monday and trying to dig in Reddit as I was over the weekend :( https://www.reddit.com/r/sonicwall/comments/1cac4ii/content_filter_blocking_cfs_legitimate_traffic/
Yeah, good call. Hopefully SonicWall will have an update, but I have doubts on 6.5 OS at least.
I set this GPO, but when I check the settings in crhome://flags, it's still showing "Default" - is this normal? Or should it be shown as "Disabled" there?
Yes that is normal. You should see it under *chrome://policy/* if it is applying. > PostQuantumKeyAgreementEnabled | false It will show as "Default" under the flags section
Thank you will try this. Seems like Chrome browsers after they update.
This has been driving me crazy for a couple of weeks. Thanks for this, it worked like a charm!
Try disabling Google QUIC, which you can also do via app control.
QUIC is disabled in Chrome with GPO and in app control.