10-18-2016 07:35 AM
Hi,
chrome version 54.0.2840.59m if unknown-udp is blocked - google is not working
Any idea ?
Thanks
10-18-2016 10:17 AM
Chrome uses quic by default that runs over udp.
Probably they changed the behaviour and Palo AppID does not match any more.
Temporary workaround might be to disable quic in Chrome.
You can't decypt quic anyway so you loose visibility when users access Google services with Chrome so disabling it might be good idea anyway.
https://www.google.ee/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=chrome%20disable%20quic
10-18-2016 08:53 AM
@PanIst I can't reproduce the issue on my 3020. Did you recently install a new applications and threats update? I'm still on 621 until this evening and everything is working perfectly on 54.0.2840.59 m.
10-18-2016 09:00 AM
Hi,
please use a deny rule for unknown-udp at top and app-id is 623
Tried with 3 paloalto(vm,5050 and pa200) same issue
Regards
10-18-2016 09:43 AM
app-id version is not ipmportant.Tried with 614 and it is same.
10-18-2016 09:48 AM
@PanIst I'm not seeing the same issue; traffic is being identified correctly and nothing is getting denied because of the Chrome update.
10-18-2016 09:53 AM
I'm sorry but there must be something different at your side.We replicated it on 3 different customer.Thanks
10-18-2016 10:17 AM
Chrome uses quic by default that runs over udp.
Probably they changed the behaviour and Palo AppID does not match any more.
Temporary workaround might be to disable quic in Chrome.
You can't decypt quic anyway so you loose visibility when users access Google services with Chrome so disabling it might be good idea anyway.
https://www.google.ee/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=chrome%20disable%20quic
10-20-2016 01:48 AM
Had the same issue, Palo TAC advises that the content team is working to resolve the issue. Watch this space for an emergency release.
10-21-2016 02:52 AM
Version 625
Notes:
With the most recent version of the browser Chrome, Google updated their experimental protocol QUIC, which caused the "quic" App-ID to be misidentified as "unknown-udp". With this content update, Palo Alto Networks is releasing additional coverage for the "quic" App-ID to include the changes made by Google.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
