Unable to navigate to Google sites through Google Chrome

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to navigate to Google sites through Google Chrome

L0 Member

My users in the past few weeks have not been able to navigate to any Google sites through Google Chrome.  It started out to be one person and now every day I am getting new users.  This is only occurring at my Corporate office and the only thing in common is the Palo Alto.  The error they receive is ERR_CONNECTION_CLOSED.   It just says the site cannot be reached.   If I go out my other firewall (ASA) it works fine; however, moving everyone to the ASA is not an option.   I saw a recent article about the QUIC protocol and may attempt that change but wanted to see if anyone else has seen this error recently. 

 

Resolutions I have tried and failed:

 

1.  Resetting Chrome to default

2.  Re-installing Chrome on latest version

3.  Disabling QUIC in the Chrome Browser.

 

This is occurring on Win7 and Win10 machines, all with the latest version of Google Chrome.

 

Please help!!!

3 REPLIES 3

Community Team Member

Hi @msomerville99,

 

There's not a lot of info to work with but a possible reason for that error message might be an unsupported cipher suite.

I'm assuming you are decrypting traffic and this might be failing.

 

Check if this helps you to identify the failure :

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Identify-Root-Cause-for-SSL-Decrypti...

 

Note that with PAN-OS 7.1 we added more supported ciphers :

https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Articles/PAN-OS-7-1-Supported-ciphers/ta-p/71969

 

Cheers,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Kiwi,

 

   This issue just recently started occurring.   I do not have any decryption rules in place.   I pretty much am using this firewall only as an outbound firewall for Corporate users to get to the Internet.  Nothing the firewall itself has changed in the past 60 days due to our blackout period for changes.   However, this issue just all of a sudden started happening.   Does that help any?

Do you see anything being denied for google sites if you enable logging on your interzone-default rule? If you have already disabled QUIC then chrome should be using standard HTTP/HTTPS requests; Google itself isn't forcing QUIC on their sites so disabling it should have gotten rid of the issue. 

Also just to verify that they are only having issues getting to Google sites, no issues going to any other non-Google webpage? 

  • 4856 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!