This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Unable to navigate to Google sites through Google Chrome

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unable to navigate to Google sites through Google Chrome

msomerville99
L0 Member

‎01-10-2017 03:58 PM

My users in the past few weeks have not been able to navigate to any Google sites through Google Chrome.  It started out to be one person and now every day I am getting new users.  This is only occurring at my Corporate office and the only thing in common is the Palo Alto.  The error they receive is ERR_CONNECTION_CLOSED.   It just says the site cannot be reached.   If I go out my other firewall (ASA) it works fine; however, moving everyone to the ASA is not an option.   I saw a recent article about the QUIC protocol and may attempt that change but wanted to see if anyone else has seen this error recently. 

 

Resolutions I have tried and failed:

 

1.  Resetting Chrome to default

2.  Re-installing Chrome on latest version

3.  Disabling QUIC in the Chrome Browser.

 

This is occurring on Win7 and Win10 machines, all with the latest version of Google Chrome.

 

Please help!!!

1 person had this problem.
0 Likes Likes
3 REPLIES 3

kiwi
Community Team Member

‎01-11-2017 01:25 AM

Hi @msomerville99,

 

There's not a lot of info to work with but a possible reason for that error message might be an unsupported cipher suite.

I'm assuming you are decrypting traffic and this might be failing.

 

Check if this helps you to identify the failure :

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Identify-Root-Cause-for-SSL-Decrypti...

 

Note that with PAN-OS 7.1 we added more supported ciphers :

https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Articles/PAN-OS-7-1-Supported-ciphers/ta-p/71969

 

Cheers,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

msomerville99
L0 Member
In response to kiwi

‎01-11-2017 06:22 AM

Kiwi,

 

   This issue just recently started occurring.   I do not have any decryption rules in place.   I pretty much am using this firewall only as an outbound firewall for Corporate users to get to the Internet.  Nothing the firewall itself has changed in the past 60 days due to our blackout period for changes.   However, this issue just all of a sudden started happening.   Does that help any?

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to msomerville99

‎01-11-2017 07:11 AM

Do you see anything being denied for google sites if you enable logging on your interzone-default rule? If you have already disabled QUIC then chrome should be using standard HTTP/HTTPS requests; Google itself isn't forcing QUIC on their sites so disabling it should have gotten rid of the issue. 

Also just to verify that they are only having issues getting to Google sites, no issues going to any other non-Google webpage? 

0 Likes Likes
  • 4719 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks