Issue
SonicWall Content Filter is setup to allow all web access during lunch break time, but block all non-work related websites for the rest of the day. Mostly this works as expected, but some users are able to access Youtube during work hours. This only affects users on Google Chrome browser. Users on Internet Explorer and Firefox are blocked from Youtube correctly as per schedule. What seems to be happening is that once a user accesses Youtube during lunch time, he or she can continue accessing Youtube indefinitely until browser cache is cleared. Restarting Google Chrome, or even computer itself doesn't seem to make any difference.
Resolution
After some research it appeared that the issue is caused by Google's experimental QUIC (Quick UDP Internet Connections) protocol that is used by Youtube and Google websites when browsing with Google Chrome browser.
Google has a short FAQ on why they use QUIC.
To view QUIC stats in Google Chrome enter following into the address bar: chrome://net-internals/#quic
To resolve the issue you have either disable or block QUIC. There are few ways this can be done (I used the first one, haven't tried others):
- In Google Chrome go to chrome://flags, find Experimental QUIC protocol and set it to Disabled.
This can also be done on multiple machines via Group Policy. - Block QUIC via SonicWall App Control (may require additional subscription).
- On network firewall Block UDP ports 80 and 443.
September 2017
SonicWall NSA 220
Google Chrome 61
