cancel
Showing results for 
Search instead for 
Did you mean: 
feickholt
Level 10

Does MWG intercept UDP Connections?

I setup a littel transparent testscrenario (mwg as transparent router)

Each connection to 80/443 is redirected to the proxy.

With I client I had the problem to intercept exisiting youtube connection.

I took some investigations and was very suprised that the youtube stream was delivered by ssl with UDP!!!!

This connection was not seen in any ruletrace / log. So I expect UDP will not be analyezed by the proxy.

Is there a way to force using TCP? Or to examine UDP also?

Frank

0 Kudos
5 Replies
feickholt
Level 10

Re: Does MWG intercept UDP Connections?

Ok. This seems to be related to QUIC which Youtube uses....

Google's QUIC protocol: moving the web from TCP to UDP

Will this be covered by the MWG?

0 Kudos
McAfee Employee

Re: Does MWG intercept UDP Connections?

Hello Frank,

QUIC isn't supported by the Web Gateway. It will start an encrypted tunnel on UDP were Web Gateway won't have the key for.

-Sergej

0 Kudos
feickholt
Level 10

Re: Does MWG intercept UDP Connections?

Is it possible to see QUIC In explicit environment? I think no - is this right?

(Another reason to prefer explicit proxies.... ?)

0 Kudos
McAfee Employee

Re: Does MWG intercept UDP Connections?

I cant remember had seen this by troubleshooting youtube in explicit proxy environment. I think google will have such a kind of fall back mechanist to continue on existing tunnel.

-Sergej

0 Kudos
feickholt
Level 10

Re: Does MWG intercept UDP Connections?

It looks like. I blocked port 443 for UDP and the connection switched back to normal SSL with TCP.

0 Kudos