I setup a littel transparent testscrenario (mwg as transparent router)
Each connection to 80/443 is redirected to the proxy.
With I client I had the problem to intercept exisiting youtube connection.
I took some investigations and was very suprised that the youtube stream was delivered by ssl with UDP!!!!
This connection was not seen in any ruletrace / log. So I expect UDP will not be analyezed by the proxy.
Is there a way to force using TCP? Or to examine UDP also?
QUIC isn't supported by the Web Gateway. It will start an encrypted tunnel on UDP were Web Gateway won't have the key for.
I cant remember had seen this by troubleshooting youtube in explicit proxy environment. I think google will have such a kind of fall back mechanist to continue on existing tunnel.