Deny
Hi,
FB M400 12.11.2
Can anyone help why we get this deny error. We cannot have facebook to load all the images, we only get links and sometimes it does not load. We checked the firebox and not blocking is set. Users try using the desktop browser but only get links and not images and sometimes do not load.
2025-05-15 10:27:36 Deny XXX.XXX.XXX.XXX 35.190.80.1 https/udp 52868 443 Trusted INT XX.XX.XX Denied 1278 127 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148" flags="SR" duration="0" sent_pkts="1" rcvd_pkts="0" sent_bytes="1278" rcvd_bytes="0" geo_dst="USA" Traffic
Thanks!
0
Sign In to comment.
Comments
You don't have a policy allowing UDP 443 (QUIC) from XXX.XXX.XXX.XXX to 35.190.80.1
I would expect access to work even though this is being denied as the site can still be accessed via HTTPS TCP 443.
If you have a HTTPS proxy doing Inspect, then the associated HTTP proxy action on it may be stripping something that is needed by Facebook.
Hi @WGM
There is not a policy to handle that traffic. You've likely removed the default outgoing policy, and since this is UDP traffic, the proxies won't catch it.
Many customers choose to disallow HTTP and HTTPS over UDP as it does not get inspected by the HTTP/HTTPS proxies, so that may be why.
Your browser should automatically retry on HTTPS/TCP on port 443.
You can try disabling QUIC on your browser so it stops trying to do this. You can find directions to do this here:
(How to prevent connections from browsers that bypass WebBlocker and SafeSearch restrictions with QUIC protocol?)
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3dzSAA&lang=en_US
-James Carson
WatchGuard Customer Support
Thank you all! Looks like facebook fixed on their end.