Google Maps

Firebox M270 with Fireware 12.5.1, Firefox 75

I'm having a problem with HTTPS Proxy on Google Maps. Searching for an address on maps yields nothing. Google Maps site just gives me nothing but a map that shows my approximate area. It is supposed to show me the address.

I have added an exception (*.google.com - pattern match) to bypass content inspection so all traffic to *.google.com is allowed without content inspection but it is still not searching for an address.

If I use HTTPS packet filter, I can search for an address and maps works normally. It shows me the location of the address I'm searching for.

What could be wrong?

Comments

  • Using what web browser?

    I don't have this issue. I mainly use Firefox.
    I do block QUIC - so that Chrome will use HTTPS.

  • edited May 2020

    Also, there are other domains which are used, including maps.gstatic.com.

    Most likely your issue is with things being denied by the HTTP proxy action used on the HTTPS proxy.
    I don't deny any Content Types on mine.

    Enabling Logging on your HTTP proxy action will likely show you your issue.

  • Strange... Edge browser has no problem searching for addresses and driving directions. Firefox 75 can't search for an address or driving direction. I have not tried clearing Firefox cache. Sometimes clearing cache helps.

    How do I block QUIC?

  • Never mind. I found the article:
    https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000k9gSKAQ&lang=en_US

    We don't use Chrome browser at the office. Do Firefox and Edge use QUIC?

  • edited May 2020

    Clearing Firefox (cookie, cache, active logins, form & search history, site preferences, offline website data - time range to clear: Everything) did not resolve the problem. I still can't search for an address. Firefox does not give me any result after clicking search.

  • edited May 2020

    Adding maps.gstatic.com to the bypass https inspection resolves Firefox problem. I can now use Firefox to search for addresses and directions.

  • Have you set Firefox to use the local computer certificate store and have you imported the Fireware HTTPS Proxy cert to the local computer cert store? IE, Edge, and Chrome all use the local computer cert store, while Firefox defaults to its own cert store and has to be set manually or via Mozilla group policy templates (Import Enterprise Roots = Enabled) to use the computer's local cert store.

    Gregg Hill

  • Yes to all of your questions. I wouldn't be able to browse https sites without those settings taken care of. security.enterprise_roots.enabled = Yes. It wasn't about not being able to access google maps. I just could not search. Problem is fixed now by adding maps.gstatic.com to bypass https content inspection.

  • Again I believe the root cause of the problem is related to things in the HTTP proxy action which are being denied and not logged, so it is not obvious as to the cause.

  • edited May 2020

    I believe that is the case. What do you make of these?

    (Type: Diagnostic)

    {B}: Accept SSL Error [ret 0 | SSL err 0 | Peer closed the channel] Domain: maps.gstatic.com PFS: ALLOWED | ALLOWED
    pri=3
    proc_id=pxy
    msg_id=


    {B} | 54: 68.166.235.67:60718 -> 216.58.217.195:443 [B t] {X}[]: Connection closing on SSL failure (Domain: maps.gstatic.com)
    pri=3
    proc_id=https-proxy
    msg_id=

  • I see those periodically
    The don't seem to have an impact to whatever I am looking at.

  • edited May 2020

    Correction

    The original Google Maps problem is still there. I can't search for an address or get driving directions.

    Whatever I did earlier to use https packet filter (instead of https proxy) must have fixed the problem. Whatever packets that were dropped or denied when using https proxy must have gone thru with the filter.

    When I switched back to https proxy, I can continue to search Google Maps without any issue. It wasn't maps.gstatic.com exception that allows me to search.

  • I cleared Firefox cache on my PC and retried. I can't search on Google Maps. I was able to search before clearing the cache.

    This gets logged:

    2020-05-07 15:37:16 Deny 192.168.0.86 54.69.215.10 https/tcp 63789 443 1-Trusted 0-External ProxyDeny: HTTP Invalid Request-Line format (HTTPS-proxy-00) HTTP-Client.Standard.1 proc_id="http-proxy" rc="595" msg_id="1AFF-0005" proxy_act="HTTP-Client.Standard.1" line="\x81\xfe\x00\x99r\xa63\xe1\x09\x84^\x84\x01\xd5R\x86\x17\xf2J\x91\x17\x84\x09\xc3\x1a\xc3_\x8d\x1d\x84\x1f\xc3\x10\xd4\x5c\x80\x16\xc5R\x92\x06\xd5\x11\xdb\x09\x84A\x84\x1f\xc9G\x84_\xd5V\x95\x06\xcf]\x86\x01\x89^\x8e\x1c\xcfG\x8e\x00\xf9P\x89\x13\xc8T\x84\x01\x84\x09\xc3.\x84\x02\xd4J\x9e\x0b\xd6C\x90\x04\xd1F\x96\x00\xbdP\x84N\xcdP\xd3@\x84-\xd1V\x83\x02\xd3@\x89P\x9cG\x93\x07\xc3\x1f\xc3\x07\xc7Z\x85P\x9c\x11\x83K\x9e\x0a" src_user="ron@ourdomain.com" Traffic

  • No idea.
    I don't have this issue - and for what its worth, I'm running V12.6.1 beta

    I log most everything and I see things such as this:
    2020-05-07 18:51:12 Allow 10.0.1.2 108.177.122.106 https/tcp 51811 443 1-Trust-VLAN 0-External ProxyAllow: HTTP request URL match (HTTPS-proxy-for-Bruce-PC-00) HTTP-Client.DPI proc_id="http-proxy" rc="590" msg_id="1AFF-000B" proxy_act="HTTP-Client.DPI" rule_name="Default" dstname="www.google.com" arg="/maps/preview/log204?authuser=0&hl=en&gl=us&pb=!8m2!3sjsaction.omnibox_suggestion_accepted!6i858!8m2!3sjsaction.omnibox_select!6i1648!8m12!2e22!6i0!20m4!1s0pC0XqePAo2d_QbjiofgBQ%3A41!2s1i%3A0%2Ct%3A25745%2Cp%3A0pC0XqePAo2d_QbjiofgBQ%3A41!3s0pC0XqePAo2d_Qbj" geo_dst="USA" Traffic

    This is one on many log messages from maps.google.com which resulted with an address entered

    Consider opening a support incident to get help from a WG rep who can look at your config and logs.

  • I added 2 more domains (*.googleusercontent.com and *.googleapis.com) to bypass content inspection, based on the info from the following site:
    https://support.google.com/a/answer/2589954?hl=en

    I can now search for an address.

  • I'd like to add that I had no problem with Google Maps before a user reported it to me on Thursday, May 7 that he couldn't search a site or get driving direction.

    There were no changes made to the firewall or browsers recently. Google must have done something on their end to break it and now I must add those domains to bypass inspection to restore Google Maps usability.

Sign In to comment.