Troubleshooting Chrome on macOS with NPA

  • 21 March 2022
  • 6 replies
  • 85 views

Badge +7

hello community!

 

We are seeing a problem with Google Chrome on macOS where Chrome is not passing traffic to a private app via the Netskope Client. We are able to reach the Private app using other browsers installed on the same system without issue. We can even hit the private app using curl at the terminal and it's working fine with NPA.

We have tried clearing browser cache and using incognito on Chrome with no success. Anyone have experience with this issue?


6 replies

Badge +8

Thank you for your question, @mdantona. A Netskope expert from our community team will get back to you as soon as possible. In the meantime, if any community member knows the solution, please reply to this thread! 

Userlevel 6
Badge +16

Good morning! Since you mention it works in other browsers, my first guess is that Chrome may be leveraging DNS over HTTPS.  The Netskope steering client monitors DNS requests and local network traffic to make its steering decisions.  DNS over HTTPS can sometimes cause issues like this.    Check if the "Use Secure DNS" setting is enabled under Settings > Security in Chrome:

 

If it's enabled, disable it and try again.  If this resolves the issue, you can block DNS over HTTPS across the board using Netskope's Secure Web Gateway or endpoint management software if this is a managed Mac.  

 

Badge +7

@sshiflett Our policy is to use Secure DNS (like DNS over HTTPS). We are able to successfully use the Chrome feature for some users (like me) with Google Chrome and Netskope Private Access. Other users who seem to have the same config (like my teammate) traffic doesn't make it to the steering client for the same Private Apps. Why would two users have differing outcomes when DNS over HTTPS is enabled in Google Chrome for both users?

Userlevel 6
Badge +16

@mdantona my apologies for the delay as my post earlier must not have submitted successfully.  Are you seeing connection attempts in the npadebuglog.log when using Chrome?  If not, it would indicate that the Netskope client is not successfully intercepting traffic from Chrome.  Can you reach out to your Netskope TSM or SE and mention my name so we can dig into this? 

Badge +4

Any update here?

We are experiencing the same issue; other browsers are fine, but for some users, they cannot use Chrome. Even adding a new user to the device without the Chrome profile works, which makes me think it is an issue tied to the google account and chrome profile.

Userlevel 2
Badge +5

I agree with checking the npadebuglog.log as mentioned above. However, you can try disabling the QUIC protocol in Chrome, which priviously caused us problems:

  • Navigate to chrome://flags/ and search for QUIC

    • choose Disabled from the dropdown

    • Restart Chrome

Reply