Troubleshoot Web Access Control

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

In the Web Access Control settings of a workstations and servers settings profile, you can limit access to specific web content categories and configure a list of URLs to allow and deny access to. However, Web Access Control might not always block access or allow access to web pages as you expect. This help topic provides information on possible causes and remedies.

Browsers and the QUIC Protocol

HTTP/3 (QUIC) is a transport layer network protocol. Web Access Control is not compatible with the QUIC protocol because it is a third-party proprietary protocol.

To disable the QUIC protocol, complete these steps in the relevant browser:

Browser settings can vary for different versions.

Google Chrome

In the browser address bar, type chrome://flags. Disable the Experimental QUIC protocol option.

Microsoft Edge

In the browser address bar, type edge://flags/. Disable the Experimental QUIC protocol option.

Mozilla Firefox

In the browser address bar, type about:config. Disable the network.http.http3.enabled option.

Opera

In the browser address bar, type opera://flags/#enable-quic. From the Experimental QUIC protocol drop-down list, select Disabled.

For more information, go to Disable the HTTP/3 (QUIC) Protocol.

Collect Information

If you contact Support:

• Provide a description of the issue.
• Use the Pserrortrace tool to generate a diagnostic file.
• Use the PSInfo tool to generate support-related information.
• Use the Urlviewer tool to generate URL support-related information.
• Use the NNSDiag tool to generate a diagnostic file.
• Enable Support Access to your WatchGuard Cloud account.

To use the Urlviewer tool:

1. Download the Urlviewer tool.
   • If your WatchGuard Endpoint Security software is 8.00.17 or earlier, download urlviewer_cyren.zip (external link).
   • If your WatchGuard Endpoint Security software is 8.00.18 or later, download urlviewer_forcepoint.zip (external link).

2. Unpack the .EXE file to a location of your choice.
   When prompted, the password is 'panda'.
3. Open a command window with administrator privileges.
4. From the command prompt, browse to the location of your install.
5. Type this command:
   WebAccessControlViewer.exe -d:1 -o:C:\urls.csv
6. Wait for the tool to complete.
   When done, the tool generates a .CSV file at the specified path.

7. Send the .CSV file to Support.

To use the NNSDiag tool:

1. Download the NNSDiag tool (external link).
2. In the C:\ drive of your system, create a NNSDiag folder.
   
3. Unpack the NNSDiag.exe file, then place it in the NNSDiag folder.
   When prompted, the password is 'panda'.
4. Open a Command Prompt window with administrator privileges.
5. From the command prompt, browse to C:\NNSDiag.
6. Type and run this command:
   NNSDiag.exe c:\NNSDiag 5
7. Open a web browser, then recreate the issue.
8. Wait for the tool to complete.
   When done, the tool generates a .NNSDiagResults.zip file at the specified path.
9. Send the .ZIP file to Support.