07-14-2025 11:38 PM
Hello, I'm wondering if anyone else has encountered this.
When a user wants to use the translation function in Chrome, it doesn't work. I looked at the logs and saw that the URLs are categorized as private IP addresses, which is blocked for us. The question is why the URLs are classified as private. A test on "Test A Site" resulted in the correct category.
example:
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.XbGy-nlZGr0.O/am=AAAE/d=1/exm=el_conf/ed=1/rs=AN8SPfq2kIrt_bMYGtViUALtHwnCwQJRbQ/m=el_main
PAN-OS is 10.2.13-h5, dynamic updates, and the URL DB are up to date. This problem seems to have been present for some time.
07-15-2025 10:24 PM
Hi @JayGolf,
thank you for your reply. I followed the instructions, but the problem persists. However I was able to find a workaround.
Steps:
I tested how the firewall categorized the URL and it was displayed correctly.
test url translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.XbGy-nlZGr0.O/am=AAAE/d=1/exm=el_conf/ed=1/rs=AN8SPfq2kIrt_bMYGtViUALtHwnCwQJRbQ/m=el_main
translate.googleapis.com/%5f/translate%5fhttp/%5f/js/k=translate%5fhttp.tr.en%5fus.xbgy-nlzgr0.o/am=aaae/d=1/exm=el%5fconf/ed=1/rs=an8spfq2kirt%5fbmygtviualthwncwqjrbq/m=el%5fmain translation low-risk (Base db) mlav_flag=0, mica_flags=0 expires in 451 seconds
translate.googleapis.com/%5f/translate%5fhttp/%5f/js/k=translate%5fhttp.tr.en%5fus.xbgy-nlzgr0.o/am=aaae/d=1/exm=el%5fconf/ed=1/rs=an8spfq2kirt%5fbmygtviualthwncwqjrbq/m=el%5fmain translation low-risk (Cloud db)
I cleared the Cache anyway, after that the output and the problem was the same.
Then I created a custom URL category and a policy. However, it didn't generate any hits.
While going through the instructions, I came to the conclusion that it might be related to decryption. I created an SSL decryption exclusion for translate.googleapis.com. After that, everything worked as expected.
I think it must have something to do with Chrome's behavior. Users found a workaround by using the Edge browser. Perhaps the browser accesses local resources during the session, and then the session is blocked. But I would expect this to show up in the log.
I will take a packet capture, maybe i find something.
07-15-2025 05:49 PM
Hi @S.Dwel ,
Take a look at the KB How to Handle a URL Miscategorization
I would try clearing the URL cache and see if that helps. If the issue persists, you can create a custom URL category for such things.
07-15-2025 10:24 PM
Hi @JayGolf,
thank you for your reply. I followed the instructions, but the problem persists. However I was able to find a workaround.
Steps:
I tested how the firewall categorized the URL and it was displayed correctly.
test url translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.XbGy-nlZGr0.O/am=AAAE/d=1/exm=el_conf/ed=1/rs=AN8SPfq2kIrt_bMYGtViUALtHwnCwQJRbQ/m=el_main
translate.googleapis.com/%5f/translate%5fhttp/%5f/js/k=translate%5fhttp.tr.en%5fus.xbgy-nlzgr0.o/am=aaae/d=1/exm=el%5fconf/ed=1/rs=an8spfq2kirt%5fbmygtviualthwncwqjrbq/m=el%5fmain translation low-risk (Base db) mlav_flag=0, mica_flags=0 expires in 451 seconds
translate.googleapis.com/%5f/translate%5fhttp/%5f/js/k=translate%5fhttp.tr.en%5fus.xbgy-nlzgr0.o/am=aaae/d=1/exm=el%5fconf/ed=1/rs=an8spfq2kirt%5fbmygtviualthwncwqjrbq/m=el%5fmain translation low-risk (Cloud db)
I cleared the Cache anyway, after that the output and the problem was the same.
Then I created a custom URL category and a policy. However, it didn't generate any hits.
While going through the instructions, I came to the conclusion that it might be related to decryption. I created an SSL decryption exclusion for translate.googleapis.com. After that, everything worked as expected.
I think it must have something to do with Chrome's behavior. Users found a workaround by using the Edge browser. Perhaps the browser accesses local resources during the session, and then the session is blocked. But I would expect this to show up in the log.
I will take a packet capture, maybe i find something.
07-17-2025 01:28 AM
I couldn't find anything in the packet capture. I'm fine with the decryption exclusion. We don't need to dig deeper.
07-17-2025 09:08 AM
Thanks for sharing!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
