Re: Grammarly and ChatGPT Access

DamianRCL · ‎05-07-2024

Hello,

Both the Grammarly and ChatGPT sites are accessible, however, the WSA will not allow us to use the them properly. In the case of ChatGPT, if you try to open a document, the error shown is, "Can't connect to Grammarly. your network configuration currently blocks Grammarly services on this computer." With ChatGPT, new chats produce the following error, "Something went wrong. If this issue persists please contact us through our help center at help.openai.com."

In Talos, Grammarly is categorized as Education, and openai.com is Computers and internet. Both categories are set to monitor, so they should be accessible (?).

Does anyone know why this is occurring?

Thank you!

amojarra · ‎05-07-2024

Hi @DamianRCL

can you please:

[1] check from developer tools and see which URL is getting blocked

[2] then find accosted accesslog for that URL ( CLI > grep > choose Accesslogs > in the "Enter the regular expression to grep" type the URL > follow the wizard please,
[3] please share the access_logs or you can review which policy it is hitting,

[4] most probably your POST traffic is getting blocked, which is configured in the GUI > Web Security Manager > Cisco Data Security , Please review that configuration as well

[5] if you are using External DLP, please consider to review its configuration as well: GUI > Web Security Manager > External Data Loss Prevention

thank you so much for your time

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

DamianRCL · ‎05-08-2024

Hello Amirhossein,

Where do I find developer tools?

I added a Custom and External URL Category Filter to Cisco Data Security and then allowed it, but the Grammarly still does not work.

We are not using External Data Loss Prevention.

Thank you.

amojarra · ‎05-08-2024

@DamianRCL

thanks for your reply,

for developer tools I can suggest this link : What are browser developer tools? - Learn web development | MDN (mozilla.org)

regarding "but the Grammarly still does not work." could be there are some other URLs which are getting dropped. you can check them as mentioned above (accesslogs and/or developer tools )

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

DamianRCL · ‎05-09-2024

With your help, I've managed to locate the site getting blocked (wss://dox.grammarly.com/). However, how do I identify which access log to grep the information from?

DamianRCL · ‎05-09-2024

Upon further investigation, grammarly.com (the site I'm attempting to access) uses websockets. How do I configure the WSAs to allow websockets? Thank you!

amojarra · ‎05-09-2024

@DamianRCL

For the web socket , we usually should see HTTP traffic before the socket establishment, HTTP 101 Switching Protocols status code.

To view the accesslogs:

[1] you can type grep in CLI

[2] choose the number associated with "accesslogs" Type: "Access Logs" Retrieval: FTP Poll

[3] in "Enter the regular expression to grep" please type grammarly

[4] Do you want this search to be case insensitive? [Y]> Y

[5] Do you want to search for non-matching lines? [N]> N

[6] Do you want to tail the logs? [N]> Y

[7] Do you want to paginate the output? [N]> N

now you will be able to see live logs, then try to re-produce the traffic and review the logs.

that would be nice to have a PCAP running on WSA as well to have better overview in network perspective.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

DamianRCL · ‎05-10-2024

Amirhossein,

accesslogs is not in the list. Is there somewhere else I should look?

Thank you

amojarra · ‎05-12-2024

@DamianRCL hi

thanks for your reply

kindly follow the steps here : Configure Performance Parameter in Access Logs - Cisco

to have accesslogs in your WSA

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

DamianRCL · ‎05-13-2024

Happy Monday. Thanks for the pointers. Here are the logs generated:

1715600671.657 309 10.0.0.168 TCP_MISS_SSL/200 39 CONNECT tunnel://treatment.grammarly.com:443/ - DIRECT/treatment.grammarly.com - DECRYPT_WBRS_7-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup-NONE <"IW_edu",5.1,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,"IW_edu",-,"-","Education","-","Unknown","Unknown","-","-",1.01,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -
1715600672.144 429 10.0.0.168 TCP_MISS_SSL/200 2137 POST https://treatment.grammarly.com:443/treatment/get - DIRECT/treatment.grammarly.com text/plain DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-DefaultGroup-NONE-DefaultGroup-NONE <"IW_edu",5.1,1,"-",0,0,0,1,"-",-,-,-,"-",1,-,"-","-",0,-,"IW_edu",-,"Unknown","Education","-","Unknown","Unknown","-","-",39.85,0,-,"Unknown","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -
1715600711.908 99 10.0.0.168 TCP_MISS_SSL/200 39 CONNECT tunnel://treatment.grammarly.com:443/ - DIRECT/treatment.grammarly.com - DECRYPT_WBRS_7-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup-NONE <"IW_edu",5.1,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,"IW_edu",-,"-","Education","-","Unknown","Unknown","-","-",3.15,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -
1715600712.123 31 10.0.0.168 TCP_MISS_SSL/200 2137 POST https://treatment.grammarly.com:443/treatment/get - DIRECT/treatment.grammarly.com text/plain DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-DefaultGroup-NONE-DefaultGroup-NONE <"IW_edu",5.1,1,"-",0,0,0,1,"-",-,-,-,"-",1,-,"-","-",0,-,"IW_edu",-,"Unknown","Education","-","Unknown","Unknown","-","-",551.48,0,-,"Unknown","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -
1715600959.438 334 10.0.0.168 TCP_MISS_SSL/200 39 CONNECT tunnel://extension.femetrics.grammarly.io:443/ - DIRECT/extension.femetrics.grammarly.io - DECRYPT_WBRS_7-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup-NONE <"IW_ref",3.0,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,"IW_ref",-,"-","Reference","-","Unknown","Unknown","-","-",0.93,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -
1715600959.723 235 10.0.0.168 TCP_MISS_SSL/200 583 POST https://extension.femetrics.grammarly.io:443/batch/import - DIRECT/extension.femetrics.grammarly.io text/plain DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup-NONE <"IW_ref",3.0,0,"-",0,0,0,-,"-",-,-,-,"-",-,-,"-","-",-,-,"IW_ref",-,"-","Reference","-","Unknown","Unknown","-","-",19.85,0,-,"Unknown","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -
1715601327.356 174 10.0.0.168 TCP_MISS_SSL/200 481 GET https://q.quora.com:443/_/ad/87aec589ac364d478f819f2ef53afe3a/pixel?j=1&u=https%3A%2F%2Fwww.grammarly.com%2Fblog%2Fworse-worst%2F&tag=DwellTime&ts=1715601327000&i=gtm&dwt=1563&ive=blur - DIRECT/q.quora.com image/gif DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup-NONE <"IW_ref",4.7,1,"-",0,0,0,1,"-",-,-,-,"-",1,-,"-","-",-,-,"IW_ref",-,"Unknown","Reference","-","Quora","Social Networking","-","-",22.11,0,-,"Unknown","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -
1715601329.532 35 10.0.0.168 TCP_MISS_SSL/204 514 POST https://analytics.google.com:443/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je4580v871727644za200&_p=1715600395733&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=2032786756.1715337916&ul=en-us&sr=1920x1080&lps=1&frm=0&pscdl=noapi&_s=2&sid=1715600415&sct=2&seg=0&dl=... - DIRECT/analytics.google.com text/plain DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup-NONE <"IW_srch",6.2,0,"-",0,0,0,-,"-",-,-,-,"-",-,-,"-","-",-,-,"IW_srch",-,"-","Search Engines and Portals","-","Google","Search Engine","-","-",117.49,0,-,"Unknown","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -
1715601352.030 379 10.0.0.168 TCP_MISS_SSL/200 39 CONNECT tunnel://treatment.grammarly.com:443/ - DIRECT/treatment.grammarly.com - DECRYPT_WBRS_7-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup-NONE <"IW_edu",5.1,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,"IW_edu",-,"-","Education","-","Unknown","Unknown","-","-",0.82,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -
1715601352.300 215 10.0.0.168 TCP_MISS_SSL/200 2137 POST https://treatment.grammarly.com:443/treatment/get - DIRECT/treatment.grammarly.com text/plain DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-DefaultGroup-NONE-DefaultGroup-NONE <"IW_edu",5.1,1,"-",0,0,0,1,"-",-,-,-,"-",1,-,"-","-",0,-,"IW_edu",-,"Unknown","Education","-","Unknown","Unknown","-","-",79.52,0,-,"Unknown","-",-,"-",-,-,"-","-",-,-,"-",-,-> - -

amojarra · ‎05-13-2024

Thanks @DamianRCL

here everything seems Normal HTTP/200

may I ask you to bypass Decryption and test?

to do this, you need to create a Custom URL Category, and in the site section please add:

grammarly.com, .grammarly.com , grammarly.io , .grammarly.io

due to : WebSockets Support Q&A for System Administrators – Grammarly Support

you need to add

grammarly.net , .grammarly.net

as well to the above sites.

then please create a Decryption policy, and select that Custom URL category, set that to passthrough and test please.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

DamianRCL · ‎05-15-2024

Amirhossein,

I've created a custom URL category and applied each of the Grammarly aliases. We are still told by the Grammarly self-diagnostic tests websockets is not allowed. To be clear, the Grammarly site is accessible, but it isn't fully useable because websocket communication is blocked.

Based on the nature of websockets communication, is it even possible for it to work? A semi-permanant connection needs to exist between the Grammarly service and a client. How would this be possible with a proxy in the middle?

Update:

We removed the proxy-pac pointing internet traffic to the web filters and was able to use Grammarly without a problem.

Do the WSAs actually support websockets?

Thanks!

amojarra · ‎05-22-2024

Hi @DamianRCL

Thanks for the updates and sorry for late reply.

could you please check from CLI > advancedproxyconfig > MISCELLANEOUS

hit enter until you see:

Would you like to block tunneling of non-SSL transactions on SSL Ports?
[N]>

kindly advise if this option is set to No or Yes?

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

DamianRCL · ‎05-28-2024

Hello Amirhossein,

Am I supposed to make a change to this setting? It defaults to [N], and access to Grammarly still doesn't work fully. Please advise.

Thanks!

amojarra · ‎05-30-2024

Hello DamianRCL

yes, to have web-sockets (wss://) works we need to change that settings to "Y" please.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++