
Overview
QUIC (Quick UDP Internet Connection) is an experimental network protocol designed by Google to reduce latency and avoid network congestion on Google Chrome. Since QUIC works on UDP ports 80 and 443, not over TCP, when connecting via QUIC, Sophos XG’s security features like Sophos Sandstorm, decrypt HTTPs, as well as scan for malware and filter content may be bypassed and not working well on Google Chrome. Blocking QUIC traffic will make the connection fall back to TCP and ensure that all web traffic traverses through the proxy and filtering is not bypassed.
This article will guide how to block Google’s QUIC protocol to prevent Sophos XG’s security, scanning, filtering features from being bypassed when using Google Chrome web browser.
Instructions
There are four different ways to block the QUIC protocol.
Option 1: Disable QUIC with Application Control.
Step 1: Go to Protect> Application> Application Filter> Add.
Enter the name and Template as Allow All. Click Save.

Step 2: Edit Application Filter
Click the pencil icon to edit the policy you just created.

Click Add.
Click Select Individual Application. Under Technology, select Network Protocol.
Scroll down and select QUIC. The Action selects Deny
Click Save.

Step 3: Create a Firewall Rule
Go to Protect> Rule and policies> Add firewall rule> New firewall rule
Enter Rule Name. Action select Drop. Rule Position selects Top.
Select Source Zone as LAN, Destination Zone as WAN.

Scroll down to the Other Security features in App control select Block QUIC created in Application Filter. Click Save.

Option 2: Web filtering
Scroll down to the Security feature when creating the rule.
In Web filtering, Click choose Scan HTTP and decrypted HTTPS and click choose Block QUIC protocol.

Option 3: Block protocol QUIC Firewall Rule.
Go to Protect> Rule and policies> Add firewall rule> New firewall rule
Enter Rule Name. Action select Drop. Rule Position selects Top.
Select Source Zone as LAN, Destination Zone as WAN.

In Services> Add New Item> Create New> Services.
Enter name you want. Click choose TCP / UDP. Protocol select UDP and Destination Port enter port 80 and 443. Click Save.

Option 4: Disable QUIC on Google Chrome.
Open Google Chrome browser, enter the address chrome://flags /.
Search in the QUIC search bar, find Experimental Quic Protocol, select Disable
Finally click Relaunch.

Leave a Reply