Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 15 subscribers
  • Views 5881 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Block QUIC setting not showing

itskdog

I saw the popup the other day announcing the new feature in Threat Protection to block QUIC to make sure that everything goes through Web Control and Threat Control correctly.

I clicked the "Read more" link which took me to Threat Protection Policy - Sophos Central Admin, indicating it should appear just before the HTTPS Decryption toggle in the Threat Protection policy settings.

However when I go to find that setting, it's not there. Is there something I need to do to activate that?



This thread was automatically locked due to age.
  • 0

    I have seen it in Central for a while, it looks like this in the Threat Protection policy.  Hard to believe you have overlooked it.  Not sure why you wouldn't have it unless it is behind some sort of flag that hasn't been enabled?  Sorry. 

  • 0 in reply to Sophos User930

    Nope, it's just not there for me. Weird... Edit: even switching back to the legacy UI didn't sort it either.

  • 0 in reply to itskdog

    If you open the dev tools of the browser, F12, switch to the console and type:

    sc.getFlags();

    This should return the flags enabled for your account, I see:

    cesg.windows.computer.quic.enabled
    true


    cesg.windows.server.quic.enabled
    true

    Do you have those flags listed, if so, what is the value? I assume everything listed is true, so you may not have them?

  • 0 in reply to Sophos User930

    The flag isn't even listed - there's nothing with `cesg.windows` at the start - just goes straight from `cesg.whitelist` to `cesg.winep`.

  • +1 in reply to itskdog

    All I can suggest is you try running:

    sc.setFlag('cesg.windows.computer.quic.enabled')

    It might work, i.e. enable it for the endpoint policy.

    For the server policies if it works:

    sc.setFlag('cesg.windows.server.quic.enabled')

    otherwise, you may have to open a ticket with Support.  

    I don't know if you need to logout and back in or just re-open the policy.  That is all I have I'm afraid. Hope it works.

    I see the policy comes down to the DWORD quic_protocol_blocking_enabled under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[latestrevision]\

    1 being enabled, 0 being disabled in policy.

  • 0

    Not seeing it on our portal either.....This an additional cost?

  • 0 in reply to Sophos User930

    That did the trick.

    Just had to run the command and refresh the page.

    Though strangely the toggle defaulted to being enabled on the base policy when I opened it (despite the documentation saying it's disabled by default), but not on the separate policy we have to filter websites for children's laptops at home.

  • +1 in reply to Slappy

    Hi Slappy

    I was able to find the support case you opened and used the developer tools as Sophos User930 suggested above to enable this policy option. This does not require an additional license.

    Update:
    The UI option to Block QUIC browser connections should not be displayed currently. An issue was found where the setting is enabled by default, where this should be disabled by default. 

    The rollout of this feature has been put on hold until the policy enablement issue is resolved. Re-enabling the UI using flags and turning this feature on will not affect your endpoints. 

    Some customers may see a pop-up message advising that this option is available. This pop-up message was not rolled back in time to align with this change.  

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    QUIC blocking is now live as an option in Central. The default state is Off.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Unfiltered HTML