Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 14 subscribers
  • Views 2793 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Block QUIC setting not showing

itskdog

I saw the popup the other day announcing the new feature in Threat Protection to block QUIC to make sure that everything goes through Web Control and Threat Control correctly.

I clicked the "Read more" link which took me to Threat Protection Policy - Sophos Central Admin, indicating it should appear just before the HTTPS Decryption toggle in the Threat Protection policy settings.

However when I go to find that setting, it's not there. Is there something I need to do to activate that?



This thread was automatically locked due to age.
Parents
  • 0

    I have seen it in Central for a while, it looks like this in the Threat Protection policy.  Hard to believe you have overlooked it.  Not sure why you wouldn't have it unless it is behind some sort of flag that hasn't been enabled?  Sorry. 

  • 0 in reply to Sophos User930

    Nope, it's just not there for me. Weird... Edit: even switching back to the legacy UI didn't sort it either.

  • 0 in reply to itskdog

    If you open the dev tools of the browser, F12, switch to the console and type:

    sc.getFlags();

    This should return the flags enabled for your account, I see:

    cesg.windows.computer.quic.enabled
    true


    cesg.windows.server.quic.enabled
    true

    Do you have those flags listed, if so, what is the value? I assume everything listed is true, so you may not have them?

  • 0 in reply to Sophos User930

    The flag isn't even listed - there's nothing with `cesg.windows` at the start - just goes straight from `cesg.whitelist` to `cesg.winep`.

  • +1 in reply to itskdog

    All I can suggest is you try running:

    sc.setFlag('cesg.windows.computer.quic.enabled')

    It might work, i.e. enable it for the endpoint policy.

    For the server policies if it works:

    sc.setFlag('cesg.windows.server.quic.enabled')

    otherwise, you may have to open a ticket with Support.  

    I don't know if you need to logout and back in or just re-open the policy.  That is all I have I'm afraid. Hope it works.

    I see the policy comes down to the DWORD quic_protocol_blocking_enabled under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[latestrevision]\

    1 being enabled, 0 being disabled in policy.

Reply
  • +1 in reply to itskdog

    All I can suggest is you try running:

    sc.setFlag('cesg.windows.computer.quic.enabled')

    It might work, i.e. enable it for the endpoint policy.

    For the server policies if it works:

    sc.setFlag('cesg.windows.server.quic.enabled')

    otherwise, you may have to open a ticket with Support.  

    I don't know if you need to logout and back in or just re-open the policy.  That is all I have I'm afraid. Hope it works.

    I see the policy comes down to the DWORD quic_protocol_blocking_enabled under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[latestrevision]\

    1 being enabled, 0 being disabled in policy.

Children
  • 0 in reply to Sophos User930

    That did the trick.

    Just had to run the command and refresh the page.

    Though strangely the toggle defaulted to being enabled on the base policy when I opened it (despite the documentation saying it's disabled by default), but not on the separate policy we have to filter websites for children's laptops at home.

Unfiltered HTML