This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Block QUIC setting not showing

I saw the popup the other day announcing the new feature in Threat Protection to block QUIC to make sure that everything goes through Web Control and Threat Control correctly.

I clicked the "Read more" link which took me to Threat Protection Policy - Sophos Central Admin, indicating it should appear just before the HTTPS Decryption toggle in the Threat Protection policy settings.

However when I go to find that setting, it's not there. Is there something I need to do to activate that?



This thread was automatically locked due to age.
Parents
  • I have seen it in Central for a while, it looks like this in the Threat Protection policy.  Hard to believe you have overlooked it.  Not sure why you wouldn't have it unless it is behind some sort of flag that hasn't been enabled?  Sorry. 

  • Nope, it's just not there for me. Weird... Edit: even switching back to the legacy UI didn't sort it either.

  • If you open the dev tools of the browser, F12, switch to the console and type:

    sc.getFlags();

    This should return the flags enabled for your account, I see:

    cesg.windows.computer.quic.enabled
    true


    cesg.windows.server.quic.enabled
    true

    Do you have those flags listed, if so, what is the value? I assume everything listed is true, so you may not have them?

  • The flag isn't even listed - there's nothing with `cesg.windows` at the start - just goes straight from `cesg.whitelist` to `cesg.winep`.

  • All I can suggest is you try running:

    sc.setFlag('cesg.windows.computer.quic.enabled')

    It might work, i.e. enable it for the endpoint policy.

    For the server policies if it works:

    sc.setFlag('cesg.windows.server.quic.enabled')


    otherwise, you may have to open a ticket with Support.  

    I don't know if you need to logout and back in or just re-open the policy.  That is all I have I'm afraid. Hope it works.

    I see the policy comes down to the DWORD quic_protocol_blocking_enabled under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[latestrevision]\

    1 being enabled, 0 being disabled in policy.

  • That did the trick.

    Just had to run the command and refresh the page.

    Though strangely the toggle defaulted to being enabled on the base policy when I opened it (despite the documentation saying it's disabled by default), but not on the separate policy we have to filter websites for children's laptops at home.

Reply
  • That did the trick.

    Just had to run the command and refresh the page.

    Though strangely the toggle defaulted to being enabled on the base policy when I opened it (despite the documentation saying it's disabled by default), but not on the separate policy we have to filter websites for children's laptops at home.

Children
No Data