QUIC is an experimental networking protocol designed by Google to avoid latency and reduce network congestion. This article describes how to prevent Google's QUIC protocol from bypassing Web filtering of Google services including HTTPS Decryption, Sophos Sandstorm, Malware scanning and Content Filter scanning when accessing files in Google's Chrome Browser. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
There are three different methods for stopping QUIC Protocol from bypassing the firewall's normal scanning methods. Block on the client by disabling the QUIC Protocol in the Chrome Browser. Block using application control to stop the Application ID QUIC. We can also block QUIC by using firewall rules to stop UDP Ports 443 and 80. Whenever QUIC protocol is blocked by Firewall Rule, Application Control or on the client, Chrome will revert back to standard HTTP/HTTPS, so no services should be negatively impacted by these changes.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.