Advisory: Google's QUIC protocol bypasses scanning on Sophos XG Firewall

  • Article ID: 127719
  • Updated: 25 Oct 2017
  • 0 people found this helpful
  • Available in: English | Español | Italiano | 日本語 | Français | Deutsch

Overview

QUIC is an experimental networking protocol designed by Google to avoid latency and reduce network congestion. This article describes how to prevent Google's QUIC protocol from bypassing Web filtering of Google services including HTTPS Decryption, Sophos Sandstorm, Malware scanning and Content Filter scanning when accessing files in Google's Chrome Browser.

The following sections are covered:

Applies to the following Sophos products and versions
Sophos Firewall

What to do

There are three different methods for stopping QUIC Protocol from bypassing the firewall's normal scanning methods. Block on the client by disabling the QUIC Protocol in the Chrome Browser. Block using application control to stop the Application ID QUIC. We can also block QUIC by using firewall rules to stop UDP Ports 443 and 80. Whenever QUIC protocol is blocked by Firewall Rule, Application Control or on the client, Chrome will revert back to standard HTTP/HTTPS, so no services should be negatively impacted by these changes.

How to disable QUIC with Application Control

  1. Follow the steps in Sophos Firewall: How to block YouTube with Application Control to create an Application Filter.
  2. Replace references to YouTube with QUIC which should show with the following details:
  3. Add the Application Filter to the Firewall Rule.

How to block QUIC Protocol with Firewall Rules

  1. Navigate to Firewall and click on + Add Firewall Rule.
  2. Give the Rule Name a title and then change the Action to Drop.
  3. Fill out the Source and Destination for the networks you want QUIC dropped from.
  4. On this page scroll down to Destination & Services > Services and click Add New Item.
  5. Click Create New and fill out the parameters as shown below:
  6. Save the new service definition.
  7. Apply the Service and then click Save.
  8. Make sure the rule is at the top of the Firewall Rules list so that QUIC traffic is dropped first.

How to disable QUIC in Chrome

  1. Launch Google Chrome.
  2. In the Address Bar type: chrome://flags/
  3. Navigate to the flag labeled Experimental QUIC protocol Mac, Windows, Linux, Chrome OS, Android.
  4. Click on the drop-down menu below and then change it to Disabled.
  5. Click on Relaunch Now to restart Chrome without QUIC enabled.

Related information

Feedback and contact

If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Article appears in the following topics

Did this article provide the information you were looking for?

Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.

Sophos Footer