Can anyone please tell me (A) How to block all QUIC traffic in and out ,and (B) will that then give me better log reports of url's visited ?.
Thanks
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi JohnMMM ,
Thank you for reaching out to the community, by enabling - Block QUIC protocol - Blocks QUIC protocol by dropping outbound UDP packets to ports 80 and 443 for traffic that matches the rule's criteria. It's selected by default when you select a web policy or turn on scanning for HTTP and decrypted HTTPS. Chrome uses the protocol by default to establish sessions with Google services. QUIC traffic can't be scanned and bypasses web filtering. Please refer the useful KBAs below:
> https://5t9h.short.gy/9jlfbt
> Add a firewall rule
> Control traffic requiring web proxy filtering.
> To get better reporting refer HTTPS decrypt and scan FAQ.
> Behavior of HTTPS websites when HTTPS scanning is turned off.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hi JohnMMM ,
Thank you for reaching out to the community, by enabling - Block QUIC protocol - Blocks QUIC protocol by dropping outbound UDP packets to ports 80 and 443 for traffic that matches the rule's criteria. It's selected by default when you select a web policy or turn on scanning for HTTP and decrypted HTTPS. Chrome uses the protocol by default to establish sessions with Google services. QUIC traffic can't be scanned and bypasses web filtering. Please refer the useful KBAs below:
> https://5t9h.short.gy/9jlfbt
> Add a firewall rule
> Control traffic requiring web proxy filtering.
> To get better reporting refer HTTPS decrypt and scan FAQ.
> Behavior of HTTPS websites when HTTPS scanning is turned off.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
As an extension of Viveks explanation...
yes, if the firewall “sees something again” it can also check and log the traffic.
The web filter and weblogging are working again.
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.