SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Fully support QUIC (HTTPS via UDP)

Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.

More about QUIC can be read here : https://www.chromium.org/quic

With that said, I would like to see full support for QUIC natively in Sophos UTM Web Filter. At current, I'm blocking 443 (UDP) at the firewall and via Application control. This is just frustrating to deal with.

22 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Jesse B. shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...
An error occurred while saving the comment
  • AdminRich Baldry (Product Owner, Web Protection, Sophos Features & Ideas Laboratory) commented  ·   ·  Flag as inappropriate

    We have QUIC on our radar and are monitoring the business priority of implementing full filtering for this.

    For the SG UTM, it is of course possible to create a specific firewall rule that blocks outbound traffic on UDP ports 443 and 80. This has the effect of forcing QUIC-capable browsers to revert to HTTPS. We have not yet come across any situations where this impacts the availability of web sites or services.

    We are adding a feature in version 17.1 of XG Firewall where you can specify in a firewall rule that QUIC traffic should be blocked.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.