Fully support QUIC (HTTPS via UDP)
Google is using a new method of delivering content securely by using the HTTPS port 443 via UDP and TLS.
I've noticed from analyzing logs that traffic flowing through QUIC does not pass through the Web Filter, thus allowing unfiltered/unscanned traffic through it. This can pose a threat to network security if used maliciously, additionally, it allows advertisers to stream ads to your browser without being filtered at all, which is both annoying and frustrating.
More about QUIC can be read here : https://www.chromium.org/quic
With that said, I would like to see full support for QUIC natively in Sophos UTM Web Filter. At current, I'm blocking 443 (UDP) at the firewall and via Application control. This is just frustrating to deal with.
It's frustrating this is still not implemented.
AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) commented
We have QUIC on our radar and are monitoring the business priority of implementing full filtering for this.
For the SG UTM, it is of course possible to create a specific firewall rule that blocks outbound traffic on UDP ports 443 and 80. This has the effect of forcing QUIC-capable browsers to revert to HTTPS. We have not yet come across any situations where this impacts the availability of web sites or services.
We are adding a feature in version 17.1 of XG Firewall where you can specify in a firewall rule that QUIC traffic should be blocked.
Please add QUIC support!
A thousand yesses to this suggestion.