5 comments

• Ian commented  ·  March 22, 2019 10:41 PM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  This could better be worked around if we could block https/QUIC based on DNS like we could in UTM9 or Fortinet does it...

  Save Submitting...
• Jesse B. commented  ·  February 19, 2019 9:07 PM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  This needs to be done ASAP!! Not just block it. Especially with a service like Cloudflare adding support for QUIC, they may also add an option to only allow website visit using QUIC, which would effectively break a TON of websites.

  Save Submitting...
• AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) commented  ·  November 16, 2018 5:45 PM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  In version 17.1 we introduced an option in the Firewall rule that allows you to quickly block QUIC traffic, which forces browsers to revert to regular HTTP.

  Save Submitting...
• AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) commented  ·  January 13, 2018 6:23 AM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  Our recommended solution for this right now is to block QUIC in the firewall. This can be done by adding a rule that blocks outbound connections to UDP ports 80 and 443. Browsers will automatically fall back to using regular HTTP/HTTPS.

  In the short term, we plan to add a feature to make this blocking simpelr to implement.

  In the longer term we will investigate providing direct support to enable full Web Protection for the QUIC protocol.

  Save Submitting...
• A commented  ·  November 30, 2016 12:49 AM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  Further to that, UDP 80/443 can not be added to Web Protection -> Filtering Options -> Allowed Target Services.

  Save Submitting...