Description
This article describes how to block QUIC Protocol.
QUIC (Quick UDP Internet Connections) is an experimental transport layer network protocol developed by Google.
Starting in 2015, some sites (for example Google and YouTube) offer connection via QUIC protocol. Google Chrome supports it in the latest version by default.
QUIC uses UDP port 80 and port 443 and often permits clients to bypass transparent proxies, in which UTM features such as web filtering may not work properly on Google Chrome only, but works perfectly on other browsers such as Internet Explorer or Mozilla Firefox.
Solution
There are three ways to block QUIC:
Method 1: Disable the Experimental QUIC protocol on the Google Chrome browser.
This can be done by opening Google Chrome, in the URL type 'chrome://flags'.
Look for the Experimental QUIC protocol and disable it.
Method 2: Block QUIC using Application Control.
Go to the Application Control profile, look for the Application signature name 'QUIC', and select the action 'Block'.
Apply this Application Control profile to the firewall policy.
Method 3: Block QUIC using the firewall policy.
Create a custom firewall service for UDP port 80 and port 443.
Configure a firewall policy with the customs service created and set the action to Deny.
From FortiOS v7.2.4 onward FortiGate can detect Quick protocol over HTTP3, so no need to block it on the browser.
Related document:
