Technical Note: How to block/disable QUIC
Products
FortiGate
FortiGate v5.2
FortiGate v5.4
FortiWiFi
Description
QUIC (Quick UDP Internet Connections) is an experimental transport layer network protocol developed by Google. Starting from 2015, some sites (For example Google and YouTube) offer connection via QUIC protocol. Google Chrome support it in latest version by default.

QUIC uses UDP port 80 and port 443 and often permits clients to bypass transparent proxies, in which UTM feature such as web filtering may not work properly on Google Chrome only, but works perfectly on other browsers such as Internet Explorer or Mozilla Firefox.
Solution
There are three ways to block/disable QUIC:

Method 1: Disable Experimental QUIC protocol on Google Chrome browser.

This can be done by opening Google Chrome, in the URL type "chrome://flags". Look for Experimental QUIC protocol and disable it.



Method 2: Block QUIC using Application Control

Go to Application Control profile, look for Application signature name "QUIC" and select the action "Block". Apply this Application Control profile into the firewall policy.



Method 3: Block QUIC using firewall policy

Create a custom firewall service for UDP port 80 and port 443. Configure a firewall policy with the custom service created and set the action to Deny.

Last Modified Date: 06-23-2016 Document ID: FD36680