Meraki

Community

Block QUIC navigation about google protocol

GersonMejia993
New here
‎Feb 22 2024 3:01 PM
‎Feb 22 2024 3:01 PM

Block QUIC navigation about google protocol

Hi.

 

i need Block all navigation about QUIC protocol. a few days ago i had the need to block all navigation through the QUIC protocol, but i couldn´t find anything specific on the network. some will have an option to do it.

 

Greetings.

0 Kudos
3 Replies 3
RaphaelL
Kind of a big deal
Kind of a big deal
‎Feb 22 2024 4:05 PM
‎Feb 22 2024 4:05 PM

You can block UDP on port 80/443. 

0 Kudos
In response to RaphaelL
jimmyt234
A model citizen
‎Feb 23 2024 2:10 AM
‎Feb 23 2024 2:10 AM

To expand on this, create a layer 3 outbound firewall policy to block these ports that @RaphaelL says above:

jimmyt234_0-1708683004551.png

 

0 Kudos
AlexL1
Meraki Employee
Meraki Employee
a week ago
a week ago

Hi GersonMejia993,

Welcome to Meraki Community! 🙂

 

Point 1 - QUIC (Quick UDP Internet Connections) is a new encrypted transport layer protocol, designed to improve the performance and security of web applications by replacing TCP and TLS, and is built on top of UDP, offering features like faster connection establishment and reduced latency.

 

  • NOTE: It is not generally possible to block these features using firewall rules, because they work over TCP or UDP 443, which are shared with other web traffic (TLS and QUIC)


Option 1 - To prevent this, client devices can Disable QUIC at a browser level,

  • Google Chrome - In the browser address bar, type chrome://flags. Disable the Experimental QUIC protocol option.
  • Microsoft Edge - In the browser address bar, type edge://flags/. Disable the Experimental QUIC protocol option.
  • Mozilla Firefox - In the browser address bar, type about:config. Disable the network.http.http3.enable option.
  • Opera - In the browser address bar, type opera://flags/#enable-quic. From the Experimental QUIC protocol drop-down list, select Disabled.

 

OR

 

Option 2 - Firewall rules to block UDP 80 and UDP 443 should be configured to prevent end-user devices from being able to circumvent Content Filtering rules. 

 

Point 2 - Clear the locally cached DNS record - Correcting this behavior depends on the device's OS:

  • For Windows: open up a command prompt and run ipconfig /flushdns
  • For MacOS: open a terminal and run sudo dscacheutil -flushcache
  • For iOS: reboot the device
  • For Android: Open the Chrome browser, navigate to the URL chrome://net-internals/#dns, choose the "DNS" option, and then click "Clear host cache"

 

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering/Conten...

 

For example, more details about WatchGuard Firewall and the explanation about QUIC Protocol and how it can be blocked - https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Endpoint-Security/manage-settin...

 

https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3dzSAA&lang=en_US#:%7E:text=Dis...

 

If you have more questions, please don't hesitate to contact us.

If you found this post helpful, please give it kudos.
If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.