Meraki

DaMiBu · ‎Jan 2 2018

Is there a best method to block QUIC or to get QUIC working with Web filters in a Meraki?

I am currently blocking by disabling the Experimental QUIC protocol on Google Chrome browsers in my environments but any non managed systems can get around this or users can simply re-enable again.

Another method is to block outbound UDP 80 and UDP 443 but not sure if this will break anything else.

Preferred solution is for Meraki web filtering or layer 7 rules to work with QUIC.

Anyone come across this issue as it is a big security hole with Chrome?

Some more details here https://itzecurity.blogspot.ie/2015/06/quic-protocol-web-filtering-not-work.html

thank you!

PhilipDAth · ‎Jan 2 2018

As indicated, I would block udp/80 and udp/443.

GilMart_13 · ‎Mar 9 2023

I've been looking all over on how to set this up to block UDP/80 and UDP/443, is it a Firewall outbound rule? I have a Meraki MX68

Flashback · ‎Jun 2 2023

Block as follows - outbound:

UDP Any Any Any 443,80

You can verify it's working by doing the following before creating the rule using Chrome. Go to youtube.com and in Chrome open Developer Tools -- Security -- Look for "QUIC" under Connection.

Once you have created and saved the rule and given the MX a minute or two to pull down the changes, hard refresh the page and where it said QUIC originally it should now say TLS 1.3 or similar.

Meraki

Community

QUIC Protocol - Web filtering does not work properly from Google Chrome

QUIC Protocol - Web filtering does not work properly from Google Chrome