QUIC Protocol - Web filtering does not work properly from Google Chrome

DaMiBu
Conversationalist

QUIC Protocol - Web filtering does not work properly from Google Chrome

Is there a best method to block QUIC or to get QUIC working with Web filters in a Meraki?

 

I am currently blocking by disabling the Experimental QUIC protocol on Google Chrome browsers in my environments but any non managed systems can get around this or users can simply re-enable again.

 

Another method is to block outbound UDP 80 and UDP 443 but not sure if this will break anything else.

 

Preferred solution is for Meraki web filtering or layer 7 rules to work with QUIC.

 

Anyone come across this issue as it is a big security hole with Chrome?

 

Some more details here https://itzecurity.blogspot.ie/2015/06/quic-protocol-web-filtering-not-work.html

 

thank you!

 

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

As indicated, I would block udp/80 and udp/443.

I've been looking all over on how to set this up to block UDP/80 and UDP/443, is it a Firewall outbound rule? I have a Meraki MX68

Block as follows - outbound:

UDP Any Any Any 443,80

 

You can verify it's working by doing the following before creating the rule using Chrome. Go to youtube.com and in Chrome open Developer Tools -- Security -- Look for "QUIC" under Connection.

 

Once you have created and saved the rule and given the MX a minute or two to pull down the changes, hard refresh the page and where it said QUIC originally it should now say TLS 1.3 or similar.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels