Block as follows - outbound: UDP Any Any Any 443,80   You can verify it's working by doing the following before creating the rule using Chrome. Go to youtube.com and in Chrome open Developer Tools -- Security -- Look for "QUIC" under Connection.   Once you have created and saved the rule and given the MX a minute or two to pull down the changes, hard refresh the page and where it said QUIC originally it should now say TLS 1.3 or similar. ... View more

DoH and DoT is now a category that can be chosen on the content filtering page. ... View more

I think I've fixed this now - I had to change the source port from 443,80 to Any and I can now see hits against it and when using the 'Security' tab in Developer Tools it now shows TLS 1.3 rather than QUIC. ... View more

Would the correct way to block it be: Deny UDP Any 443,80 Any 443,80 ? When I have that in place I'm not seeing any hits against it (am trying to access Facebook, YouTube and Gmail to trigger it, using Chrome). The rule is at the bottom of our deny rules list, but placed before any allow rules if that makes any difference. ... View more