How to Block QUIC Protocol?

What is QUIC?

QUIC (Quick UDP Internet Connections, pronounced quick) is an experimental transport layer network protocol developed by Google. QUIC supports a set of multiplexed connections between two endpoints over User Datagram Protocol (UDP), and provided security protection equivalent to TLS/SSL, along with reduced connection and transport latency, and capacity estimation in each direction to avoid congestion. QUIC's main goal is to optimize connection-oriented web applications currently using TCP. An experimental implementation is being put in place in Chrome by a team of engineers at Google.

When to Consider Blocking QUIC?

Versa VOS supports identification and control of QUIC (UDP 443) traffic; however, deep inspection and URL filtering capabilities are limited compared to traditional HTTPS (TCP 443) due to the nature of QUIC encryption.

Because QUIC operates over UDP and uses a different encryption model than standard TLS over TCP, certain Layer 7 services (such as URL filtering, captive portal redirection, or SSL inspection) may not be fully enforced on QUIC traffic.

In scenarios where full policy enforcement, user redirection, or traffic inspection is required, it is recommended to block QUIC (UDP 443). This forces applications to fall back to HTTPS over TCP (SSL/TLS), where Versa can apply complete Layer 7 processing and policy controls.

How to create a security policy that denies the QUIC App:

Under Objects& Connectors > Objects > Custom Objects > Services, please create 2 new services like shown in the snippet below.