Skip to content

Troubleshooting

Disabling the QUIC protocol

This topic provides steps on how to disable QUIC protocol in Google Chrome and Opera browsers.

Overview

QUIC is the name for an experimental protocol and it stands for Quick UDP Internet Connection. The protocol supports a set multiplexed connections over UDP, and was designed to provide security protection equivalent to TLS/SSL, along with reduced connection and transport latency.

Some websites are not being filtered because they use the QUIC protocol. QUIC is not a standard SSL protocol and it is not filtered by MITM (certificate is not signed by MITM).

  • To check if a website is using the QUIC protocol in Google Chrome, install the “spdy http2 indicator” extension.

  • To check if a website is using the QUIC protocol in Opera, install the HTTP Headers extension.

Disabling QUIC protocol In Google Chrome

The QUIC protocol can be disabled by using one of these procedures:

  1. Disable QUIC in Google Chrome:

    1. In the URL type “chrome://flags”.

    2. Search for “Experimental QUIC protocol” and disable it.

  2. Use an Endpoint Security firewall rule.

    To create a Firewall Application Rule blocking Chrome:

    1. Open the policy currently running on the affected machines.

    2. Add a Application Firewall Rule for chrome.exe.

    3. Configure the Application Firewall Rule as follows:

      1. Add a rule name and an application path for chrome.exe.

      2. Under Settings, select the Any check box next to Local Address.

      3. Select the Any check box next to Remote Address and add port 443 next to Port or port range.

      4. Select UDP for ProtocolBoth for Direction, and Any for IP.

        10044_1.png

      5. Under Network, select the Home/Office and Public check boxes. For Permission, select Deny.

      6. Click the Save button.

    4. Apply the modified policy on the endpoints.

Disabling QUIC protocol via Group Policy

The QUIC protocol can be disabled using the Group Policy (GPO), by the following procedure:

  1. Open the Group Policy editor console.

  2. Under User Configuration, select Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome.

  3. Find the setting Allows QUIC protocol and set to Disabled.

  4. Click Ok.

Disabling QUIC protocol in Opera

To solve this issue, you need to disable QUIC protocol by one of the following procedures:

  1. Disable QUIC protocol in Opera:

    1. In the URL field, type “opera://flags”.

    2. Search for “Experimental QUIC protocol” and disable it.

  2. Disable QUIC protocol by using a firewall rule for Opera.

    1. In the GravityZone console, open the policy currently running on the affected machines.

    2. Go to Firewall > Rules > Add and select Application.

    3. In the configuration window, enter the path for opera.exe.

      The path should be should be: C:\Program Files\Opera\XX.X.XXX.XXX\opera.exe, where the folder XX.X.XXX.XXX is the current installed version of Opera.

    4. Next to Local Address, select the Any check box.Next to Local Address, select the Any check box.

    5. Next to Remote Address, check the Any box and add 443 for Port or port range.

    6. Save the changes and the policy.

      10044_2.png
 
Page Menu