Sophos Firewall and the QUIC protocol
In this article we explain what the QUIC protocol is and why you should disable it for security reasons, at least at the moment.
What exactly is the QUIC protocol?
QUIC steht für “Quick UDP Internet Connections” und wurde von Google entwickelt, um das Internet schneller zu machen.
Let’s take a well-tried protocol, such as HTTP (Hyper Text Transfer Protocol). Meanwhile, this is already available in a second version - HTTP/2. The transport protocol that HTTP relies on is TCP. This has proven to be reliable, but it is not very fast. The connection takes a long time and if the page is encrypted with SSL, it takes even longer. That’s exactly where Google came in and created a protocol with QUIC, which is not only secure but also enables fast connections.
QUIC does not rely on TCP, but on UDP, which is faster but as you know is also less reliable. Because of its speed, the protocol is also used for video or audio streaming. With QUIC, Google has managed to compensate for the unreliability of UDP and thus developed a fast, stable and secure protocol.
The web server running this website already supports QUIC. The default protocol is HTTP/2. However, if you are using Google Chrome, QUIC is used. On the following screenshot you can see how it works. Massively reduced package turnaround times (Round Trip Time > RTT).
Bildquelle: Chromium Blog
But QUIC can do even more, such as maintaining a connection to the web server. You probably know the behavior that when you visit a web page at home and then want to view it later on the road via 4G or in the office over the WLAN, the page will be reloaded. This behavior is triggered because your IP address has changed and disconnected from the web server. With QUIC this doesn’t happen to you, because you are working with a browser recognition and the connection can be easily reestablished.
QUIC - Not controllable with Sophos at the moment
Google has definitely developed something great with QUIC and with nearly 60% market share of the Google Chrome Browser (source: statista), they also have the power to spread this protocol.
The problem, however, is that QUIC bypasses the WebProxy, Sophos Sandstorm, but also malware scanning and content filtering. The reason for this is that currently only HTTP and HTTPS can be scanned by the web filter. As with HTTPS-Scanning, the firewall owner must become active in order to take no risk.
1st option: Google Chrome
The first option would be to disable the QUIC protocol directly in Google Chrome Browser. Just enter
chrome: //flags/ in the address line and deactivate QUIC.
2nd possibility: Via Application Control
If you prefer to block QUIC via the firewall, you can control it using Application Control. Simply create a new filter, add the QUIC protocol and finally select the created filter under Application Control.
3rd option: Block UDP on the firewall
In the third method, you can also simply block UDP on the firewall via ports 443 and 80, which will automatically use HTTP/HTTPS.