Disable the HTTP/3 (QUIC) Protocol

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

The Web Access Control feature does not support browsers with the HTTP/3 (QUIC) protocol HTTP/3 is an improved hypertext transfer protocol that includes significant improvements in performance, reliability, and security.HTTP/3 runs on QUIC, a transport protocol designed for mobile-heavy Internet usage..

To make sure that you can use Web Access Control, complete one of these procedures:

• Disable HTTP/3 (QUIC) Protocol in Browsers on User Devices
• Add a Connection Rule to Block Traffic on Port 80, Port 8080, and Port 443 (Windows computers)

Disable HTTP/3 (QUIC) Protocol in Browsers on User Devices

To disable HTTP/3 protocol on a user device, complete these steps in the relevant browser:

Browser settings can vary for different versions.

Google Chrome

In the browser address bar, type chrome://flags. Disable the Experimental QUIC protocol option.

Microsoft Edge

In the browser address bar, type edge://flags/. Disable the Experimental QUIC protocol option.

Mozilla Firefox

In the browser address bar, type about:config. Disable the network.http.http3.enable option.

Opera

In the browser address bar, type opera://flags/#enable-quic. From the Experimental QUIC protocol drop-down list, select Disabled.

Add a Connection Rule to Block Traffic on Port 80, Port 8080, and Port 443 (Windows computers)

In this procedure, you create a firewall connection rule to block traffic that uses the UDP protocol on port 80, 8080, or 443. This forces the browser to send its requests with the TCP protocol on port 80, which corresponds to HTTP/2.

This procedure is effective on Windows devices only.

To add a connection rule to block traffic on port 80, port 8080, and port 443:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Settings.
3. Select Workstations and Servers.
4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
   The Add Settings or Edit Settings page opens.
5. Enter a Name and Description for the profile, if required.
6. Select Firewall (Windows computers).
7. Enable the firewall.
8. In Connection Rules section, enable WatchGuard rules.
9. To add a new connection rule, click .
10. In the Name text box, type a name for the rule.
11. In the Description text box, type a description of the traffic filtered by the rule.
12. From the Action list, select Deny.
13. From the Direction list, select Outbound.
14. From the Zone list, select Public Network or Trusted Network.
15. From the Protocol list, select UDP.
16. From the Remote Ports list, select Custom.
17. In the Custom text box, add port 80, port 8080, and port 443, separated by a comma.
18. Click OK.
19. Click Save.
20. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

Related Topics

Configure Web Access Control