Disable the HTTP/3 (QUIC) Protocol

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EPP

The Web Access Control feature does not support browsers with the HTTP/3 (QUIC) protocol.

To make sure that you can use Web Access Control, complete one of these procedures:

Disable HTTP/3 (QUIC) Protocol in Browsers on User Devices

To disable HTTP/3 protocol on a user device, complete these steps in the relevant browser:

Browser settings can vary for different versions.

Google Chrome

In the browser address bar, type chrome://flags. Disable the Experimental QUIC protocol option.

Microsoft Edge

In the browser address bar, type edge://flags/. Disable the Experimental QUIC protocol option.

Mozilla Firefox

In the browser address bar, type about:config. Disable the network.http.http3.enable option.

Opera

In the browser address bar, type opera://flags/#enable-quic. From the Experimental QUIC protocol drop-down list, select Disabled.

Add a Connection Rule to Block Traffic on Port 80, Port 8080, and Port 443 (Windows computers)

In this procedure, you create a firewall connection rule to block traffic that uses the UDP protocol on port 80, 8080, or 443. This forces the browser to send its requests with the TCP protocol on port 80, which corresponds to HTTP/2.

This procedure is effective on Windows devices only.

Screen shot of WatchGuard Endpoint Security, Firewall settings

To add a connection rule to block traffic on port 80, port 8080, and port 443:

  1. In WatchGuard Cloud, select Configure > Endpoints.
  2. Select Settings.
  3. Select Workstations and Servers.
  4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
    The Add Settings or Edit Settings page opens.
  5. Enter a Name and Description for the profile, if required.
  6. Select Firewall (Windows computers).
  7. Enable the firewall.
  8. In Connection Rules section, enable WatchGuard rules.
  9. To add a new connection rule, click The Add icon..
  10. In the Name text box, type a name for the rule.
  11. In the Description text box, type a description of the traffic filtered by the rule.
  12. From the Action list, select Deny.
  13. From the Direction list, select Outbound.
  14. From the Zone list, select Public Network or Trusted Network.
  15. From the Protocol list, select UDP.
  16. From the Remote Ports list, select Custom.
  17. In the Custom text box, add port 80, port 8080, and port 443, separated by a comma.
  18. Click OK.
  19. Click Save.
  20. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

Related Topics

Configure Web Access Control