Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rafish
Explorer

Quic protocol

Hello,

 

I have cluster active/standby 23800 appliances the version is Gaia R80.40

My problem is that QUIC protocol is not working,

The Checkpoint cluster is perimeter firewall, which means all my Internet traffic goes via the checkpoint.

Google sites work with QUIC ,

The issue is when I'm surfing to Google from my organization I can only see that the connection authentication use TLS 1.3 and not QUIC authentication'

I configured rule with QUIC protocol service but still the connection authentication use TLS 1.3

 

Any idea ?

 

Regards

Rafi

Regards
Rafi
0 Kudos
7 Replies
_Val_
Admin
Admin

Do you have HTTPS Inspection enabled?

0 Kudos
rafish
Explorer

Sorry forgot to mention,

No, I don't have HTTPS Inspection

Regards
Rafi
0 Kudos
_Val_
Admin
Admin

Without HTTPSi we do not interfere with Quic, it should normally work. Are you sure this is FW that is causing the issues?

0 Kudos
rafish
Explorer

I done some tests that lead me to to checkpoint,

I will check again

Regards
Rafi
0 Kudos
_Val_
Admin
Admin

@rafish Just to be sure, if you believe this is a firewall, check for drops of quic traffic on the GW. If you see some, looking at them might help you to understand what to do.

 

0 Kudos
rafish
Explorer

I found the problem,

I have application rule that allow "Google Ads" which include service udp 443,

I added to specific application rule "Quic protocol" and when I surf to google site with chrome I can see that the encrypted and authenticated using QUIC

 

Thank you very much

Regards
Rafi
0 Kudos
Sorin_Gogean
Advisor

hey,

 

good to know, but if I may ask, why are you looking into allowing quick protocol?

I'm just asking, because there are some recommendations for dropping that traffic ( not only from CheckPoint side) and currently I don't see many reasons why would you do that.

Also another one that we're dropping, is DNS over HTTPS (DoH) , as it would overcome DNS security settings that you would have set in your environment.

 

Ty,

0 Kudos