QUIC - Deny:UTM Blocked

Hi TM_2026,

Based on the information shared, it appears that the firewall is currently blocking the QUIC protocol (UDP/443). Because of this, when the application tries to connect through the CDN domain, the connection is being blocked. Below are the recommended steps to confirm and address the issue.

Recommendations

1. Temporarily allow QUIC for testing

The goal here is to confirm whether QUIC blocking is the root cause.

* Go to Security Profiles → Application Control.
* Edit the Application Control profile applied to the affected policy.
* Under Application and Filter Overrides, create a new override.
* Search for QUIC and select it.
* Change the action from Block to Monitor.
* Save the changes and test the application.

This will allow QUIC traffic without blocking it, so we can verify if the application works normally when QUIC is not restricted.

2. Alternatively, force the application to use HTTPS instead of QUIC

If your security policy requires QUIC to remain blocked, you can force the application to use HTTPS (TCP/443), which is already allowed and inspected.

* Go to Policy & Objects → Firewall Policy.
* Edit the relevant policy or create a new one above it.
* Add a rule to deny UDP/443 traffic.
* Save and apply the policy.

Most applications will automatically fall back to HTTPS when QUIC is unavailable.

Next steps

* After making the change, test the application and confirm whether it works as expected.
* If the application works when QUIC is monitored or allowed, this confirms that QUIC blocking was the cause.
* You can then decide whether to allow QUIC permanently or keep it blocked and rely on HTTPS fallback, depending on your security and inspection requirements.

Since the CDN is part of Akamai Technologies infrastructure and is used by many services, allowing or blocking QUIC will affect protocol behavior rather than a specific application.