FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ted
Staff
Staff
Article Id 364237
Description

This article describes how to activate HTTP/3 and QUIC in Windows 10.

Starting from v7.4.1, FortiGate can handle HTTP/3 and QUIC traffic in deep inspection, besides inspecting HTTP/3 traffic in flow inspection that was introduced in v7.2.0.

It is useful for those who need to reproduce an issue regarding HTTP/3, to understand how to generate HTTP/3 traffic for test purposes and what specific steps are required.

Scope FortiGate.
Solution
  1. Enable QUIC protocol: 
    • Type 'chrome://flags' in the address bar on the Chrome browser.
    • Search 'Experimental QUIC protocol'.
    • Set it to 'Enabled'.


HTTP3_flags.png

 

  1. Enable TLS 1.3 (For Chrome Browser):
    • Select the Windows 'Start' icon and search 'Internet Options' in the Windows Control Panel.
    • Go to the 'Advanced' tab.
    • Select the checkbox 'Use TLS 1.3 (experimental)' to mark it as checked.

      HTTP3_internet_options.png

     

  2. Verify HTTP/3 protocol usage:
    • Open 'Developer Tools' in Chrome by pressing F12.
    • Go to the 'Network' tab and look for the 'Protocol' column.
    • Access a website that must support HTTP/3 protocol, such as 'cloudflare-quic.com' or 'google.com'.
    • If the website is using HTTP/3, it should be shown as 'h3' or 'QUIC ' in the protocol column.
    • If the Protocol column still shows 'h2' even though QUIC and TLS 1.3 are enabled, connect a mobile hotspot as an alternative to make sure a firewall does not block TLS 1.3.


HTTP3.png

 

Related documents:

Technical Tip: QUIC / HTTP3 support for certificate and deep inspection

FortiOS 7.4.0 New Features: Enhancement to QUIC and HTTP3 inspection

Contributors