Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
iskandar_lie
Staff
Staff

Created on ‎03-27-2023 10:39 PM

Article Id 250425

Troubleshooting Tip: Quic protocol is blocked despite there is no block policy in multi-vdom

Description This article describes why the Quic protocol is blocked despite there being no block policy in multi-vdom with mixed profile: policy mode setup.
Scope FortiGate v7.0.x.
Solution

In this scenario: 

1) Multi-vdom firewall with mixed profile: policy-based mode.

2) Root VDOM is a profile-based mode.

3) This subsequent VDOM is policy-based mode 

 

Quic traffic is blocked in subsequent VDOM:

 

Log.PNG

 

The firewall policy is without UTM enabled or any block rule:

 

Policy.PNG

 

Workaround::

Changing root VDOM from profile to policy-based mode. 

 

Conclusion:
In a multi-vdom setup, if the root VDOM is profile based and the subsequent VDOMS in policy-based, it is required to change the root VDOM to policy based to allow Quic.
Also, the firewall should have an IPS engine version 7.000100 or higher.

 

Related documents:

Technical Tip: Block QUIC Protocol - Fortinet Community

Technical Tip : How to block/disable QUIC - Fortinet Community

Technical Note: Disabling / Blocking QUIC Protocol... - Fortinet Community
4607
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.