Security policy failure over SSL and QUIC rules.

nandeesha_r · ‎03-10-2025

We have security policies in place to block social media applications. However, in the past few days, these applications have been accessible without any restrictions. Upon investigation, we found that traffic over SSL and QUIC is being allowed for these sites. Please assist us in fully blocking access.

Model : FortiGate 60F

Firmware : v7.2.10 build1706 (Mature)

Application Control Policy :

Screenshot 2025-03-11 112502.png

Web URL Filter Policy :

Screenshot 2025-03-11 112710.png

Log in which we can see that the websites are getting allowed :

Screenshot 2025-03-11 113419.png

AEK · ‎03-10-2025

I think QUIC is a curse and should always be denied.

Try deny it and see if it helps.

AEK

nandeesha_r · ‎03-11-2025

Hi AEK,

Thanks for the reply, can you help me out with the steps to deny QUIC protocol and is there any chance that it might impact port 80 and 443.

FortiMentor · ‎03-11-2025

create a service with the protocol UDP and port 443 and deny it in a rule to the Internet. This new rule must be positioned above the existing rule for access to the Internet.

AEK · ‎03-11-2025

You can do like explained by FortiMentor, or you can also add an override to the used Application Control profile to deny the QUIC application, just like what you did for Facebook, Instagram and so

AEK

Security policy failure over SSL and QUIC rules.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website