Examples of QUIC and HTTP/3 Inspection

The administrator at Company A allows users to browse the internet safely, but only if the content is approved. To enforce this policy, the administrator uses URL Categories, URL Lists, and Network Applications to allow specific traffic from Company A’s network while discarding all other traffic.

Since TLS inspection is not configured, TLS traffic is allowed to pass through without decryption by the Engine. Without the Forcepoint Network Security Platform, the administrator might have needed to discard the HTTP/3 traffic causing web browsers to fall back to HTTP/2 when HTTP/3 was not allowed. However, since HTTP/3 provides improved performance and benefits over HTTP/2 and HTTP/3 is supported by the engine. The administrator has decided to allow secure web browsing over HTTP/3 as well.

For details to use QUIC inspection, refer to the Configuring QUIC and HTTP3 settings on the Security Engine topic.

The administrator still uses URL Categories, URL Lists, and Network Applications to allow approved traffic. TLS inspection has been enabled in the Engine for a subset of the traffic, while some TLS traffic is still allowed through without decryption.

To enhance visibility, the administrator also enables HTTP/3 inspection for web traffic. Because HTTP/3 runs over QUIC (a UDP-based protocol) instead of TCP, it provides better performance compared to traditional TCP/ TLS-based HTTP/2. By enabling HTTP/3 inspection, the administrator ensures that threats hidden within HTTP/3 traffic can be detected and blocked, preventing attackers from using HTTP/3 as a blind spot.

For details to use HTTP/3 inspection, refer to the Configuring QUIC and HTTP3 settings on the Security Engine topic.