Configuring QUIC or HTTP/3 inspection settings

• Access rules when configuring QUIC inspection:

  Table 1.

  Source	Destination	Service	Action
  ANY	ANY	HTTP HTTPS QUIC	Allow Deep inspection: on File Filtering: off Decryption: disallowed Snort: off

• Access rules when configuring HTTP/3 inspection:

  Table 2.

  Source	Destination	Service	Action
  ANY	ANY	HTTP HTTPS QUIC	Allow Deep inspection: on File Filtering: on Decryption: allowed Snort: off

• Discard HTTP/3 if TLS inspection is required by access policy: Select the Default option. For more information, refer to the Protocol Parameters tab, when Protocol is QUIC table in the Create custom Service elements topic.
  Note: Select the Default option unless a rule-specific exception is required for this setting.
• HTTPS Inspection Exceptions: Select the domains that must not be decrypted. For more information, refer to the Exclude domains from inspection of HTTPS traffic topic.
• Logging of Accessed URLs: Select one of the following options:
  • Yes — An HTTP_URL-Logged situation including the URL is logged for each HTTP/3 request.
  • No — HTTP_URL-Logged situations are not logged.

For details, refer to the Protocol Parameters tab, when Protocol is HTTP or HTTPS table in the Create custom Service elements topic.

• Yes — HTTP header that indicates the server support for HTTP3/QUIC is stripped away. This way clients typically end up using HTTP/2 instead of HTTP/3.
• No — HTTP header that indicates the server support for HTTP3/QUIC is not stripped away. When configuring QUIC or HTTP/3 inspection this option must be selected to make clients aware that HTTP/3 can be used.