Examples of QUIC Inspection
These examples illustrate some common uses for QUIC Inspection and general steps on how each scenario is configured.
The administrator in Company A allows users to safely browse the internet; however, the content must be considered safe and approved. The administrator uses URL Categories, URL lists, and Network Applications for allowing traffic from Company A's network, and lets all other traffic discarded. The administrator did not configure TLS inspection for the traffic, so TLS traffic is let through without performing decryption in the NGFW Engine.
The administrator initially discarded the QUIC traffic, as a result the web browsers revert to using TLS when QUIC is not permitted. However, as QUIC provides desirable improvements over TCP based TLS and the NGFW supports QUIC, the administrator want to enable web browsing using QUIC as well.
- Navigate to Add-Ons > QUIC Inspection in the engine properties.
- Select Enable QUIC ports for Web Traffic.
- Unselect Discard QUIC if TLS inspection is required by access policy.
- Save and refresh the policy.
The administrator still uses URL Categories, URL lists, and Network Applications for allowing approved traffic, but has enabled TLS inspection in the NGFW Engine for a subset of the traffic. However, some TLS traffic is still let through without decryption. The administrator wants to make sure that for the traffic that needs to be decrypted, QUIC is discarded, as decryption is not yet supported for QUIC traffic in the NGFW. As a result, web browsers revert to using TLS if QUIC is not permitted.
- Navigate to Add-Ons > QUIC Inspection in the engine properties.
- Select Enable QUIC ports for Web Traffic.
- Select Discard QUIC if TLS inspection is required by access policy.
- Save and refresh the policy.