All Google sites offer access to their sites using their QUIC protocol.
This protocol makes use of UDP as its transport method and allows for a speed up of accessing Google websites as it avoids the cost of establishing a TCP connection.
To block QUIC do the following:
- Add a Firewall Rule on the interface that you wish to block the traffic (typically LAN) and make sure the Firewall rule is above the default rule which allows the network full access outbound.
-
Specify source as the network you want to block, specify any as the destination and specify the protocol as UDP. The destination ports should be set to 443 and port 80. So you can either create two rules or create a port alias which includes port 443 and port 80 and use that in a single rule.
- You may also need to block the Alternate-Protocol header which the server sends. Do this by going to Web Security > Settings > Advanced Settings. In the custom options text block (at the bottom) add the following line of configuration:
reply_header_access Alternate-Protocol deny all
Note: This is not applicable if running version 2.2 of the UTM software.
This will block QUIC and and the devices, accessing Google sites, will fall back onto TCP as their transport method.