The Block QUIC Protocol bug

PeterUK

FLEX H

V1.38(ABZI.0) and V1.38(ABZI.0)ITS-26WK16-m11228

So this option was a pain to know about due to it somewhat working and well really not working you can find this option in system > advanced

So here the problem for what tests I have done and think bug is.

So lets say Block QUIC Protocol is enabled and the LAN is Ethernet traffic for QUIC Protocol is blocked but if you disable Block QUIC Protocol it will not disable and thats with a reboot. Then you got LAN by VLAN Block QUIC Protocol is enabled but it does not block the QUIC Protocol.

PeterUK

update hmm now it seems to be working but not sure why? maybe it did not save right to nebula to work locally?

Zyxel_Melen

Hi @PeterUK

I can replicate this issue with LAN client watching YouTube video. And I don't think this is because it didn't save right to Nebula. In my replication, I kept the configuration (disable to enable) after a while before reboot and checked the configuration status on Nebula is up to date.

We will investigate further and update you once I get further information.

Delta69

Zyxel_Melen

Hi @PeterUK

After investigation, we think this issue is because:

1. When disabling "block QUIC protocol", the existing traffic will continue using non-QUIC protocols, such as TCP for YouTube, since the client and server have already negotiated the transmission process. If an user opens another YouTube video or any application that uses UDP port 443 with a retransmit mechanism, that UDP port 443 traffic will be allowed through.
2. When re-enabling "block QUIC protocol", the firewall will not clear existing sessions to enforce the blocking. We will evaluate this behavior for potential improvement.

Additionally, we will include logs for QUIC blocking in the next firmware release.