Unable to block Facebook
Hello, I have configured SSO in Ad and I can correctly see the user connecting, but the proxy rule (and/or Application Block) to block Facebook is ignored. I have obviously moved the rule to the top, but nothing changes.
M390 release 12.11.7
0
Sign In to comment.
Comments
could be QUIC protocol problem....
check: https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3dzSAA&lang=en_US
Wow kimmo, you're a genius! With this rule it works. I was going crazy, thank you so much, I wouldn't have gotten out of it. Thanks again, have a nice day
It would be nice that this Deny QUIC policy would be automatically added to the config when enabling inspect mode in HTTPS-Proxy or when the HTTPS-proxy is used with only WebBlocker.
Some firewall vendors are already doing this…. :-)
What does a logged QUIC connection appear as? Will a search for "protocol=https/udp" expose it? In other words, what would be a valid search in WSM, Dimension or Log Manager to see if clients are successfully bypassing (or being blocked) when QUIC is utilized by the browser.
https/udp
Example:
2026-02-06 10:46:17 Deny 10.0.1.2 104.18.227.85 https/udp 60832 443 Trust-VLAN External Denied 1280 127 (Deny_QUIC-00)
Thanks Bruce. I just like to confirm and make sure that I wasn't missing anything. It does appears my final deny rule at the end of the rule set (auto order off) is blocking it.
2026-02-06 11:09:17 Deny 192.168.131.60 31.13.66.4 https/udp 50912 443 Mobile VLAN External Denied 1260 63 (Outgoing TCP-UDP-00)