UDP 443 becoming more prevelant

Reply
L6 Presenter

Re: UDP 443 becoming more prevelant


@DShofkom33x wrote:
Yeah I saw this article too. I think this is exactly it. It seems to be something FB has turned up recently. Even though the application should switch over to TCP the user experience on an enterprise network is much more painful, as you can imagine. If other applications are moving to this protocol, it would be nice to know how long it takes for Palo Alto to profile something that is widely used (i.e Facebook application).

 

I think your last question has already been answered from Palo documentation...They don't support it.  Their documentation says to block QUIC and allow the traffic to naturally use other native TCP protocols/applications. (Yes 'double' protocol used for clarity.)

Highlighted
L6 Presenter

Re: UDP 443 becoming more prevelant

So it looks like the update on the 16th Content version 8153 has facebook-base as 443/UDP as default port.

 

443.PNG

L1 Bithead

Re: UDP 443 becoming more prevelant

I understand it's recommended to block (and we did) but the user experience is horrible. I hope this isn't the new norm for these type of applications.
L3 Networker

Re: UDP 443 becoming more prevelant

On our network of >30k devices, we have not had one single complaint after blocking QUIC a couple years ago.  What kind of horrible user experience are you running into? @DShofkom33x 

L6 Presenter

Re: UDP 443 becoming more prevelant


@OGMaverick wrote:

On our network of >30k devices, we have not had one single complaint after blocking QUIC a couple years ago.  What kind of horrible user experience are you running into? @DShofkom33x 


 

Yeah QUIC has always been blocked for us as well and we have had no issues regarding impact to user performance either.

L7 Applicator

Re: UDP 443 becoming more prevelant

Just going to throw in with the last few comments; I have udp/443 blocked across every network I manage and nobody has ever noticed it wasn't working, let alone brought up any user experiance issues. 

L7 Applicator

Re: UDP 443 becoming more prevelant

Same here ... 443/udp blocked outgoing ... 0 problems and 0 users complaining about a bad user experiance

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!