10-29-2018 07:25 AM
Just curious.
The recommended QUIC rules set the action to 'deny', but the first rule is for service udp 80/443 any application. Is there a reason this is a 'deny' and not a 'drop'?
Reference
HOW TO BLOCK QUIC PROTOCOL
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClarCAC
What a difference a Deny makes
https://live.paloaltonetworks.com/t5/Community-Blog/What-a-difference-a-Deny-makes/ba-p/188811
10-29-2018 08:12 AM
There isn't a default "Deny Action" on QUIC, as it is (as you note) a UDP-only protocol. I believe that the default Deny is equivalent to a Drop, unless you check the checkbox on the "Send ICMP Unreachable" option.
"For a UDP session with a drop or reset action, if the ICMP Unreachable check box is selected, the firewall sends an ICMP message to the client."
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
