I think if you allowed quic, chrome would default to that for comms to google services (unless explicitly disabled in the browser settings), so that would also mitigate the issue, but you'd lose content control over all that traffic as the NGFW cant look inside quic at all. I've always blocked quic on all our deployments for as long as I can remember. Well, there's 2 or 3 of us with it on the thread with the issue now! 🙂 Tried hard to recreate in 10.0.2, cant do it. I've checked a location with 9.0.9, doesnt seem to do it their either, this ones a different client so slightly different policy setup, they were actually allowing quic, blocked it, still all working fine. so strange, seems movable... they're all on the same apps/threats which includes the decoder updates. anyway feel like raising a TAC case? 😉
... View more