It’s been a crazy, busy week on the work front – I’m only a couple days in but we’ve got a lot accomplished! Warning – this post gets a little nerdy. 😂😁

We’ve been tweaking things on our firewall infrastructure, and it got me thinking about how easy it is to think you’re 100% safe and secure, only to realize there’s a massive blind spot that can completely slip right past you. It kind of reminds me of that liminal horror feeling—where everything looks perfectly normal on the surface, but underneath, something is completely off.

So, I wanted to write a quick post about a sneaky security gap regarding standard web traffic and a little protocol called QUIC that might be running completely unnoticed on your network right now.

Side note – I’ve always like the world of Conan and the fantasy of Dungeons and Dragons – so I’ve envisioned the “Citadel of Ancient Data” which is your network firewall and traffic being inspected – but if you look to the side of the featured image, you will see the QUIC data taking the unmonitored path to the Internet Gateway – a land of unknown peril!!!

If you run a fully licensed firewall—like a WatchGuard Firebox or Unifi Gateway with Deep Inspection – the appliance may have all the security services enabled, and that’s great!

You probably sleep pretty well at night – you’re paying for Gateway Antivirus, Intrusion Prevention (IPS), and WebBlocker URL filtering to aggressively scrutinize every single thing coming into your network. You look at your dashboards, you see the traffic flowing, and everything looks locked down.

But here is the freaky part: Google Chrome and Microsoft Edge (and more services) might be completely bypassing those security layers without you even knowing it.

The Hidden Vector: QUIC Protocol
Years ago, Google created a protocol called QUIC (which is now the backbone of HTTP/3). It’s designed to make web browsing faster by sending data over UDP port 443 instead of traditional TCP.

The performance benefits are great, but from a security standpoint, it creates a massive blind spot. Traditional firewall security services were entirely engineered around intercepting the standard TCP handshake to perform Deep Packet Inspection (DPI) and decrypt HTTPS traffic.

QUIC does things differently. It encrypts almost everything, including its own transport headers.

So, when your users are browsing the web using Chrome, and they hit a massive platform that natively supports QUIC—like Google Search, YouTube, Gmail, Microsoft 365, or any site behind Cloudflare—the browser automatically establishes an encrypted UDP tunnel.

A firewall might look at it and report exactly how many gigabytes of QUIC traffic are flowing through. But because it’s an encrypted UDP stream, the firewall’s deeper security layers are essentially blind to the actual payload.

Gateway Antivirus can’t scan files downloaded inside that stream for malware. 🤯
WebBlocker can’t enforce strict URL filtering rules or SafeSearch. 😲
IPS can’t look for exploits hidden in the web data. 😮

An admin can easily think their network is being fully scrutinized, while a massive chunk of web traffic is just slipping right past the monitor because the firewall can’t decrypt it.

In order to resolve the issue – your appliance may have a easy way to disable the QUIC protocol or you can block outbound UDP traffic on port 443.

You can use the website below https://browserleaks.com/quic to check if your browser is using QUIC.

Well – I hope this post was helpful, have a good one!

Jason