What is QUIC?
QUIC is a new multiplexed transport built on top of UDP. HTTP/3 is designed to take advantage of QUIC's features, including lack of Head-Of-Line blocking between streams.
The QUIC project started as an alternative to TCP+TLS+HTTP/2, with the goal of improving user experience, particularly page load times.
Cato and QUIC
Cato can identify and block QUIC traffic as well as GQuic (Google QUIC) traffic.
To manage QUIC traffic in a firewall or network rule, GQuic is defined as an application, while QUIC traffic is defined as a service. This is an example of Internet firewall rules blocking QUIC traffic for an account:
Cato recommendation for QUIC
As the QUIC protocol works over UDP 443, encapsulated HTTP traffic is not parsed. This means that the analytics page will show only entries for the QUIC traffic instead of the application itself.
By creating separate rules to block QUIC and GQUIC traffic, the browser will use the default HTTP version instead of HTTP 3.0 and QUIC. This will then provide detailed analytics regarding the applications used, instead of just reporting on the usage of the QUIC or GQUIC applications.