SOTI Pulse Logo

QUIC Protocol in Enterprise Networks

K
kmart
Vail Resorts

Does anyone have issues with Android devices failing to initiate TCP traffic behind enterprise firewalls after the QUIC (UDP/443) is dropped? I have Zebra devices with an Enterprise Binding to the Google Play store but they fail to present the opportunity to download the app in the Play Store. It just states the application isn't available in the Play Store application. The expected behavior for the QUIC protocol failing is the device then starts to communicate on TCP but some of these Zebra devices never do. Our company blocks UDP 443 traffic to Google destination hosts. 

Zebra MC3300 QUIC UDP TCP
2 years ago
Android
ANSWERS
RC
Raymond Chan Diamond Contributor
2 years ago

As far as I know, UDP at port 443 is not required. 

Was your firewall set up to allow only SELECTED FQDN's for 443 ?

K
kmart
2 years ago

Hey Raymond, 

Exactly, its not listed as a requirement per the Google EMM network requirements list. But I have a bunch of devices that are not reverting back to trying TCP. There's a single UDP try to a Google endpoint then nothing else. If there was a list of FQDN's then this would be a non-issue but thats not the case. Also they have a ton of wildcard destinations in the list which we can't do on our firewalls without allowing UDP 443 at a global level. Is there a way to force Android devices to not use QUIC at all? 

Thanks, 

Kory

Similar Discussions