Skip to end of metadata
Go to start of metadata


Description:

The content filter only monitors TCP ports. An application using a UDP port cannot be filtered by the content filter. This is the case with the YouTube app for Android mobile devices, among others. This uses the protocol QUIC (Quick UDP Internet Connections). QUIC uses UDP ports 80 and 443.

To prevent the application from communicating unfiltered with the Internet, the UDP ports 80 and 443 have to be blocked in the firewall. 

Note:
The application should basically fallback to TCP if the UDP ports 80 and 443 are blocked. In theory, applications may no longer function.


Requirements:


Procedure:

1) In LANconfig, open the configuration dialog for the router and switch to the menu item Firewall/QoS → IPv4 rules → Rules

2) Create a new firewall rule for blocking UDP port 80 and enter a meaningful name on the General tab.

3) Change to the Actions tab and check that the action object REJECT is in place.

4) Switch to the Stations tab and, under Connection source, select the item connections from the following stations → Add → LOCALNET.

Note:
The object LOCALNET includes all of the local networks created on the router. 

If necessary, you can use the menu item Add custom station to select a specific network or network range.

5) Navigate to the Services tab. Under Protocols/target services select the item the following protocols/target services and click → Add → Add custom service.  

     

6) Set the checkmark for UDP and Ports and enter the port 80.

7) Mark the firewall rule created in steps 2 - 6 and click on Copy to create a second firewall rule to block UDP port 443.

8) On the General tab, change the Name of the rule. 

9) Go to the Services tab and, under Protocols/target services, select the service object created in step 6 and click on Edit.

10) Specify the port 443.

11) The new firewall rules should then appear as follows.

12) This concludes the configuration of the firewall. Write the configuration back to the router.