diff --git a/agent/app/service/firewall.go b/agent/app/service/firewall.go
index bb36d6d10..b8dcf96d8 100644
--- a/agent/app/service/firewall.go
+++ b/agent/app/service/firewall.go
@@ -711,6 +711,9 @@ func (u *FirewallService) addPortsBeforeStart(client firewall.FirewallClient) er
 	if err := client.Port(fireClient.FireInfo{Port: "443", Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
 		return err
 	}
+	if err := client.Port(fireClient.FireInfo{Port: "443", Protocol: "udp", Strategy: "accept"}, "add"); err != nil {
+		return err
+	}
 
 	return client.Reload()
 }
diff --git a/agent/app/service/iptables.go b/agent/app/service/iptables.go
index 49f921451..2f50118cd 100644
--- a/agent/app/service/iptables.go
+++ b/agent/app/service/iptables.go
@@ -363,6 +363,9 @@ func initPreRules() error {
 			return err
 		}
 	}
+	if err := iptables.AddRule(iptables.FilterTab, iptables.Chain1PanelBasicAfter, fmt.Sprintf("-p udp -m udp --dport 443 -j ACCEPT")); err != nil {
+		return err
+	}
 	if err := iptables.AddRule(iptables.FilterTab, iptables.Chain1PanelBasicAfter, iptables.DropAllTcp); err != nil {
 		return err
 	}