> When the client sends a hello, the firewall says “that looks like a TLS hello”, and then waits for the server’s response. It inspects the certificate and then applies any rules.

This kind of stuff is exactly why TLS 1.3 encrypts everything now.

Direct TLS can speed up your postgreSQL connection

"Having a dumb firewall can slow down your connections"

Is there a conflict or significant redundancy between QUIC TLS and DTLS?

Yeah, my take away is more "yet another example of a lousy firewall causing dumb issues".