Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 36 subscribers
  • Views 22122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Psiphon, Ultrasurf, etc.

Deo Angelo Lim

Hi Guys,


Good day!

 

If you are having a problem on blocking these kind of applications. Do not hesitate that the application filtering of SophosXG is not working or do not even try to block it on IPS (Custom IPS). Its a matter of adjustments in Console. See steps below:

 

1. Log in as a Super administrator (username: admin)

2. Go to admin drop-down options and choose CONSOLE.

3. As usual you have to log in again.

4. Chose option 4 which is Device Console.

5. Type this command "show ips-settings", maxpkts should be in default value = 8, and you have to change the value to 70.

6. Run this command "set ips maxpkts 70".

7. Run again to double check "show ips-settings".

8. Then try to test again if these applications are blocked already.

 

Warm Regards,

Deo Angelo Lim



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to GonFreecs

    Hi GonFreecs ,

    We have created a KBA for this issue , please refer

    https://sophos.com/kb/132436

    CLI settings

    1. Sign in to the Sophos XG Firewall's console and select 4. Device Console.
    2. Verify the current configuration by issuing the following commands.
      show advanced-firewall
      show ips-settings
    3. Issue the following commands for the recommended settings.
      set advanced-firewall midstream-connection-pickup off
      set ips maxsesbytes-settings update 0
      set ips maxpkts 80
      set ips packet-streaming on

    GUI settings

    Application filter policy settings

    Along with P2P and Proxy and Tunnel category, applications listed below must be denied in the application filter policy. In case of CROS Micro App should be enabled in Application filter Policy.

    • DNS Multiple QNAME
    • OpenVPN
    • QUIC

    Firewall rule settings

    The same application filter policy (as configured above) must be applied to DNS Firewall rule as well, if there is any.

    For Psiphon Proxy

    1. HTTPs scanning needs to be enabled in firewall rule
    2. Web filter policy with below categories denied must be applied to the firewall rule
      1. IPAddress
      2. None
      3. Parked Domains
      4. Spam URLs (Available only in XG)
      5. Anonymizers
      6. Spyware & Malware
    3. Block Invalid Certificates must be enabled in SFOS and Allow Invalid Certificates should be disabled in CROS.
    4. Allow only HTTPS, HTTP, DNS, ICMP, SMPT etc. services (essential services) on LAN→WAN; if Psiphon is connected even after following above 3 steps.
    5. Block Non-SSL/TLS traffic on port 443 application on the application filter policy.
  • 0 in reply to Aditya Patel

    hey guys, tried earlier these steps above by  using hardware XG v17.5 MR-3 seems to be successfully blocking Psiphon3 

     

    enable https scanning and install XG's cert on your machine/browser: https://community.sophos.com/kb/en-us/123048