Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 10861 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall - how to block VPN, application control not working

michael-co100

Hi, I am trying to use Sophos XG Firewall to block Hoxx VPN service, which is being run from Google chrome add in. On the firewall tab, on #Default_Network_Policy, I have added an Application Control called "BlockVPN_MC", in which I have added the application list including many VPN services, including Hoxx VPN. (its basically the same list as the default "Block filter avoidance apps". However, this does not block the Hoxx application, it can still run, and I don't know why its allowing it to work still.

So then I tried to create another firewall rule, which would "drop" anything from the LAN to the WAN on high ports that Hoxx uses, such as source ports of 10000 - 50000 and destination port of 443 . This will block Hoxx, but it also blocks anything else that uses https, and that is not acceptable.

I'm out of ideas, do you have anything else I could try? Is there a way to get the application control to block Hoxx? I don't understand why its not working.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to michael-co100

    Hi Michael,

    thank you for the details. You will also need a web policy because the application might actually be running within a web browser not a distinct application.

    In the log viewer what can you see as far as connections go from one of the offending devices (IP specific filter)?

    I checked the hoxx website, it is not an application but an add-on to web browsers, that is why the application does not stop it.

    You will need to create a web filter to be applied as well as your application filter. And finally it is not a very secure vpn.

    you can try both IP address and web (url).

     

    Ian

Children
  • 0 in reply to rfcat_vk

    Here is a screenshot from the Log Viewer.  You can see that rule #2 is allowing these to go through, which is the rule that contains the application filter.  (it is the first 5 lines, going to destination port 443).  

    Could you give me an example of a web filter that I could use for this situation?  I'm not quite sure how I would setup the web filter. 

    I couldn't really set it for an IP address since the VPN changes its IP address every time it connects, right?

     

  • 0 in reply to michael-co100

    OK, I just created a new web filter with a category of Anonymizers.  Then added that web filter to my Firewall rule.  This works to block the Hoxx web browser add in.  So looks like its doing what I needed.

    Thanks