Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 10855 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall - how to block VPN, application control not working

michael-co100

Hi, I am trying to use Sophos XG Firewall to block Hoxx VPN service, which is being run from Google chrome add in. On the firewall tab, on #Default_Network_Policy, I have added an Application Control called "BlockVPN_MC", in which I have added the application list including many VPN services, including Hoxx VPN. (its basically the same list as the default "Block filter avoidance apps". However, this does not block the Hoxx application, it can still run, and I don't know why its allowing it to work still.

So then I tried to create another firewall rule, which would "drop" anything from the LAN to the WAN on high ports that Hoxx uses, such as source ports of 10000 - 50000 and destination port of 443 . This will block Hoxx, but it also blocks anything else that uses https, and that is not acceptable.

I'm out of ideas, do you have anything else I could try? Is there a way to get the application control to block Hoxx? I don't understand why its not working.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    please post your full rule and where it sits in your rule list?

    Ian

  • 0 in reply to rfcat_vk

    Here are some screenshots.  Let me know if you need more.  I have the "Block_High_Ports" rule disabled because it also blocks all https from port 443, and I can't have that, that's why there is a line thru it.

     

     

  • 0 in reply to michael-co100

    Sorry the above pictures might be hard to see, these should be better.

  • 0 in reply to michael-co100

    Hi Michael,

    thank you for the details. You will also need a web policy because the application might actually be running within a web browser not a distinct application.

    In the log viewer what can you see as far as connections go from one of the offending devices (IP specific filter)?

    I checked the hoxx website, it is not an application but an add-on to web browsers, that is why the application does not stop it.

    You will need to create a web filter to be applied as well as your application filter. And finally it is not a very secure vpn.

    you can try both IP address and web (url).

     

    Ian

  • 0 in reply to rfcat_vk

    Here is a screenshot from the Log Viewer.  You can see that rule #2 is allowing these to go through, which is the rule that contains the application filter.  (it is the first 5 lines, going to destination port 443).  

    Could you give me an example of a web filter that I could use for this situation?  I'm not quite sure how I would setup the web filter. 

    I couldn't really set it for an IP address since the VPN changes its IP address every time it connects, right?

     

  • 0 in reply to michael-co100

    OK, I just created a new web filter with a category of Anonymizers.  Then added that web filter to my Firewall rule.  This works to block the Hoxx web browser add in.  So looks like its doing what I needed.

    Thanks

Reply Children
No Data