Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 7375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Psiphon VPN

dbachour

Greetings All,

Let me get directly into the point. My question is about blocking Psiphon application using Sophos XG firewall. I have followed a lot of tutorials and ended up with the following configurations:

  1. On the web filtration I have blocked access to the following categories:
    1. IPAddress
    2. None
    3. Parked Domains
    4. Spam URLs (Available only in XG)
    5. Anonymizers
    6. Spyware & Malware
  2. On the application filtration I have blocked access to:
    1. VPN
    2. SSH
    3. Proxy
    4. Tunnel
    5. DNS
    6. P2P
    7. QUIC
    8. PPTP
  3. On the firewall rule I have applied Decrypt & Scan HTTP
  4. I have following (community.sophos.com/.../132436) to make configurations on Sophos from console

After all this, Psiphon is still able to connect. Any ideas how to block this application? I am currently using SFOS 17.5.4 MR-4-1

 

Regards,



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    in your firewall rules do you have any rule with allow all for ports? In you general access rule you should only allow http/https, maybe ping, icmp. In the web tab have you enabled block invalid certificates and unrecognised SSL protocols?

     

    Ian

  • 0 in reply to rfcat_vk

    Hey,

    I have different firewall rules for different subnets. So, I am testing one rule on one particular IP address. Even after limiting the services from ANY to HTTP, HTTPS and ICMP in the Destination & services, Psiphon is still able to connect. And, as you mentioned Block unrecognized SSL protocols and Block invalid certificates are ticked.

    Also, I am sure that the testing device is using only that firewall rule (In case some one will ask/tell that the device might be using another rules)

    Regards,

     
     
Reply
  • 0 in reply to rfcat_vk

    Hey,

    I have different firewall rules for different subnets. So, I am testing one rule on one particular IP address. Even after limiting the services from ANY to HTTP, HTTPS and ICMP in the Destination & services, Psiphon is still able to connect. And, as you mentioned Block unrecognized SSL protocols and Block invalid certificates are ticked.

    Also, I am sure that the testing device is using only that firewall rule (In case some one will ask/tell that the device might be using another rules)

    Regards,

     
     
Children
No Data