Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 7375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Psiphon VPN

dbachour

Greetings All,

Let me get directly into the point. My question is about blocking Psiphon application using Sophos XG firewall. I have followed a lot of tutorials and ended up with the following configurations:

  1. On the web filtration I have blocked access to the following categories:
    1. IPAddress
    2. None
    3. Parked Domains
    4. Spam URLs (Available only in XG)
    5. Anonymizers
    6. Spyware & Malware
  2. On the application filtration I have blocked access to:
    1. VPN
    2. SSH
    3. Proxy
    4. Tunnel
    5. DNS
    6. P2P
    7. QUIC
    8. PPTP
  3. On the firewall rule I have applied Decrypt & Scan HTTP
  4. I have following (community.sophos.com/.../132436) to make configurations on Sophos from console

After all this, Psiphon is still able to connect. Any ideas how to block this application? I am currently using SFOS 17.5.4 MR-4-1

 

Regards,



This thread was automatically locked due to age.
Parents
  • 0

    Hey again,

    I have managed to block Psiphos finally, but still maintaining device access to the network is not as easy as expected. As I mentioned in the main post, I have applied web filtration and application filtration which wasn't enough. On the destination services I have added apart from HTTP, HTTPS and ICMP the following services:

    1. DNS
    2. SMTP

    But, Psiphon and other VPN applications were still working. The only way I found is:

    1. Enabling Decrypt & scan HTTPS which is giving a headache when a mobile phone is connected (Even after installing Sophos agent, my mobile couldn't connect to the internet)
    2. Enabling Identity > Match known user which will force the users to sign-in using Sophos Network Agent. In this case, if a VPN application will launch, the agent will disconnect and the user won't be able to access network.

     

    Please, if you have any other idea, kindly share.

     

    Regards,

Reply
  • 0

    Hey again,

    I have managed to block Psiphos finally, but still maintaining device access to the network is not as easy as expected. As I mentioned in the main post, I have applied web filtration and application filtration which wasn't enough. On the destination services I have added apart from HTTP, HTTPS and ICMP the following services:

    1. DNS
    2. SMTP

    But, Psiphon and other VPN applications were still working. The only way I found is:

    1. Enabling Decrypt & scan HTTPS which is giving a headache when a mobile phone is connected (Even after installing Sophos agent, my mobile couldn't connect to the internet)
    2. Enabling Identity > Match known user which will force the users to sign-in using Sophos Network Agent. In this case, if a VPN application will launch, the agent will disconnect and the user won't be able to access network.

     

    Please, if you have any other idea, kindly share.

     

    Regards,

Children
  • 0 in reply to dbachour

    Hi,

    I don't have an AD. I built a seperate firewall rule for my phones until I could workout how to get hem to work with the https scanning. I have one iPhone and an iPad working with https scanning at this stage.

    I have beem working o how to block TOR browser.

    You might want to put the DNS and SMTP into separate rules where the destination is a specific site, also the SMTP you might use the mail business rule. The device DNS need to be pointing at the XG so it is part of the application verification path otherwise the XG has no idea about the classification of the application  you are using.

    Ian

  • 0 in reply to rfcat_vk

    Hey,

    Can you provide me with little bit more details? Most of the phones here are running Android.

     

    Regards,