Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 7375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Psiphon VPN

dbachour

Greetings All,

Let me get directly into the point. My question is about blocking Psiphon application using Sophos XG firewall. I have followed a lot of tutorials and ended up with the following configurations:

  1. On the web filtration I have blocked access to the following categories:
    1. IPAddress
    2. None
    3. Parked Domains
    4. Spam URLs (Available only in XG)
    5. Anonymizers
    6. Spyware & Malware
  2. On the application filtration I have blocked access to:
    1. VPN
    2. SSH
    3. Proxy
    4. Tunnel
    5. DNS
    6. P2P
    7. QUIC
    8. PPTP
  3. On the firewall rule I have applied Decrypt & Scan HTTP
  4. I have following (community.sophos.com/.../132436) to make configurations on Sophos from console

After all this, Psiphon is still able to connect. Any ideas how to block this application? I am currently using SFOS 17.5.4 MR-4-1

 

Regards,



This thread was automatically locked due to age.
Parents
  • 0

    I have just noticed, if you exclude Sophos Agent from applications in Psiphon, it will be able to communicate...

  • 0 in reply to dbachour

    Nasty application. I have been able to stop it using DNS ports, but it passes the http/https decrypt and scan by using un-cataloged sites.

    So why is Psiphon not detected by the XG and blocked? If I look at my reports it shows blcked, that was because I disabled the clientless user.

    Ian

     

    this investigation is becoming very interesting. Not showing blocked firewall and web log viewer entries, shows blocked in application logviewer entries.

    I have changed its maxpkts to 100 as suggested in one of the previous threads and slowed it down but still allowed connections.

     

    Looks like a restart is required

  • 0 in reply to rfcat_vk

    Further testing this morning. after the XG was restarted on a W10 tablet and if you allow PsiPhon to be installed it will connect.

    So you need to run a block install on your devices which IO am not sure how you achieve this on portable devices like iPhones or android phones and then block in the XG.

    The XG application blocks Psiphone from connecting, but not from establishing a connection to a destination site. I block DNS unless using the XG DNS.

    So there must be another setting that stops the Psiphon communication package from connecting but what and how to find it?

    Ian

     

    The communication package sets up connections via the proxy using both port 80 and 443. I have made additional changes to my web policies to see if that helps block it.

Reply
  • 0 in reply to rfcat_vk

    Further testing this morning. after the XG was restarted on a W10 tablet and if you allow PsiPhon to be installed it will connect.

    So you need to run a block install on your devices which IO am not sure how you achieve this on portable devices like iPhones or android phones and then block in the XG.

    The XG application blocks Psiphone from connecting, but not from establishing a connection to a destination site. I block DNS unless using the XG DNS.

    So there must be another setting that stops the Psiphon communication package from connecting but what and how to find it?

    Ian

     

    The communication package sets up connections via the proxy using both port 80 and 443. I have made additional changes to my web policies to see if that helps block it.

Children
No Data