Block Psiphon VPN

Hi,

Sincerely, I am almost giving up. I have noticed, that with other VPN applications if you exclude Sophos Agent from them, they will still be able to connect (Some applications).  Also, not all devices are allowing the installation of Sophos certificate (Mobile devices and tablets), which means either you switch off Decrypt & scan HTTPS or you keep the device disconnected.

Honestly, Sophos XG is not totally blocking VPN, tunnel and proxy applications.

Regards,

Hi,

Sincerely, I am almost giving up. I have noticed, that with other VPN applications if you exclude Sophos Agent from them, they will still be able to connect (Some applications).  Also, not all devices are allowing the installation of Sophos certificate (Mobile devices and tablets), which means either you switch off Decrypt & scan HTTPS or you keep the device disconnected.

Honestly, Sophos XG is not totally blocking VPN, tunnel and proxy applications.

Regards,

Hi,

I have installed CAs on my iPad and iPhone successfully, but that doesn't stop Psiphon. Tor I can stop. The problem with using the firewall only is that people can take their phones and tablets outside of your secure network and install the software where as devices fixed to your network cannot install the software.

Looking at the Psiphon KBA to see what I have missed.

Ian

Hi,

I have went through that KBA like 100 times and followed all the steps, but still no success. Sophos guys need to figure out a way to detect Psiphon connection session and block it.

Regards,

Hi,

I went through my web and application policies again and also tuned the IPS as per the instructions in this thread from Aditya Patel.

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/103598/blocking-psiphon-ultrasurf-etc?pi2151=2#pi2151=1

I can now block Psiphon from connecting, the application run on my tablet but fails to connect even after changing countries a couple of times. I did let it run for approx 15 minutes for each test.

I could not find some of the items referred to DNS Multiple GNAME etc

Ian

Hey,

Did you switch on Decrypt & scan HTTPS ?

Regards,

Hi,

I have had that feature enabled for sometime and the CA is installed on the MBPs my iPad and iPhone and two W10 machines.

Ian

Hi,

I have tested only only Android device (Nokia 6.1 running Android 9.0). Currently, Psiphos wasn't able to communicate, but the other applications (Like WhatsApp) are very slow and sometimes giving errors. I shall test on Windows 10 machine as well. Some web pages feels like broken after enabling the feature.

Regards,

Hi,

have a look at your DNS settings and the IPS tab on the GUI to see if you are hitting some IPS configuration issues.

Yes, surfing is a little slower and depends to some extent on your internet link speed because of the application checks and lookups.

Ian