Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 7375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Psiphon VPN

dbachour

Greetings All,

Let me get directly into the point. My question is about blocking Psiphon application using Sophos XG firewall. I have followed a lot of tutorials and ended up with the following configurations:

  1. On the web filtration I have blocked access to the following categories:
    1. IPAddress
    2. None
    3. Parked Domains
    4. Spam URLs (Available only in XG)
    5. Anonymizers
    6. Spyware & Malware
  2. On the application filtration I have blocked access to:
    1. VPN
    2. SSH
    3. Proxy
    4. Tunnel
    5. DNS
    6. P2P
    7. QUIC
    8. PPTP
  3. On the firewall rule I have applied Decrypt & Scan HTTP
  4. I have following (community.sophos.com/.../132436) to make configurations on Sophos from console

After all this, Psiphon is still able to connect. Any ideas how to block this application? I am currently using SFOS 17.5.4 MR-4-1

 

Regards,



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Sincerely, I am almost giving up. I have noticed, that with other VPN applications if you exclude Sophos Agent from them, they will still be able to connect (Some applications).  Also, not all devices are allowing the installation of Sophos certificate (Mobile devices and tablets), which means either you switch off Decrypt & scan HTTPS or you keep the device disconnected.

    Honestly, Sophos XG is not totally blocking VPN, tunnel and proxy applications.

     

    Regards,

  • 0 in reply to dbachour

    Hi,

    I have installed CAs on my iPad and iPhone successfully, but that doesn't stop Psiphon. Tor I can stop. The problem with using the firewall only is that people can take their phones and tablets outside of your secure network and install the software where as devices fixed to your network cannot install the software.

    Looking at the Psiphon KBA to see what I have missed.

    Ian

Reply
  • 0 in reply to dbachour

    Hi,

    I have installed CAs on my iPad and iPhone successfully, but that doesn't stop Psiphon. Tor I can stop. The problem with using the firewall only is that people can take their phones and tablets outside of your secure network and install the software where as devices fixed to your network cannot install the software.

    Looking at the Psiphon KBA to see what I have missed.

    Ian

Children