Psiphon 3 block

Hi Carlos Cesario 

I would request you to share the service request number you have opened with the technical support, I have can verify the history and other details and can provide you further assistance.

Hi Keyur 

The ticket number is  #9025682 

Thank you in advance for your attention.

Carlos

Hi Carlos,

the XG can and does block Psiphon 3. You need to follow the instructions in detail and ensure that the users cannot access any other firewall rule.

You will need to manage your user access because a lot of sites are classified as NONE which are used as redirected sites from allowed connections.

You will need to install then XG CA on all your user devices, without that you will not be able to block Psiphon 3. You will also need https scanning, web and application rules and limited ports in your firewall rules.

Ian

Hi Carlos Cesario 

Thank you for providing the service request number.

I have asked the engineer to assist you further in the reported issue, meanwhile, I would request you to follow the below given article to harden the configuration.

https://community.sophos.com/kb/en-us/123102

https://community.sophos.com/kb/en-us/132436

Please make sure that traffic must be traversed from the specific Firewall rule and all the policy and scanning should be in place. You may use the packet capture to check traffic and firewall rule IDs for a specific IP host.

Please follow the below given steps to test the scenario.

Please create Source IP based LAN to WAN firewall rule and place the rule on Top position.

1. HTTPS scanning needs to be enabled in firewall rule
2. Web filter policy with below categories denied must be applied to the firewall rule
   1. IPAddress
   2. None
   3. Parked Domains
   4. Spam URLs (Available only in XG)
   5. Anonymizers
   6. Spyware & Malware
3. Block Invalid Certificates must be enabled in SFOS and Allow Invalid Certificates should be disabled in CROS.
4. Allow only HTTPS, HTTP, DNS, ICMP, SMPT etc. services (essential services) on LAN→WAN; if Psiphon is connected even after following above 3 steps.
5. Enable Block unrecognized SSL protocols in Web > General Setting > HTTPS decryption and scanning.

Hi Carlos Cesario 

Thank you for providing the service request number.

I have asked the engineer to assist you further in the reported issue, meanwhile, I would request you to follow the below given article to harden the configuration.

https://community.sophos.com/kb/en-us/123102

https://community.sophos.com/kb/en-us/132436

Please make sure that traffic must be traversed from the specific Firewall rule and all the policy and scanning should be in place. You may use the packet capture to check traffic and firewall rule IDs for a specific IP host.

Please follow the below given steps to test the scenario.

Please create Source IP based LAN to WAN firewall rule and place the rule on Top position.

1. HTTPS scanning needs to be enabled in firewall rule
2. Web filter policy with below categories denied must be applied to the firewall rule
   1. IPAddress
   2. None
   3. Parked Domains
   4. Spam URLs (Available only in XG)
   5. Anonymizers
   6. Spyware & Malware
3. Block Invalid Certificates must be enabled in SFOS and Allow Invalid Certificates should be disabled in CROS.
4. Allow only HTTPS, HTTP, DNS, ICMP, SMPT etc. services (essential services) on LAN→WAN; if Psiphon is connected even after following above 3 steps.
5. Enable Block unrecognized SSL protocols in Web > General Setting > HTTPS decryption and scanning.

Hi Ian and Keyur 

I received these instructions by Sophos support and already try todo it without success, but anyway I´ll try do a double check and report here thre result.

Best regards

Carlos