Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 27 subscribers
  • Views 2099 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How To Block Psiphon/Ultrasurf

Simon_Salama
This issue start from 2 weeks ago , without change any configuration ,
and i tried to change IPS search method from 80  to 300 fail to block sophos,
tried to deny all applications except (whatsapp - Facebook - google - gmail ) again failed 
tried to block all ports except (dns - http - https - smtp - imap - pop3 - ntp) failed 
Please Help


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    there is a kba on how to block those and other similar products. The search function on this device is not very good so I can’t post a link.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    its really i Have XG 125 and ips search not good because proxy programs can work with 443 ports easily . That's Big Problem 

  • 0 in reply to Simon_Salama

    Hi,

    you need to limit what ports are used, install ca on each device, enable web and application functions as well as ips.

    Yoi will need to build your own policies for application and web to stop blocking your approved.

    That is a start. Try those settings and see how far your get?

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk 
    I have already made these settings, and make denied rule for lan->Wan all ports except ( dns - http - https - smtp - imap - pop3 - ntp )
    and nothing new 

    app filter logs show thats denied psiphon, but its working fine at the client Sob
  • 0 in reply to Simon_Salama

    Please post a log entry showing the application access. Further, have you enabled decrypt and scan as well as scan http, FTP ?

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    messageid="17051" log_type="Content Filtering" log_component="Application" log_subtype="Denied" fw_rule_id="6" user="---------------" user_group="----------" appfilter_policy_id="8" category="Proxy and Tunnel" app_name="Psiphon Proxy" app_risk="5" app_technology="Client Server" app_category="Proxy and Tunnel" src_ip="------------" src_country="R1" dst_ip="104.18.151.190" dst_country="USA" protocol="0" src_port="30476" dst_port="443" bytes_sent="0" bytes_received="0" status="" message="" appresolvedby="Proxy"

  • 0 in reply to Simon_Salama

    You logviewer entry shows it is blocked. So, if you use logviewer and refine search on the source PC IP which rules do you find passing the traffic?

    The tunnels can be blocked successfully, my current setup blocks tunnels etc.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Simon_Salama

    You logviewer entry shows it is blocked. So, if you use logviewer and refine search on the source PC IP which rules do you find passing the traffic?

    The tunnels can be blocked successfully, my current setup blocks tunnels etc.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Children
Cookie Information Banner