Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 1015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rejecting VPNs programs

Eduardo Noubleau

Hello, noticed that VPN programs bypass Sophos blocks. I would like to know if there is any common denominator among all VPN programs, so that I can create a firewall rule preventing all these VPN programs from connecting.

Thanks!



This thread was automatically locked due to age.
Parents
  • +1

    Hi Eduardo Noubleau

    Please create the DNS service base  firewall rule and keep rule on TOP apply the application filter policy and deny all proxy and tunnel applications on the same : 

    GUI settings

    Application filter policy settings

    Along with P2P and Proxy and Tunnel category, applications listed below must be denied in the application filter policy. 

    • DNS Multiple QNAME
    • OpenVPN
    • QUIC

    Please create an application filter Policy and apply on the same  DNS service base rule : 

    CLI settings

    1. Sign in to the Sophos XG Firewall's console and select 4. Device Console.
    2. Verify the current configuration by issuing the following commands.
      show advanced-firewall
      show ips-settings
    3. Issue the following commands for the recommended settings.
      set advanced-firewall midstream-connection-pickup off
      set ips maxsesbytes-settings update 0
      set ips maxpkts 80
      set ips packet-streaming on   

    For Web Traffic : 

    1. HTTPS scanning needs to be enabled in the firewall rule
    2. Web filter policy with below categories denied must be applied to the firewall rule
      1. IPAddress
      2. None
      3. Parked Domains
      4. Spam URLs (Available only in XG)
      5. Anonymizers
      6. Spyware & Malware
    3. Block Invalid Certificates must be enabled in SFOS and Allow Invalid Certificates should be disabled in5.
    4. Block Non-SSL/TLS traffic on port 443 application on the application filter policy.

    Thanks and Regards,

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • +1

    Hi Eduardo Noubleau

    Please create the DNS service base  firewall rule and keep rule on TOP apply the application filter policy and deny all proxy and tunnel applications on the same : 

    GUI settings

    Application filter policy settings

    Along with P2P and Proxy and Tunnel category, applications listed below must be denied in the application filter policy. 

    • DNS Multiple QNAME
    • OpenVPN
    • QUIC

    Please create an application filter Policy and apply on the same  DNS service base rule : 

    CLI settings

    1. Sign in to the Sophos XG Firewall's console and select 4. Device Console.
    2. Verify the current configuration by issuing the following commands.
      show advanced-firewall
      show ips-settings
    3. Issue the following commands for the recommended settings.
      set advanced-firewall midstream-connection-pickup off
      set ips maxsesbytes-settings update 0
      set ips maxpkts 80
      set ips packet-streaming on   

    For Web Traffic : 

    1. HTTPS scanning needs to be enabled in the firewall rule
    2. Web filter policy with below categories denied must be applied to the firewall rule
      1. IPAddress
      2. None
      3. Parked Domains
      4. Spam URLs (Available only in XG)
      5. Anonymizers
      6. Spyware & Malware
    3. Block Invalid Certificates must be enabled in SFOS and Allow Invalid Certificates should be disabled in5.
    4. Block Non-SSL/TLS traffic on port 443 application on the application filter policy.

    Thanks and Regards,

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?