Block XVPN servers

Question

Good morning 
 We have an end customer (a school) where students use iPads. It turns out that there are several students who have caught the bad habit of getting IPs from proxy servers thanks to the XVPN application. They do not use it on the iPads, but they use the mobile and get them there. Then in the iPad configuration they use them as a proxy server and thus circumvent the XG firewall. The firewall is not able to detect those connections as proxy nor as VPN. I have followed the recommendations here: support.sophos.com/.../KB-000038258 I also saw the thread already opened some time ago in this forum: community.sophos.com/.../do-you-have-a-defence-against-vpn-applications-with-sophos-utm The only thing I have been able to do is to install the program on Windows, connect and disconnect to the VPN and write down the public IPs I get. But I have seen that they were never repeated (so there must be an infinite number of them). 
 Can anyone give me a hand on this? 
 Thank you very much in advance

carbon15 · Answer

I found a combination of blocking zwfgygpztq.com and using the SSL/TLS profile of "Block Insecure SSL" did the trick. Blocking the first site I believe makes the X-VPN client fall back to using spoofed certificates from sites like Google, Amazon, Facebook which that Profile will block. The client will either not connect or connects but can't pass any data. 
 Regards

carbon15 · Answer

I put it in a URL list and blocked it at the web policy level. It's possible that host could have changed (it has been a while) but the Block Unsecure SSL policy should work regardless.

Block XVPN servers

Top Replies