Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 2797 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block XVPN servers

Hugo José Gongora Lozano

Good morning

We have an end customer (a school) where students use iPads.
It turns out that there are several students who have caught the bad habit of getting IPs from proxy servers thanks to the XVPN application. They do not use it on the iPads, but they use the mobile and get them there. Then in the iPad configuration they use them as a proxy server and thus circumvent the XG firewall.
The firewall is not able to detect those connections as proxy nor as VPN. I have followed the recommendations here:
support.sophos.com/.../KB-000038258
I also saw the thread already opened some time ago in this forum:
community.sophos.com/.../do-you-have-a-defence-against-vpn-applications-with-sophos-utm
The only thing I have been able to do is to install the program on Windows, connect and disconnect to the VPN and write down the public IPs I get. But I have seen that they were never repeated (so there must be an infinite number of them).

Can anyone give me a hand on this?

Thank you very much in advance



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to carbon15

    Good morning. So far none of the methods are working, is there any way to prevent the computers from having to install the firewall certificate? So far we have never implemented it, besides it would be an inconvenience at the end customer. Thank you very much

  • 0 in reply to Hugo José Gongora Lozano

    It is a nightmare getting the decryption certificate out there, the XG could really do with it in the user portal (like the old SG UTM had) so users can sort themselves out.

    Do you have any other firewall rules outbound to ANY? things like DNS and NTP are exploited as a way for these types of clients to get out. As a matter of course we always restrict these types of rules, there's nothing like seeing 5gb of DNS over a couple of days to tell you there's a problem.

    You can also look at the log files while starting the XVPN client and see what it does and block accordingly.

  • 0 in reply to Hugo José Gongora Lozano

    You will need at least two entries in the fqdn table, x vpn.io and x-vpn.io in the firewall rule at the top. It will not stop access to download the software but will block it from running.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hello. As I said before, they introduce the proxy servers in the configuration of the iPads. The problem is that they don't have restricted access to the configuration. So, we are trying to safeguard that problem. Regards

Unfiltered HTML