Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 3 answers
  • Subscribers 28 subscribers
  • Views 25009 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I would like to know how to stop telegram from updating Message before authentication in the situation below;

Mohsen Foadian

Hi
I would like to know how to stop telegram from updating Message before authentication in the situation below;

I have a firewall device model XG135 frameware 16.01.2

For connecting our users in order to use internet they are redirected to a captive portal with usernames and passwords that needs authentication as well
But users can use there telegram account on there cell phones without any problem, and in this way we have unidentified internet usage on our firewall reports

I would like to know how to stop telegram from being used by the users before authenticating the username and password

Thanks for the help



This thread was automatically locked due to age.
Parents
  • 0

    Hi Mohsen,

    First, how are the mobile users authenticated I believe the captive portal login are done on laptops and desktops but, do you follow the same login for mobile users too?

    Next, take a packet capture on a particular source IP of a mobile phone and use telegram. Check which FW-ID does the traffic flow through. Send a picture of the inside of this rule.

    If telegram application is available in the application control list add it in the policy and keep the action as block.

    Thanks

  • 0 in reply to sachingurung

    Hi

    The cell phones are redirected to the Captive Portal page in order to connect to internet and Wi-Fi and then log in with their active directory username & pass

    here's a photo of the Packet Capture




    it uses the ID rule number1 which is the second rule as you see in the picture above

    the telegram application is in the Category, Instant Messenger menu. But i do not want to block it , i prefer them to use it after Authentication

    Thanks

  • 0 in reply to Mohsen Foadian

    Hi Mohsen,

    Show me a picture of inside configuration in the FW rule ID 1 and make sure micro app scanning is marked in the application filter policy. Refer the post here.

    Thanks

  • 0 in reply to sachingurung

    Hi

    FW Rule ID 1

    There is no Policy written for the Application Filter in telegram.
    The link that they have sent is for stopping the Application.
    in this way if I deny users from using it they would not be able to work with it at all.
    I want each user first to be Authenticated then be able to use the App

Reply
  • 0 in reply to sachingurung

    Hi

    FW Rule ID 1

    There is no Policy written for the Application Filter in telegram.
    The link that they have sent is for stopping the Application.
    in this way if I deny users from using it they would not be able to work with it at all.
    I want each user first to be Authenticated then be able to use the App

Children
  • 0 in reply to Mohsen Foadian

    Hi Mohsen,

    So what I understand from your last reply is that you want the user to authenticate through captive portal before getting the internet access. In that case, show me a picture of page "Firewall". I think the traffic is forwarded because there is a firewall rule that allows the without authentication.

    Thanks

  • 0 in reply to sachingurung

    Hi guys

     

    I have same issue on sophos 16.05 ,I dont understand this problems.

    I think , its a bug !!!

     

     

     

  • 0 in reply to Nak Nak

    Hi All,

    I tried today to block Telegram on my mobile at home, forcing user to authenticate.

    • A top rule where LAN to WAN (only my Mobile) is allowed to use HTTP and HTTPS (scan http & https traffic) and where Application filter (allow all but blocking only Telegram) is applied
    • Match know users and show captive portal to unknow users is checked
    • Captive portal is configured to display is configured to display link under Authentication > Services

    With this settings, Telegram is blocked before the authetication and after.

    Make sure to enable Micro-App scanning and HTTPS decrypt and scan.

    Regards