(SOLVED) Sophos allowed always psiphon 3 proxy

Hi,

I ended up re-organising categories so that anonymises was in its own group then added that to blocked rule. Seems to work.

Ian 

My rules... Never block

This is a big touble for Sophos XG. Because Fortigate, Sonicwall application control blocked without any problem. I think sophos applicaton control dont work well 

Web Rule --> Anonymizers - IP Address Blocked -- Allow All

Application Control --> Proxy and Tunnel Blocked -- Allow All

Hi,

I see what I think is one issue and that is you are using the default web filter, you need to change to specific/group categories. What you are trying to do is not part of the default web filter.

I agree with you that mr7 application rules do not work straight out of the ISO and need to be tweaked. I have  no ads, malware and explicit nudity and added the other items into my firewall rule. The rule does work on about 95% of sites I trust against. Some ad sites are now seeking through, I suspect they have incorrectly categorised. One MAC blocks at the other doesn't bit confused by this and need to compare configuration.

Ian

My Web Default Policy --> Anonymizer and IP ADDRESS categorizes blocked

My App Policy Engelle --> Proxy and Tunnel - P2P Blocked 

I think sophos app control cant work well so we can blocked this app 3 ways

1. Blocked psiphon app uses ip address and web sites. 

2. Adding Psiphon 3 siganture to IPS Custom Signatures. I dont known how can I learn app signature?

3. Psiphon certificate blocked. I think best way it but how can I do?

I have opened Sophos Support ticked. They connected my system and be controlled. Fixed:

Connecting Sophos Fw with putty.

Device console and

ips maxpkts 100

And finished... Psipshon nightmare was finished. I want to say thanks Sophos Support Team

Hi Sir,

Good Day

What kind of configurations Sophos Support Team do to your firewall?

Can you share it? Im having a problem also with Psiphon like application.

Gracias

It is so easily

You must connect firewall console with putty app.

You choice 4 - Device Console,

set ips maxpkts 100 

and reboot firewall

It is so easily

You must connect firewall console with putty app.

You choice 4 - Device Console,

set ips maxpkts 100 

and reboot firewall

Hi Sir,

Good Day

Thank you for the reply

Do i need to turn on the IPS on firewall policy or is it okay to change ips maxpkts to 100 and it will work?

Thank you

I dont know you must be turn on the IPS on firewall policy. I guess application control using ips service. Try it both IPS turn on and turn off

Hi Dear 

ı configure the similar setting. But psiphon is working. 

web policy -> Anonymizers and IP Adresses is block 

application policy -> p2p and proxy is blocking 

and connect to console and setting set ips maxpkts 100 comand 

firewall rule set is IPS 

but Psiphion is working. 

Please help :) 

i just follow their steps and its work. post your setup screen here. maybe u miss something

i just find out. If i set network rule with services to Any, above steps are not worked. Psiphon still escape.

i need to set selected port in services for ban it.

You must blocked SSH, DNS in application control and you must blocked SSH and DNS ports in firewall rules

SSH are disable except lan in Administration- Acl. is it best practice to block dns port in firewall and how to do it? thanks 

I was able to prove to myself that using the XG as a DNS was not good performance wise. I used my small MS server as the DNS and blocked all outgoing DNS except for the server address, two seperate rules. The improvement was immediately noticeable.

Ian

rfcat_vk said:

I was able to prove to myself that using the XG as a DNS was not good performance wise. I used my small MS server as the DNS and blocked all outgoing DNS except for the server address, two seperate rules. The improvement was immediately noticeable.

Could you please give some more information on this? What did improve? Thanks.

Only one device was talking to the WWW for DNS queries with rules setup to protect it.

Using the MS server DNS allowed for extra DNS searches and use of root DNS.

Even though my MS server is a on a small NUC the DNS responses were faster and more reliable and less prone to network failures because I could setup alternate ISP connections as a fail over. The MS DNS has more features than the XG and shortly I will move the DHCP function to the MS Server so that the two are interlinked similar to the UTM. Also you can then assign DHCP options which you can not do easily in the XG if at all.

Ian