Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 22 replies
  • Answers 1 answer
  • Subscribers 33 subscribers
  • Views 59525 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

(SOLVED) Sophos allowed always psiphon 3 proxy

Bulent Polat

Hi dear friends,

I use Sophos XG in my company. Some users pass Sophos Web filter and Application Control with psiphon proxy 3 app. I create new rule Application Controll --> Deny All and Web Filter --> Default all block but psiphon proxy connecting. This is a big big so big problem. Soon all users begin use this program :) 

How disable this trouble program with Sophos XG



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I ended up re-organising categories so that anonymises was in its own group then added that to blocked rule. Seems to work.

    Ian 

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    My rules... Never block

    This is a big touble for Sophos XG. Because Fortigate, Sonicwall application control blocked without any problem. I think sophos applicaton control dont work well 

    Web Rule --> Anonymizers - IP Address Blocked -- Allow All

    Application Control --> Proxy and Tunnel Blocked -- Allow All

     

  • 0 in reply to Bulent Polat

    Hi Dear 

    ı configure the similar setting. But psiphon is working. 

    web policy -> Anonymizers and IP Adresses is block 

    application policy -> p2p and proxy is blocking 

    and connect to console and setting set ips maxpkts 100 comand 

    firewall rule set is IPS 

    but Psiphion is working. 

    Please help :) 

  • 0 in reply to Ozan Gozacan

    i just follow their steps and its work. post your setup screen here. maybe u miss something

  • 0 in reply to Garuda Gunung

    i just find out. If i set network rule with services to Any, above steps are not worked. Psiphon still escape.

    i need to set selected port in services for ban it.

  • 0 in reply to Garuda Gunung

    You must blocked SSH, DNS in application control and you must blocked SSH and DNS ports in firewall rules

  • 0 in reply to Bulent Polat

    SSH are disable except lan in Administration- Acl. is it best practice to block dns port in firewall and how to do it? thanks 

  • 0 in reply to Garuda Gunung

    I was able to prove to myself that using the XG as a DNS was not good performance wise. I used my small MS server as the DNS and blocked all outgoing DNS except for the server address, two seperate rules. The improvement was immediately noticeable.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    rfcat_vk said:

    I was able to prove to myself that using the XG as a DNS was not good performance wise. I used my small MS server as the DNS and blocked all outgoing DNS except for the server address, two seperate rules. The improvement was immediately noticeable.

     

    Could you please give some more information on this? What did improve? Thanks.

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Jelle

    Only one device was talking to the WWW for DNS queries with rules setup to protect it.

    Using the MS server DNS allowed for extra DNS searches and use of root DNS.

    Even though my MS server is a on a small NUC the DNS responses were faster and more reliable and less prone to network failures because I could setup alternate ISP connections as a fail over. The MS DNS has more features than the XG and shortly I will move the DHCP function to the MS Server so that the two are interlinked similar to the UTM. Also you can then assign DHCP options which you can not do easily in the XG if at all.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bulent Polat

    Hi Sir Bulent,

    Good Day

    Have you tried to Blocked Psiphon3?
    Im having problem to blocked Pshiphon 3.
    I already tried does guides from this thread and it is not working.

    Do you mind to share your configurations with us?

    Thank you

     

  • 0 in reply to Proudmore

    enable http and https scan, and dont allow any services (allow selected services) in user firewall rules.

Reply Children
No Data
Cookie Information Banner