We'd love to hear about it! Click here to go to the product suggestion community
hope everyone is doing great
i have an issue with blocking psiphon3, it is always bypass the firewall
then i followed some tutorials to block it then i managed to block it for any one who not allowed to use the internet to use it
now my problem with users already have access to the internet, they use it to bypass web filters
this is categories which i select in my web application filter
beside another categories like sports, hacking, information technology ... etc
and this is my application filter
and i have tested psiphon3 on user who already can access internet through rule 13 and this is the rule configuration
and while runing psiphon on the user pc i have turned on packed capture for this user host and this is the result
so any idea about how to stop this program from bypass the firewall ?
P.S: i already logged to the console and set ips maxpkt 100 then rebooted the FW
thanx in advanced
please do a search of the XG forums, there is a long thread on this subject.
In reply to rfcat_vk:
thank your for your reply
i have followed alot of threads and i was able to block it in my test environment for internet and non- internet users
but when i applied the same configuration in my work environment it failed to block it for internet users
In reply to M.Hegazy:
the block rule needs to be at the top of the rule list.
Please post a copy of the log showing the users accessing psiphon3 and also the associated firewall rule.
this is log of the user while running psiphon ( Firewall - Application )
and this is associated firewall rule screenshot
iam using DC Authentication with sophos to let authenticated users access the internet
i set first rule for DNS only
and second rule for outlook only
then rest of rules for authenticated users and mobile phones ( through MAC)
the test user which i use psiphon on it is going inline through rule 13 which i use for non domain users (MAC Address)
I notice you do not have any IPS rules active in your firewall rules, is there any reason?
Where does the block rule sit in the list of firewall rules?
yes i dont use it
which policy should i use in IPS
and you mentioned a block rule and i dont have any block rule
what should i block in this rule ?
blocking access to psiphon is partly done with IPS rules. The IPS rules in XG are templates from which I built one for me to use at home without a number of IPS rules eg no linux, no mail servers, no oracle etc. For general use until you are comfortable with building your own, I would suggest the LANtoWAN.
I you want to block psiphon you will need a block rule eg an application rule that blocks psiphon as part of your general access rule.
update: fixed spelling.
i have tried IPS LANtoWAN rule on all my firewall rules but it is still can connect :(
FINALLY IT IS BLOCKED