Blocking Psiphon3

hello everyone 

hope everyone is doing great 

i have an issue with blocking psiphon3, it is always bypass the firewall

then i followed some tutorials to block it then i managed to block it for any one who not allowed to use the internet to use it 

now my problem with users already have access to the internet, they use it to bypass web filters 

 

this is categories which i select in my web application filter 

Anonymizers
IPAddress
None

beside another categories like sports, hacking, information technology ... etc

and this is my application filter

 

and i have tested psiphon3 on user who already can access internet through rule 13 and this is the rule configuration

and while runing psiphon on the user pc i have turned on packed capture for this user host and this is the result 

so any idea about how to stop this program from bypass the firewall ?

P.S: i already logged to the console and set ips maxpkt 100 then rebooted the FW

thanx in advanced 

  • Hi,

    please do a search of the XG forums, there is a long thread on this subject.

    Ian

  • In reply to rfcat_vk:

    hi

    thank your for your reply

    i have followed alot of threads and i was able to block it in my test environment for internet and non- internet users

    but when i applied the same configuration in my work environment it failed to block it for internet users

  • In reply to M.Hegazy:

    Hi,

    the block rule needs to be at the top of the rule list.

    Please post a copy of the log showing the users accessing psiphon3 and also the associated firewall rule.

    ian

  • In reply to rfcat_vk:

    hi 

    this is log of the user while running psiphon ( Firewall - Application )

    and this is associated firewall rule screenshot

    iam using DC Authentication with sophos to let authenticated users access the internet 

    i set first rule for DNS only 

    and second rule for outlook only 

    then rest of rules for authenticated users and mobile phones ( through MAC) 

    the test user which i use psiphon on it is going inline through rule 13 which i use for non domain users (MAC Address)

  • In reply to M.Hegazy:

    Hi,

    I notice you do not have any IPS rules active in your firewall rules, is there any reason?

    Where does the block rule sit in the list of firewall rules?

    Ian

  • In reply to rfcat_vk:

    yes i dont use it 

    which policy should i use in IPS 

    and you mentioned a block rule and i dont have any block rule 

    what should i block in this rule ?

    thanx

  • In reply to M.Hegazy:

    Hi,

    blocking access to psiphon is partly done with IPS rules. The IPS rules in XG are templates from which I built one for me to use at home without a number of IPS rules eg no linux, no mail servers, no oracle etc. For general use until you are comfortable with building your own, I would suggest the LANtoWAN.

    I you want to block psiphon you will need a block rule eg an application rule that blocks psiphon as part of your general access rule.

    Ian

    update: fixed spelling.

  • In reply to rfcat_vk:

    Hi

    i have tried IPS LANtoWAN rule on all my firewall rules but it is still can connect :(

  • In reply to M.Hegazy:

    FINALLY IT IS BLOCKED

    THX