This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nordvpn appears to be incorrectly classified

Hi folks,

nordvpn is not an application according sophos XG. If you use the URL check for nordvpn.com it returns as information technology, where as the nordvpn site promotes VPN not much information technology.

With nordvpn missing from the application list means you now have a security hole in your firewall because it does not get blocked by the default VPN/tunnel etc profile. You will need to setup your own profile and hope that nordvpn do not start using servers in different domains.

sophos please address this mis classification urgently.

ian

This thread was automatically locked due to age.

Top Replies

emmosophos over 3 years ago +1 suggested

Hello rfcat_vk, Thank you, I will submit a URL re-assessment for the same. In the meantime, you can change the category locally in your Firewall by following this KB Regards,

Parents

0 emmosophos over 3 years ago

Hello rfcat_vk,

Thank you, I will submit a URL re-assessment for the same.

In the meantime, you can change the category locally in your Firewall by following this KB

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to emmosophos

Hi emmosphos,

thank you for passing that issue along. In cha ginghams the setting I remember another little gripe and that is according to XG I am block IT, but I cannot find IT in any of my active profiles. Now according to XG the NORDvpn is blocked because it is IT, that is not correct.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to rfcat_vk

Hello rfcat,

The category of nordvpn should be correct already.

As per the second issue you mention, does this XG used to be a Cyberroam device?

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to emmosophos

Hi emmosphos,

no, the device is a home built unit.

Nordvpn.com has been correctly reclassified, but still does not appear in the application list.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 3 years ago in reply to rfcat_vk

Do you use DPI/HTTPs decryption? As far as i know, nordvpn uses 443 and sneaks through firewalls as HTTPs traffic anyways. So hard to classify this traffic.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to LuCar Toni

I use https decrypt and scan. If you have a firewall that is not using the proxy it will get through and nothing is registered.I have tightened all my rules and so far none required an additional exception or not using some of the other firewall features. The ability to use more checking in firewalls has only happened since mr3.

I will setup a rule using dpi and see if that blocks it.

ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 3 years ago in reply to LuCar Toni

I use https decrypt and scan. If you have a firewall that is not using the proxy it will get through and nothing is registered.I have tightened all my rules and so far none required an additional exception or not using some of the other firewall features. The ability to use more checking in firewalls has only happened since mr3.

I will setup a rule using dpi and see if that blocks it.

ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data