Application filter is not working

Hi,

you need to be decrypt and scan enabled and decrypt https transactions transactions. Further at this stage DPI does not scan UPD so you will need to use the proxy and enable IPS. As a result you will need to instal the XG CA on the PCs etc.

Now which rule does logviewer show as passing the VPNs?

Ian

at the top of the forums there is a kba by Michael Dunn you should read.

Thanks for you reply

I enabled the  Scan HTTP and decrypted HTTPS and Use web proxy instead of DPI engine also Decrypt HTTPS during web proxy filtering

but still get the same result and sitll the guys who use X-VPN app allowed (not blocked)

Hi,

which rule is being used to access the VPN? Also you need to enable the IPS - LAN to WAN.

What ports does your firewall allow? What ports is the VPN using?

Ian

Hi,

which rule is being used to access the VPN? Also you need to enable the IPS - LAN to WAN.

What ports does your firewall allow? What ports is the VPN using?

Ian

Hi

Let me explain the situation in my site:

I suppose to prevent certain users (in LAN) form using YOUTUBE, but these users installed on there mobiles applications like X-VPN, Thunder VPN, VPN-Lighter, Freegate Proxy and TOR Proxy  to overcome the Sophos rule, and they success in that

After that i made an application filter to block the "Proxy and Tunnel application", but is didn't work

You told me to enable the "Scan http and decrypt https " and "Decrypt https during web proxy filtering" also "use web proxy instead of DPI"

When i did that the proxy and tunnel applications stopped but the WHATSAPP messaging also blocked

So i removed the check box form "Decrypt https during web proxy filtering" to make the WHATSAPP working

You also told me to enable the IPS from LAN to WAN, so i did that but the problem still not solved

I still don't know how come i make an application filer to block for example X-VPM App and the Sophos firewall permits the App!

Hi,

the pcap reports do not show the proxy is being used and also you haven’t limited ports. The report also shows up traffic.

you need to seperate the users and create user groups so you can apply firewall rules to them.

you need to create groups that you allow through other rules. You cannot have any rules that allow any traffic because the vpns will search your network to find away out.

you need very strict rules if you want to succeed in blocking tunnels etc. also there is a kba on block tunnels etc.

 Blocking can be done, I have tried and succeeded in blocking tor while allowing other tunnels to work.

ian

Hi

Could you please tell me what you mean by "the pcap reports do not show the proxy is being used"  ,  " you haven’t limited ports" and "also there is a kba on block tunnels"?

I'm not that professional, so please be patient and explain to me by photos if you can

How i use the proxy? how i limit ports? whats kba?

I already made user groups, and the users in reports are belongs certain group

Hi,

those rule shots show you have the proxy configured and using http and https, but the tunnels are not going out through those rules.

using logviewer with a filter on source up address what rules do we being used?

knowledge base article.

you need to make an exception in web exceptions for WhatsApp.

ian

That's what i did, but still the X-VPN allowed by Sophos

Hi,

I see a number odfissues with your setup.

1/. you do not need a linked NAT

2/. you need to use HTTP and HTTPS and not your services list which is an open firewall rule

3/. you are not decrypting https

4/, you do not appear to have installed the XG CA on your devices.

Ian

Hi

Now the WHATSAPP is not working!!!

and i think the x-vpn app blocked not because of the application filter but because of the limited service

the services was "any" so i made your advice and allow only "http,htps and icmp"

The SOPHOS application filter is useless

I don't now what to do to make WHATSAPP works?

You need to add an exception in web exceptions. The application policy works well. Or you could delete WhatsApp from your policy.

You cannot just turn on a policy an expect it work, you need to be able to test the traffic and limit the applications ability to bypass your rules.

When you understand that you will have less issues with blocking Applications etc from accessing the internet. If you do not want setup an exception you can create a firewall rule that allows access to only the WhatsApp sites for specific users.

ian