Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions How to block Squid Proxy using Application Control?

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 10 replies
Subscribers 41 subscribers
Views 4006 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block Squid Proxy using Application Control?

Vineeth Penugonda over 2 years ago

Hi guys,

How to block Squid Proxy using Application Control? Few applications like Hoxx VPN use Squid Proxy over port 80/443 to evade detection.

Regards

This thread was automatically locked due to age.

Top Replies

rfcat_vk over 2 years ago +1

Hi, you create policy blocking proxy and tunnels. There is a category already in the XG, you need to add it to your application policy and it will need to be in every firewall rule that the users have…

Parents

0 rfcat_vk over 2 years ago

Hi,

you create policy blocking proxy and tunnels. There is a category already in the XG, you need to add it to your application policy and it will need to be in every firewall rule that the users have access to.

Ian

XG115W - v20.0.3 MR-3 - on holiday

XGS118 waiting for licence to installed - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 Vineeth Penugonda over 2 years ago in reply to rfcat_vk

I did some packet inspection, and Hoxx VPN is connecting to some unknown addresses. It uses TLS v1.3. When I checked the address in Sophos, it showed up in the "Content Delivery" category.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Vineeth Penugonda over 2 years ago in reply to rfcat_vk

I did some packet inspection, and Hoxx VPN is connecting to some unknown addresses. It uses TLS v1.3. When I checked the address in Sophos, it showed up in the "Content Delivery" category.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rfcat_vk over 2 years ago in reply to Vineeth Penugonda

You could try creating FQDN group with hoxx.com and *.hoxx.com and then create a rule at the top of your rule list as a block to this FQDN group. I was unable to find a server list for the app. The security rating on hoxx.com is not great so a DNS block might just work?

You might also need to block browser extensions.

Ian

I downloaded the app to my mac book, apple blocked the installation as untrustworthy, though that can be bypassed and the I tried the firefox extension but that would not install on my firefox app.

XG115W - v20.0.3 MR-3 - on holiday

XGS118 waiting for licence to installed - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Vineeth Penugonda over 2 years ago in reply to rfcat_vk

The problem with Hoxx is that it uses some random URLs to connect. Submitted a request to Sophos using the "Application Control Submission".
Cancel
Vote Up 0 Vote Down

Cancel