Hi guys,
How to block Squid Proxy using Application Control? Few applications like Hoxx VPN use Squid Proxy over port 80/443 to evade detection.
Regards
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi guys,
How to block Squid Proxy using Application Control? Few applications like Hoxx VPN use Squid Proxy over port 80/443 to evade detection.
Regards
Hi,
you create policy blocking proxy and tunnels. There is a category already in the XG, you need to add it to your application policy and it will need to be in every firewall rule that the users have access to.
Ian
XG115W - v20.0.3 MR-3 - on holiday
XGS118 waiting for licence to installed - v21 GA
If a post solves your question please use the 'Verify Answer' button.
"I cannot enable SSL/TLS decryption because the user bought his own device." Why not? You're already wanting to block their use of VPNs so it's not like you're not imposing some restrictions on them already. You can send them the CA certificate with instructions as to how to install it and then give them a couple of days before you turn on decryption. Their choice.
As soon as you go down the road of "i want to block something" it gets tricky, if the device is not managed. The reason is from a privacy reason noble: TLS and HTTPS can be used to hide your movements and actions in the internet.
Tools like tor and other VPNs are making there money to "work everywhere". Therefore there interest is, to get through all sorts of firewalls. If you do not open the communication, (decrypt TLS), you will not see the truth.
__________________________________________________________________________________________________________________
The guests can bring their own devices and connect to the wifi. So, TLS inspection cannot be done because it is not possible to add a CA certificate to their devices.
I have configured all that was mentioned in the support articles. I am sure the application control team can take a look at creating or updating a signature for "Proxy over 443".
The guests can bring their own devices and connect to the wifi. So, TLS inspection cannot be done because it is not possible to add a CA certificate to their devices.
I have configured all that was mentioned in the support articles. I am sure the application control team can take a look at creating or updating a signature for "Proxy over 443".