Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Browser Based VPN Deny


I use xgs4300 in the HA structure on which I spend a large network traffic. many app and web filters are applied on the device and more than 1500 users with 6 different DC authentication go online with user-based rules.

I have created many policies for users in the web filters and application filters section to block VPN traffic. When I look at the application logs from the logs, I can see the blocked VPNs.

But at some point I came to a dead end.

While I can block some of the VPNs used as plugins on web browsers, unfortunately I cannot block some of them.
For example, even if I type block from the application filter of the VPN plugin named Hola in Chrome, it still allows it.

My analyses are as follows;

1-Hola is not an external application, I think it is a chrome plugin, so it does not get stuck in the hola deny section in the application filter.
2-I see the Anonymizers deny log for in the web filter logs, but the plugin still does VPN.
3-After seeing the event in item 2, I looked at the IP address of the URL with Anonymizers deny in the firewall log section and saw that the chrome plugin completed the VPN over IP using ports 80 and 443.
4- The web filter does the Anonymizers deny job on a URL basis, but the plugin completes the VPN using ports 80 and 443 over different IP addresses.
5- I wrote IP Address deny on web filter but there was no change.

Here I gave the Hola VPN plugin on Google Chrome as an example. As I mentioned, there are also VPN plugins used as browser plugins and blocked by sophos, but there are also unblockable ones like Hola.

It seems that the web and application filters that we have spent a lot of time and created in detail have suddenly become rubbish.

Is there any way to overcome this situation?

PS: I looked at the link below and it did not solve my problem.

 Sophos Firewall : Application filter recommended settings for better application detection 

This thread was automatically locked due to age.
  • Not sure if this will resolve, but you may try making sure that the traffic is hitting firewall rules that are using DPI Engine, and that you have SSL/TLS rules that decrypt the traffic.

    Appcontrol will then be able to look inside encrypted TLS tunnels and might be able to do more blocking.