This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Do you have a defence against VPN applications with Sophos UTM?

Since Sophos support couldn't help me with this case I decided to ask the community what is their solution. If I am missing something please let me know so I can correct my UTM accordingly.

 

Here are the details of the test, please compare with your own system and check if you are able to prevent a user/s who using a VPN application going restricted websites and other stuff.

  1. SSL Inspection operational on UTM- You have installed the certificate on the client machine (actually doesn't matter at all)
  2. Client installs a VPN app such as XVPN (do not turn on XVPN yet!) https://xvpn.io/
  3. Try to access a restricted website and ensure you are blocked!
  4. Turn on XVPN and try to access the restricted website again to see the result

 

Our findings are;

  • We absolutely have no control on a traffic if VPN applications in use by any client (with SSL certificate or without)
  • Clients even able to bypass the UTM with Chrome extensions (we removed extensions via GPO on domain joined workstations eventually as a workaround)


This thread was automatically locked due to age.
Parents
  • Hello icbbne,

    Thank you for contacting the Sophos Community!

    Could you please share your Case ID so I can check what things the engineer recommended.

    Do you have Application Control enabled in the UTM? (Web Protection >> Application Control) You should enable this as this allows the UTM to do packet inspection.

    Additionally to this in Web Filter, you can block this type of apps/categories called "Anonymizers".

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi,

    Thanks for your post. I am happy to give you the case ID however please do not reopen the case as every each email response takes days or even week. I noticed agents are so reluctant to escalate the cases when they are not able to solve or understand.

    9926337

    Kind regards

  • This is a management issue - there needs to be a clear, written rule that such "cheating" is not permitted and what the consequences will be.

    Agreed with Emmanuel that you should block 'Anonymizers' in Web Filtering.  If you aren't decrypting HTTPS there, you will want to do that, too.  Again, as he recommended, you can block "VPN and tunneling" traffic using Application Control.

    You can always create Exceptions to these blocks for individuals with specific, job-related requirements.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • This is a management issue - there needs to be a clear, written rule that such "cheating" is not permitted and what the consequences will be.

    Agreed with Emmanuel that you should block 'Anonymizers' in Web Filtering.  If you aren't decrypting HTTPS there, you will want to do that, too.  Again, as he recommended, you can block "VPN and tunneling" traffic using Application Control.

    You can always create Exceptions to these blocks for individuals with specific, job-related requirements.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data