Does anyone know how to block the application "Cloud VPN" for Android?

Many VPN services are built to do things like get past evil government's blocking.  That is their selling point.  As the developer said, it is hard to block and he is not likely to help you.

If you block "Cloud VPN" your kids will go around a find "Super VPN" or some other different product.  And if you block that as well, your kids will switch to using their data plan and bypassing the UTM altogether.  Your underlying problem is not a technological one requiring a technical solution.

Your problem is a social one.  You have kids living in your house using a method to bypass your rules.  You need to deal with that as a parent, not as a sysadmin.

If the same thing was occurring in an business where someone was using Cloud VPN to bypass the UTM so they could do online gambling at work that is grounds for that employee to get a warning and dismissal - not grounds to improve IT security.

Good luck!

Hiya,

If you do want to go iron first you could block everything except port 8080 and they need to proxy via your UTM to even look at the internet :P

Unfortunately as Michael says they are designed to traverse everything but another alternative is to find it via the application control flow monitor then throttling it to 1kbps! You would need to make sure that the download equalizer and upload optimiser are turned off. But microapp discovery may pick it up, worth a shot?

Or put yourself and your other half on specified IP address and throttle your kids' internet connections as a punishment, ha ha!

Hope that helps :)

Emile

Hi,  

What about in a school environment where we encourage the use of these devices. We provide a separate free WiFi internet access for the students, "Protected" by  your product. Sophos UTM  Is there any way to make these programs unavailable to students while on our premises ? The WiFi is accessed by terms & conditions so users do not have to log in. 

We have a duty of care to make sure they are safe on line and being able to bypass web filtering device to access unauthorized sites is something that could have serious consequences.  Is there anything in the pipeline to address this as I think it is a technical issue, even a block list of some sort of the most common apps that could be updated would be a start? Can Apps be individually blocked as I don't mind even entering them myself if it does prevent access..

Many Thanks 

There are ways of blocking, even if it works out to a game of whack-a-mole.  One of the issues is trying to block the bad stuff while at the same time letting the good stuff in.  It may be (for example) that what you need to do to block one thing will also block downloading from the app store.  Or that you block all VPNs but then your teachers cannot access some TeacherWeb VPN thing.

One approach is to start closed and restrictive.  Monitor and when users complain they cannot do something open up that one thing only.

Another approach is to start open and monitor.  When you see (or hear of) things you don't want, block them.

I approve of rules like "No smoking on school property" and "No porn on school wifi".  For both rules you are going to do you very best to use whatever tools you have to detect and prevent.  For both rules you will have some people breaking those rules.  As a school you need to decide appropriate response for rule breakers.

I was not trying to say that Sophos products can't help you in this fight.  I wanted to point out that like any other type of rule enforcement, you can never be 100%.  You use the tools that you have to enforce what you can and you monitor.

Work with Sophos and your partner on this.  Some partners have more experience with schools and their needs. If there are specific features that you would like that you think will help, raise them with the partner and Sophos - it gets more clout when a feature request is attached to specific customers.

Being a sysadmin is already a tough job.  For a school its got to be worse.  Good luck.

www.youtube.com/watch