Hi Guys,
Does anyone know how to totally blocked Psiphon? I already raised this issue to Sophos XG support, He sets ips maxpkts, QUIC, port blocking, etc. but still it bypasses the blocking. I have this issue for almost a year but until now it seems there is no solution even upgrading to the latest firmware. On the other UTM/NGFW brand/devices they can blocked Psiphon. I hope this issue soon be resolved.
Jesen
Hi Jesen Sodela Please refer to the article- https://community.sophos.com/kb/en-us/132436Please PM us the service request number you have received from the technical support.
Regards,
KeyurCommunity Support Engineer | Sophos Support Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link
Hi Keyur,
I've tried this KB but Psiphon still bypasses the blocking. Any other suggestions? Thank you
Hi,
very simply means you have other rules in place that allow the traffic through or you have not implemented the blocking correctly. it does work.
Ian
Hi Sir,
As of now, I have only 1 firewall rule (LAN - WAN) as I am testing the blocking on a isolated Sophos XG device. not sure if I missed any config but I will try it again. Thank you
Okay,
you need to
set scanning to https and http and block QUIC
install XG CA on device
only allow http and https in the firewall rule
add the web policy that blocks tunnels
add the application policy that blocks tunnels including IP and NONE.
I was able to blocked Psiphon and other proxy tunneling apps by following the instruction on the KB you have sent me. My only concern is that I need to install the SSL CA Certificate on each Device/Browser so the policy would take effect or else I cannot browse anything. (once I enable decryption and HTTPS scanning)
My question is that, did anyone of you tried to block Psiphon using the IPS pattern? TIA.
Hi Jesen Sodela Please refer the article to push certificate to the user- https://community.sophos.com/kb/en-us/42153
Thanks for the link, actually I am thinking of push installation using active directory but this is only possible for PCs. How about mobile phones or EU that has no AD? Back to my question, Have you tried to create or block Psiphon using IPS custom signature/pattern?