topic BLOCK PSIPHON VPN in Firewall and Security Management

BLOCK PSIPHON VPN

vishnukanth — Fri, 19 Dec 2025 05:02:35 GMT

BLOCK PSIPHON VPN

I am trying to block Psiphon VPN on a Check Point firewall, but I am facing an issue.

I first attempted to block Psiphon using Application Control & URL Filtering.
The rule shows Drop logs, however Psiphon VPN continues to work at the user end.

Next, I enabled HTTPS Inspection and applied a block policy.
The logs show traffic as Inspected, but Psiphon VPN is still able to connect successfully.

I think that Psiphon VPN is bypassing the Check Point firewall, even though the logs indicate the traffic is being dropped/inspected.

Could anyone please advise on this,

Is there a recommended or proven method to block Psiphon VPN on Check Point?

Is this a known limitation, and should this be raised with Check Point TAC?

Any inputs or best-practice recommendations would be greatly appreciated.

Re: BLOCK PSIPHON VPN

Chris_Atkinson — Fri, 19 Dec 2025 08:07:25 GMT

We are missing some detail for us to be able to help effectively:

- What additional blades are enabled?

- What does the access policy look like for outbound traffic including things like SSH, QUIC etc?

- What version/JHF is the gateway?

Re: BLOCK PSIPHON VPN

Vincent_Bacher — Fri, 19 Dec 2025 08:13:39 GMT

Independent of your special use case, there is an old thread apparently discussing same topic:

Solved: Block Psiphon 2023 - Check Point CheckMates

Solution was an offline package to update the Psiphon signature. Maybe it fits to your case, then contacting TAC would be a good idea.

Re: BLOCK PSIPHON VPN

vishnukanth — Fri, 19 Dec 2025 08:56:00 GMT

Hi Chris,

1 the enabled blades are firewall,IPSEC VPN,Mobile access,APCL & URLF,Monitoring and we did the https inspection

2 the outbound traffic including things like 80,443,53 and we blocked the QUIC protocol

3 Next we created a HTTPS inspection rule with any services & default services and set the rule to inspect but still its working perfectly.

4 Gateways are installed with JHF T119

Re: BLOCK PSIPHON VPN

PhoneBoy — Fri, 19 Dec 2025 17:18:19 GMT

I assume R81.20, then?
From recent TAC cases, it seems others are experiencing similar issues.
Problems blocking this app have been reported several times over the last few years.
Suggest opening a TAC case so we can investigate further.

Re: BLOCK PSIPHON VPN

the_rock — Fri, 19 Dec 2025 17:39:04 GMT

Is this what you used?

Re: BLOCK PSIPHON VPN

the_rock — Fri, 19 Dec 2025 23:14:49 GMT

Another thing I would try is also add custom app group and include *psiphon* in it and see if that works by blocking it.

Re: BLOCK PSIPHON VPN

vishnukanth — Sat, 20 Dec 2025 07:26:59 GMT

Hi Rock,

I tried with custom application group,URL, categories as well.. but still its same

I cant able to block this Application with the CP firewall

Re: BLOCK PSIPHON VPN

vishnukanth — Sat, 20 Dec 2025 07:28:21 GMT

yes this is the application Iam trying to Block

Re: BLOCK PSIPHON VPN

the_rock — Sat, 20 Dec 2025 11:25:46 GMT

Do you have https inspection enabled? Nm, I see you do...I would open TAC case and see what they say.

Re: BLOCK PSIPHON VPN

vishnukanth — Sat, 20 Dec 2025 13:32:54 GMT

yes I have enabled the HTTPS INSPECTION! and the VPN is not blocked by CP firewall.