- Local User Groups
The Application filering is not blocking the Phisphon anomilyser. In the log the first IP is blocked and then application redirect to the 80 port. What can i do to block it. In this community the case was raise earlier but no solution.
I have attached the log
It's like was said in Blocking Psiphon 3 R80.10, this is a fairly difficult anonymizer to block.
If you've followed the advice in the previous thread and you still see this traffic getting through, take packet captures of the relevant traffic and engage the TAC: Contact Support | Check Point Software
i contacted tac but not getting the good response. every time i give the tac the remote session they only see the log and take the backup of the management and says that they will provide the hot-fix. And in every call they always say they are facing the similar problem from different other client and don't talk about the solution.
successfully block PSIPHON3 application we need to have HTTPS Inspection enabled on the gateway and the entire subnet in question should be subjected to HTTPS Inspection.
Enabling HTTPS inspection in a college environment is hard, because many are Mobile phone users. After installing the ssl certificate a warning message is showing- your device is monitoring a third party. At the time of device implementation, we successfully blocked all the tunnelling application without enabling HTTPS inspections. But on the recent Application Blade database update, these applications started getting connected.
If you want to block this application, you will must to block all VPN which are not yours. You may read about Psiphon for PC here or just follow the steps below to unblock the app:--
1. Enable DPI-SSL Client Inspection by going to DPI-SSL | Client SSL and selecting Enable SSL Client Inspection. Ensure that IPS, GAV, Spyware, and Application Firewall are selected.
2. Enable all Psiphon application signatures by going to Firewall | App Control Advanced. Select the category PROXY-ACCESS and application Psiphon. Configure the application to be blocked and logged.
3. Also block Encrypted Key Exchange TCP Random Traffic (SID 5).
4. Enable blocking of SSH app signature (SID 10097) "SSH -- Client Request Outbound", (or make access rule to block outbound TCP/22 SSH Service from LAN->WAN).