This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vishnukanth
Explorer
Thursday
Jump to solution

BLOCK PSIPHON VPN

BLOCK PSIPHON VPN

I am trying to block Psiphon VPN on a Check Point firewall, but I am facing an issue.

I first attempted to block Psiphon using Application Control & URL Filtering.
The rule shows Drop logs, however Psiphon VPN continues to work at the user end.

Next, I enabled HTTPS Inspection and applied a block policy.
The logs show traffic as Inspected, but Psiphon VPN is still able to connect successfully.

I think that Psiphon VPN is bypassing the Check Point firewall, even though the logs indicate the traffic is being dropped/inspected.

Could anyone please advise on this,

Is there a recommended or proven method to block Psiphon VPN on Check Point?

Is this a known limitation, and should this be raised with Check Point TAC?

Any inputs or best-practice recommendations would be greatly appreciated.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
Friday
In response to vishnukanth
Jump to solution

I assume R81.20, then?
From recent TAC cases, it seems others are experiencing similar issues.
Problems blocking this app have been reported several times over the last few years.
Suggest opening a TAC case so we can investigate further.

View solution in original post

0 Kudos
10 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Friday
Jump to solution

We are missing some detail for us to be able to help effectively:

- What additional blades are enabled?

- What does the access policy look like for outbound traffic including things like SSH, QUIC etc?

- What version/JHF is the gateway?

CCSM R77/R80/ELITE
0 Kudos
vishnukanth
Explorer
Friday
In response to Chris_Atkinson
Jump to solution

Hi Chris,

1 the enabled blades are firewall,IPSEC VPN,Mobile access,APCL & URLF,Monitoring and we did the https inspection

2 the outbound traffic including things like 80,443,53 and we blocked the QUIC protocol

3 Next we created a HTTPS inspection rule with any services & default services and set the rule to inspect but still its working perfectly.

4 Gateways are installed with JHF T119

0 Kudos
PhoneBoy
Admin
Admin
Friday
In response to vishnukanth
Jump to solution

I assume R81.20, then?
From recent TAC cases, it seems others are experiencing similar issues.
Problems blocking this app have been reported several times over the last few years.
Suggest opening a TAC case so we can investigate further.

0 Kudos
Vincent_Bacher
Leader Leader
Leader
Friday
Jump to solution

Independent of your special use case, there is an old thread apparently discussing same topic:

Solved: Block Psiphon 2023 - Check Point CheckMates

Solution was an offline package to update the Psiphon signature. Maybe it fits to your case, then contacting TAC would be a good idea.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
Jump to solution

Is this what you used?

Screenshot_1.png

Best,
Andy
0 Kudos
vishnukanth
Explorer
Friday
In response to the_rock
Jump to solution

yes this is the application Iam trying to Block

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Friday
Jump to solution

Another thing I would try is also add custom app group and include *psiphon* in it and see if that works by blocking it.

Best,
Andy
0 Kudos
vishnukanth
Explorer
Friday
In response to the_rock
Jump to solution

Hi Rock,

I tried with custom application group,URL, categories as well.. but still its same

I cant able to block this Application with the CP firewall

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Saturday
In response to vishnukanth
Jump to solution

Do you have https inspection enabled? Nm, I see you do...I would open TAC case and see what they say.

Best,
Andy
0 Kudos
vishnukanth
Explorer
Saturday
In response to the_rock
Jump to solution

yes I have enabled the HTTPS INSPECTION! and the VPN is not blocked by CP firewall.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events