Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sagar_Manandhar
Advisor
Jump to solution

How to block Psiphon anomolyser

Hi,

The Application filering is not blocking the Phisphon anomilyser. In the log the first IP is blocked and then application redirect to the 80 port. What can i do to block it. In this community the case was raise earlier but no solution.

I have attached the log

Thank you

Sagar Manandhar

0 Kudos
1 Solution

Accepted Solutions
Sagar_Manandhar
Advisor

Finally able to block the psiphon with the help of tac.

The procedure is :

-install the latest hotfix in both gateway and management (may or may not be required)

- Enable https inspection and generate the self sign certificate.

- generate self-signed certificate and install it on all PC of the network (Would be easy if Active Directory is in use)

- Make a Policy for https inspection with "https" and "http_and_https_proxy" with ACtion=Inspection

- Add url and application policy to block the category "support file sharing".

 

Note: the psiphon is block for only devices in which we install the self-sign certificate. 

 

Thanks,

Sagar Manandhar

View solution in original post

6 Replies
PhoneBoy
Admin
Admin

It's like was said in Blocking Psiphon 3 R80.10‌, this is a fairly difficult anonymizer to block.

If you've followed the advice in the previous thread and you still see this traffic getting through, take packet captures of the relevant traffic and engage the TAC: Contact Support | Check Point Software 

Sagar_Manandhar
Advisor

sir,

i contacted tac but not getting the good response. every time i give the tac the remote session they only see the log and take the backup of the management and says that they will provide the hot-fix. And in every call they always say they are facing the similar problem from different other client and don't talk about the solution.

Thank you.

Sagar Manandhar

PhoneBoy
Admin
Admin

Please send me a private message with the relevant support SRs, I’ll have someone look at them.

0 Kudos
Sagar_Manandhar
Advisor

Finally able to block the psiphon with the help of tac.

The procedure is :

-install the latest hotfix in both gateway and management (may or may not be required)

- Enable https inspection and generate the self sign certificate.

- generate self-signed certificate and install it on all PC of the network (Would be easy if Active Directory is in use)

- Make a Policy for https inspection with "https" and "http_and_https_proxy" with ACtion=Inspection

- Add url and application policy to block the category "support file sharing".

 

Note: the psiphon is block for only devices in which we install the self-sign certificate. 

 

Thanks,

Sagar Manandhar

Tibin
Explorer

successfully block PSIPHON3 application we need to have HTTPS Inspection enabled on the gateway and the entire subnet in question should be subjected to HTTPS Inspection.

Enabling HTTPS inspection in a college environment is hard, because many are Mobile phone users. After installing the ssl certificate a warning message is showing- your device is monitoring a third party.  At the time of device implementation, we successfully blocked all the tunnelling application without enabling HTTPS inspections. But on the recent Application Blade database update, these applications started getting connected.

 

0 Kudos
Melissa_Clarke
Explorer

If you want to block this application, you will must to block all VPN which are not yours. You may read about Psiphon for PC here or just follow the steps below to unblock the app:--

1. Enable DPI-SSL Client Inspection by going to DPI-SSL | Client SSL and selecting Enable SSL Client Inspection. Ensure that IPS, GAV, Spyware, and Application Firewall are selected.

2. Enable all Psiphon application signatures by going to Firewall | App Control Advanced. Select the category PROXY-ACCESS and application Psiphon. Configure the application to be blocked and logged.

3. Also block Encrypted Key Exchange TCP Random Traffic (SID 5).

4. Enable blocking of SSH app signature (SID 10097) "SSH -- Client Request Outbound", (or make access rule to block outbound TCP/22 SSH Service from LAN->WAN).

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events