https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/566733#M2066 <P>Hi,</P> <P>&nbsp;</P> <P>so if the users are applying VPN's why dont you create a rule for lets say 'zone class B' that is not allow to do traffic the traffic that you saw?<BR />do the rule based on layer 4 tcp/udp port number</P> Wed, 22 Nov 2023 16:49:42 GMT Major2375 2023-11-22T16:49:42Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/523987#M1806 <P>Hello Livecommunity. We are in a bind. We have numerous students on our school networks that are bypassing security profile rules with VPNs. So frustrating. I do have rulesets that look for annnomizers and proxies. I also have explicit rules that look for categories such as Facebook, Snapchat, etc... Not sure what to do. I worry that the more rules I setup in the firewall, the more work it has to do and gets sluggish? Am I right? I did see something about disabling 'QUIC" which I can but want this firewall to be optimized and working very well.&nbsp;</P> <P>&nbsp;</P> <P>Any suggestions (even mean ones) appreciated.&nbsp;</P> <P>&nbsp;</P> <P>Best,</P> <P>&nbsp;</P> <P>Jean-Claude</P> Tue, 13 Dec 2022 17:56:51 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/523987#M1806 JCMoritz 2022-12-13T17:56:51Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/523989#M1807 <P>Firewall don't see into QUIC traffic so it is best practice to block it.</P> <P>Block URL category proxy-avoidance-and-anonymizers</P> <P>&nbsp;</P> <P>In addition create application filter for subcategory "encrypted-tunnel" (Objects &gt; Application Filters) and block it for students.</P> <P>Place this block rule after you have permitted outgoing SSL application.</P> <P>&nbsp;</P> Tue, 13 Dec 2022 18:06:20 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/523989#M1807 Raido_Rattameister 2022-12-13T18:06:20Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/523990#M1808 <P>Thanks&nbsp;@Radio_Rattameister, will try tonight.&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 13 Dec 2022 18:13:51 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/523990#M1808 JCMoritz 2022-12-13T18:13:51Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/566562#M2064 <P>I hope you found a solution to the problem.</P> Tue, 21 Nov 2023 21:23:03 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/566562#M2064 StephenPrevost 2023-11-21T21:23:03Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/566733#M2066 <P>Hi,</P> <P>&nbsp;</P> <P>so if the users are applying VPN's why dont you create a rule for lets say 'zone class B' that is not allow to do traffic the traffic that you saw?<BR />do the rule based on layer 4 tcp/udp port number</P> Wed, 22 Nov 2023 16:49:42 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/student-extensive-use-of-vpns/m-p/566733#M2066 Major2375 2023-11-22T16:49:42Z