topic Re: Psiphon application in General Topics

Psiphon application

Jafar_Hussain — Mon, 03 May 2021 08:22:47 GMT

Hello All,

I have configured to block streaming-media and online-storage-and-backup category by URL filtering profile.

Issue:- Users will connect to the Psiphon application and can access the blocking website.

I tried the below option:-

- Apply SSL forward proxy decryption with decryption profile to check block session with unsupported cipher suites.
- I have gone through the below KB and tried to block the Psiphon but couldn't

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClU2CAK

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDzCAK

Below is the screen-shot before connecting the Psiphon application and it is expected.:-

Below is the screenshot after connecting the Psiphon application.

has anyone had an idea how I can block this?

Re: Psiphon application

Deepak_K — Mon, 03 May 2021 13:15:42 GMT

Try below steps :

1. Block unknow category in url filtering profile

2. Do not bypass any pre-defined url category in decryption bypass.

3. In decryption rule select service any.

After applying this steps Psiphon is connecting only few seconds (20sec -30 sec) , and after that its disconnecting automatically.

Re: Psiphon application

BPry — Mon, 03 May 2021 19:01:22 GMT

@Jafar_Hussain,

Create a policy that includes consequences for accessing blocked resources, and then have management backing to enforce those consequences. That's the only way you're ever going to stop people finding new ways to bypass your efforts, and you'll never be able to fully prevent someone from doing so.

Re: Psiphon application

tuteng — Tue, 04 May 2021 02:48:58 GMT

thanks

Re: Psiphon application

Jafar_Hussain — Tue, 04 May 2021 06:01:05 GMT

@Deepak_K @tuteng @BPry

Tried with the option provided by Deepak, but still, the issue is the same.

Re: Psiphon application

Ahmed.khokha — Wed, 08 Sep 2021 18:37:31 GMT

In addition to all of the above, put and monitor Psiphon traffic to external and you will find that it every time it tries to connecting, it visits many sites that make his connection and to his server as a tunnel connection to bypass the traffic.

Try to block these sites because they are not in the blocked category of sites, but note that there are very many of them.

Re: Psiphon application

kcampos — Tue, 19 Apr 2022 19:28:30 GMT

Hello everyone,

Has anyone succeeded in blocking this app recently?

Re: Psiphon application

Adrian_Jensen — Tue, 19 Apr 2022 21:02:18 GMT

There is an existing "psiphon" Application ID with a risk score of 5 (not sure when it was added). Presumably you could identify the traffic by application and drop/reset it automatically in a rule once detected. We have an explicit drop rule for all applications with a risk score of 5.