topic Re: Decryption or blocking NordVPN in General Topics

Decryption or blocking NordVPN

JoeKwok — Wed, 18 May 2022 13:36:10 GMT

Is it possible for Palo Alto Firewall to decrypt third party VPN agent traffic such as NordVPN, NordLynx like decrypt HTTPS web-browsing traffic?

If it cannot decrypt these traffic, anyone know the App-ID for NordVPN, NordLynx?

I found some VPN app-ID like ciscovpn, open-vpn but no Nord related. What App-ID should I use to block NordVPN, NordLynx?

Re: Decryption or blocking NordVPN

OtakarKlier — Wed, 18 May 2022 22:11:10 GMT

Hello,

Decrypting would break the VPN connection. You would be better off blocking it like you are attempting to do. Check for the following applications, these are the typical apps identified for vpn client traffic.

https://applipedia.paloaltonetworks.com/

Also make sure to have a DENY ALL policy and only allow the traffic you want. This is always the tough one to implement since there are so many pieces to the puzzle.

Regards,

Re: Decryption or blocking NordVPN

JoeKwok — Thu, 19 May 2022 02:39:46 GMT

Thanks for you reply.

I can found some VPN client App-ID, but it seems like no NordVPN. Would you know the App-ID can block this VPN?

Re: Decryption or blocking NordVPN

OtakarKlier — Thu, 19 May 2022 20:00:03 GMT

Hello,

We take the opposite approach here. We block everything and only allow things by exception. So its already blocked, but not by a particular app/url/ip address. Its blocked by my DENY ALL policy. You would have to know how they work and check the destination IP's and or ports used to block that particular service. However the question to ask is, why would someone from inside your network need to access a third party VPN provider?

Regards,