https://live.paloaltonetworks.com/t5/general-topics/can-not-block-x-vpn-on-port-80/m-p/996909#M122418 <P style="font-weight: 400;">Please can we have some assistance with blocking x-vpn. We currently have</P> <P style="font-weight: 400;">&nbsp;</P> <P style="font-weight: 400;">Decryption enabled</P> <P style="font-weight: 400;">DNS proxy enabled</P> <P style="font-weight: 400;">The threats are set to reset/drop/block in screenshots&nbsp;</P> <P style="font-weight: 400;">&nbsp;</P> <P style="font-weight: 400;">Despite all of this, the HTTP-2 connection method in x-vpn successfully establishes a connection by obfuscating as random allowed sites such as<SPAN>&nbsp;</SPAN><A href="https://urldefense.com/v3/__http://www.office.com__;!!CnhCG70!hCrQVOcB-m2sjrsOQvRIa6OA0Lj8Xq4X7PH_P7AzD9QbHTL_aFZcwGZRE5TvkTyyvWSJibMNg8YtMhWOIPXx8qNpGp27Oso$" target="_blank">www.office.com [office.com]</A>,<SPAN>&nbsp;</SPAN><A href="https://urldefense.com/v3/__http://www.yahoo.co.uk__;!!CnhCG70!hCrQVOcB-m2sjrsOQvRIa6OA0Lj8Xq4X7PH_P7AzD9QbHTL_aFZcwGZRE5TvkTyyvWSJibMNg8YtMhWOIPXx8qNp0I3kJzI$" target="_blank">www.yahoo.co.uk [yahoo.co.uk]</A>,<SPAN>&nbsp;</SPAN><A href="https://urldefense.com/v3/__http://www.google.com__;!!CnhCG70!hCrQVOcB-m2sjrsOQvRIa6OA0Lj8Xq4X7PH_P7AzD9QbHTL_aFZcwGZRE5TvkTyyvWSJibMNg8YtMhWOIPXx8qNp_QtOUOA$" target="_blank">www.google.com [google.com]</A><SPAN>&nbsp;</SPAN>etc.</P> <P style="font-weight: 400;">It uses<SPAN>&nbsp;port 80 for the obfuscation so there is no SSL to decrypt. For example, it will obfuscate&nbsp;</SPAN><A href="https://urldefense.com/v3/__http://www.yahoo.co.uk__;!!CnhCG70!hHg30qL-xMrqOlFF130doeSQ8uUjEeE5Sru9zzO-vCaa_z9rDFAl7dX777RzrOxcaQ-UDC5Tr0Q27VOJmbHULLl4Azk5bRA$" target="_blank" rel="noopener" data-auth="NotApplicable">www.yahoo.co.uk [yahoo.co.uk]</A><SPAN>&nbsp;on port 80 (web-browsing)</SPAN></P> <P style="font-weight: 400;">&nbsp;</P> <P style="font-weight: 400;"><SPAN>Please see attached screenshot</SPAN></P> Fri, 06 Dec 2024 08:41:31 GMT Salathiwe 2024-12-06T08:41:31Z https://live.paloaltonetworks.com/t5/general-topics/can-not-block-x-vpn-on-port-80/m-p/996909#M122418 <P style="font-weight: 400;">Please can we have some assistance with blocking x-vpn. We currently have</P> <P style="font-weight: 400;">&nbsp;</P> <P style="font-weight: 400;">Decryption enabled</P> <P style="font-weight: 400;">DNS proxy enabled</P> <P style="font-weight: 400;">The threats are set to reset/drop/block in screenshots&nbsp;</P> <P style="font-weight: 400;">&nbsp;</P> <P style="font-weight: 400;">Despite all of this, the HTTP-2 connection method in x-vpn successfully establishes a connection by obfuscating as random allowed sites such as<SPAN>&nbsp;</SPAN><A href="https://urldefense.com/v3/__http://www.office.com__;!!CnhCG70!hCrQVOcB-m2sjrsOQvRIa6OA0Lj8Xq4X7PH_P7AzD9QbHTL_aFZcwGZRE5TvkTyyvWSJibMNg8YtMhWOIPXx8qNpGp27Oso$" target="_blank">www.office.com [office.com]</A>,<SPAN>&nbsp;</SPAN><A href="https://urldefense.com/v3/__http://www.yahoo.co.uk__;!!CnhCG70!hCrQVOcB-m2sjrsOQvRIa6OA0Lj8Xq4X7PH_P7AzD9QbHTL_aFZcwGZRE5TvkTyyvWSJibMNg8YtMhWOIPXx8qNp0I3kJzI$" target="_blank">www.yahoo.co.uk [yahoo.co.uk]</A>,<SPAN>&nbsp;</SPAN><A href="https://urldefense.com/v3/__http://www.google.com__;!!CnhCG70!hCrQVOcB-m2sjrsOQvRIa6OA0Lj8Xq4X7PH_P7AzD9QbHTL_aFZcwGZRE5TvkTyyvWSJibMNg8YtMhWOIPXx8qNp_QtOUOA$" target="_blank">www.google.com [google.com]</A><SPAN>&nbsp;</SPAN>etc.</P> <P style="font-weight: 400;">It uses<SPAN>&nbsp;port 80 for the obfuscation so there is no SSL to decrypt. For example, it will obfuscate&nbsp;</SPAN><A href="https://urldefense.com/v3/__http://www.yahoo.co.uk__;!!CnhCG70!hHg30qL-xMrqOlFF130doeSQ8uUjEeE5Sru9zzO-vCaa_z9rDFAl7dX777RzrOxcaQ-UDC5Tr0Q27VOJmbHULLl4Azk5bRA$" target="_blank" rel="noopener" data-auth="NotApplicable">www.yahoo.co.uk [yahoo.co.uk]</A><SPAN>&nbsp;on port 80 (web-browsing)</SPAN></P> <P style="font-weight: 400;">&nbsp;</P> <P style="font-weight: 400;"><SPAN>Please see attached screenshot</SPAN></P> Fri, 06 Dec 2024 08:41:31 GMT https://live.paloaltonetworks.com/t5/general-topics/can-not-block-x-vpn-on-port-80/m-p/996909#M122418 Salathiwe 2024-12-06T08:41:31Z https://live.paloaltonetworks.com/t5/general-topics/can-not-block-x-vpn-on-port-80/m-p/997297#M122471 <P>Hello,</P> <P>When you look at the unified logs, is there a URL or Application associated with it? If yes you should be able to block on it.</P> <P>Regards,</P> Mon, 09 Dec 2024 22:41:57 GMT https://live.paloaltonetworks.com/t5/general-topics/can-not-block-x-vpn-on-port-80/m-p/997297#M122471 OtakarKlier 2024-12-09T22:41:57Z