https://live.paloaltonetworks.com/t5/general-topics/block-vpn/m-p/74696#M41762 <P>Hi,</P> <P>How to block ssl vpn and &nbsp;ipsec vpn going from trust to untrust .</P> <P>&nbsp;</P> <P>I suspect few users are using &nbsp;like free vpn services like &nbsp;tunnel beer and hola vpn .</P> <P>&nbsp;</P> <P>How can i &nbsp;search those users &nbsp;from palo alto log.</P> <P>&nbsp;</P> <P>Some users are connected from inside to outside world (for official purpose ) using cisco anyconnect (ssl ) and ipsec .And i don't want revoke their permission . ( I need only monitor those users )&nbsp;</P> <P>&nbsp;</P> <P>Thanks</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thanks</P> Tue, 15 Mar 2016 01:08:44 GMT sib2017 2016-03-15T01:08:44Z https://live.paloaltonetworks.com/t5/general-topics/block-vpn/m-p/74696#M41762 <P>Hi,</P> <P>How to block ssl vpn and &nbsp;ipsec vpn going from trust to untrust .</P> <P>&nbsp;</P> <P>I suspect few users are using &nbsp;like free vpn services like &nbsp;tunnel beer and hola vpn .</P> <P>&nbsp;</P> <P>How can i &nbsp;search those users &nbsp;from palo alto log.</P> <P>&nbsp;</P> <P>Some users are connected from inside to outside world (for official purpose ) using cisco anyconnect (ssl ) and ipsec .And i don't want revoke their permission . ( I need only monitor those users )&nbsp;</P> <P>&nbsp;</P> <P>Thanks</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thanks</P> Tue, 15 Mar 2016 01:08:44 GMT https://live.paloaltonetworks.com/t5/general-topics/block-vpn/m-p/74696#M41762 sib2017 2016-03-15T01:08:44Z https://live.paloaltonetworks.com/t5/general-topics/block-vpn/m-p/74702#M41767 <P>Hi Sib</P> <P>&nbsp;</P> <P>as it's pretty difficult to differentiate between good and bad ipsec, i would recommend creating security policy based on user instead so you can allow certain users to have vpn tunnels while denying everyone else</P> <P>&nbsp;</P> <P>please take a look at this article: <A title="Getting Started: User-ID" href="https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-User-ID/ta-p/69321" target="_blank">Getting Started: User-ID</A></P> <P>&nbsp;</P> <P>To be able to identify the different applications used you will need to enable ssl decryption: <A title="SSL decryption resource list" href="https://live.paloaltonetworks.com/t5/Management-Articles/SSL-decryption-resource-list/ta-p/70397" target="_blank">SSL decryption resource list</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>lastly, to control all vpn/encrypted tunnel applications, you can create a behavior based application group (called an application filter) which will automatically contain all applications that create encrypted tunnels, and use that in a security policy to control access to these applications</P> <P>&nbsp;</P> <P><IMG src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/3085iCA41FFA931029304/image-size/original?v=mpbl-1&amp;px=-1" alt="application filter" title="application filter" border="0" /></P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 15 Mar 2016 08:58:00 GMT https://live.paloaltonetworks.com/t5/general-topics/block-vpn/m-p/74702#M41767 reaper 2016-03-15T08:58:00Z https://live.paloaltonetworks.com/t5/general-topics/block-vpn/m-p/74714#M41770 <P>You should consider deploying a url filter that has the category for proxy avoidance/ anonymizers blocked. &nbsp;This category is designed to block the activity you describe.</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 15 Mar 2016 10:14:15 GMT https://live.paloaltonetworks.com/t5/general-topics/block-vpn/m-p/74714#M41770 pulukas 2016-03-15T10:14:15Z