https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/79079#M43140 <P>I just became aware of this yesterday, but we were seeing a rise recently in "unknown-udp" traffic on our Palo Alto Firewalls and have discovered what it was.&nbsp; The amount of traffic was significant - always used the more bandwidth than anything else on the network.&nbsp; There is a new-ish VPN service by BetterNet that uses a protocol called "Hexa" (<A href="https://www.betternet.co/hexatech-vpn" target="_blank">https://www.betternet.co/hexatech-vpn</A>) and is free to install on Android and IOS devices.&nbsp; It tunnels 100% over UDP on randomized ports to over 2300 IP addresses that we've been able to isolate.&nbsp; It's designed specifically to be evasive and be difficult to block.</P> <P>&nbsp;</P> <P>As I work for a large K-12 school district, we are obligated to take measures to ensure students are not using applications like this to circumvent web filtering.&nbsp; I have a case open with Palo Alto to see if an app-id is possible but in the meantime we've managed to stop this service from functioning by blocking any "unknown-udp" traffic.</P> <P>&nbsp;</P> <P>If anyone else has run across this and has a better solution, I'm all ears.</P> Fri, 03 Jun 2016 16:06:50 GMT brian.karleFCPS 2016-06-03T16:06:50Z https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/79079#M43140 <P>I just became aware of this yesterday, but we were seeing a rise recently in "unknown-udp" traffic on our Palo Alto Firewalls and have discovered what it was.&nbsp; The amount of traffic was significant - always used the more bandwidth than anything else on the network.&nbsp; There is a new-ish VPN service by BetterNet that uses a protocol called "Hexa" (<A href="https://www.betternet.co/hexatech-vpn" target="_blank">https://www.betternet.co/hexatech-vpn</A>) and is free to install on Android and IOS devices.&nbsp; It tunnels 100% over UDP on randomized ports to over 2300 IP addresses that we've been able to isolate.&nbsp; It's designed specifically to be evasive and be difficult to block.</P> <P>&nbsp;</P> <P>As I work for a large K-12 school district, we are obligated to take measures to ensure students are not using applications like this to circumvent web filtering.&nbsp; I have a case open with Palo Alto to see if an app-id is possible but in the meantime we've managed to stop this service from functioning by blocking any "unknown-udp" traffic.</P> <P>&nbsp;</P> <P>If anyone else has run across this and has a better solution, I'm all ears.</P> Fri, 03 Jun 2016 16:06:50 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/79079#M43140 brian.karleFCPS 2016-06-03T16:06:50Z https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/172417#M54391 <P>I see this is over a year old, but it's the only "betternet" result on the community. &nbsp;Did you have any luck? &nbsp;Or did anyone else on here find a way and I'm just not seeing it? &nbsp;</P><P>&nbsp;</P><P>I too am in K-12 and have try my best to block this. &nbsp;I'm seeing it flagged on URL filtering, but it still works, unfortunately.</P> Mon, 21 Aug 2017 16:05:50 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/172417#M54391 Ashley_Bell 2017-08-21T16:05:50Z https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/172424#M54392 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/71440">@Ashley_Bell</a>,</P><P>Palo Alto actually has a App-ID for this;&nbsp;<SPAN>hexatech-vpn. I'm not sure how reliable it is but do you see that app-id within your logs at all?&nbsp;</SPAN></P> Mon, 21 Aug 2017 16:26:37 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/172424#M54392 BPry 2017-08-21T16:26:37Z https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/172434#M54400 <P>I do, trying it out now. I appreciate the quick response!</P><P>&nbsp;</P><P>Looks like the app itself isn't blocked and content gets through - but the content is severely slowed, which if it makes it unusable, then good! &nbsp;<span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 21 Aug 2017 17:15:00 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/172434#M54400 Ashley_Bell 2017-08-21T17:15:00Z https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/172443#M54408 <P>I was able to block it completely by blocking 'unknown-udp' and 'hexatech-vpn'.</P> Mon, 21 Aug 2017 18:46:08 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-hexa-protocol-hexatech-vpn/m-p/172443#M54408 brian.karleFCPS 2017-08-21T18:46:08Z