https://live.paloaltonetworks.com/t5/general-topics/psiphon-blocking-in-a-non-decrypted-network/m-p/436629#M96288 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/159497">@MRamadanAHafiez</a>,</P><P>If you can't enable decryption and you can't block the associated app-ids that the traffic relies on, the next possible step would be blocking the domains or hosts that Psiphon relies on. Due to how Psiphon works and how it connects, you&nbsp;<STRONG>can't&nbsp;</STRONG>really successfully block it without Decryption enabled.&nbsp;</P><P>If this is something you simply can't enable on your network I would start blocking clients you've identified as running this traffic. Assuming you have rules against bypassing your firewall, simply block anyone you've identified as bypassing the firewall.&nbsp;</P> Sun, 26 Sep 2021 03:16:39 GMT BPry 2021-09-26T03:16:39Z https://live.paloaltonetworks.com/t5/general-topics/psiphon-blocking-in-a-non-decrypted-network/m-p/436573#M96277 <P>Hello Bros'</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Recently, I have issues with the application called Psiphon, this app is eating my internet based on authentication portal page.</P><P>As I check previous threads in the community, all speaking about a decrypted traffic or blocking an applications that are vital such as&nbsp;http-proxy<BR />,ike, ipsec, l2tp, ssh,&nbsp;ssh-tunnel.</P><P>it a virtual wire deployment and traffic decryption can't be done due to network needs.</P><P>Any one who could succeed in this Psiphon blocking because simply blocking the application in a security rule is not working unless traffic being decrypted.</P><P>&nbsp;</P><P>Any recommendation, Thanx in advance.</P> Sat, 25 Sep 2021 14:06:27 GMT https://live.paloaltonetworks.com/t5/general-topics/psiphon-blocking-in-a-non-decrypted-network/m-p/436573#M96277 MRamadanAHafiez 2021-09-25T14:06:27Z https://live.paloaltonetworks.com/t5/general-topics/psiphon-blocking-in-a-non-decrypted-network/m-p/436629#M96288 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/159497">@MRamadanAHafiez</a>,</P><P>If you can't enable decryption and you can't block the associated app-ids that the traffic relies on, the next possible step would be blocking the domains or hosts that Psiphon relies on. Due to how Psiphon works and how it connects, you&nbsp;<STRONG>can't&nbsp;</STRONG>really successfully block it without Decryption enabled.&nbsp;</P><P>If this is something you simply can't enable on your network I would start blocking clients you've identified as running this traffic. Assuming you have rules against bypassing your firewall, simply block anyone you've identified as bypassing the firewall.&nbsp;</P> Sun, 26 Sep 2021 03:16:39 GMT https://live.paloaltonetworks.com/t5/general-topics/psiphon-blocking-in-a-non-decrypted-network/m-p/436629#M96288 BPry 2021-09-26T03:16:39Z https://live.paloaltonetworks.com/t5/general-topics/psiphon-blocking-in-a-non-decrypted-network/m-p/437109#M97391 <P>i had that same issue but with users personal mobile phones, i made a dynamic group and auto tagged and blocked the users that used psiphone.</P><P>&nbsp;</P><P>as you will see that psiphone tries to connect with ssh as well and changes the sites SNI field to random sites to hide the URL traffic</P> Tue, 28 Sep 2021 08:04:10 GMT https://live.paloaltonetworks.com/t5/general-topics/psiphon-blocking-in-a-non-decrypted-network/m-p/437109#M97391 LAS 2021-09-28T08:04:10Z https://live.paloaltonetworks.com/t5/general-topics/psiphon-blocking-in-a-non-decrypted-network/m-p/439852#M99847 <P>Thank for you add LAS.</P><P>I have exactly same issue with mobile phone but the psiohon changes alot, hence blocking it won't work.&nbsp;</P> Sat, 09 Oct 2021 19:39:34 GMT https://live.paloaltonetworks.com/t5/general-topics/psiphon-blocking-in-a-non-decrypted-network/m-p/439852#M99847 MRamadanAHafiez 2021-10-09T19:39:34Z