Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Blocking Hexa Protocol (Hexatech VPN)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Blocking Hexa Protocol (Hexatech VPN)

L0 Member

I just became aware of this yesterday, but we were seeing a rise recently in "unknown-udp" traffic on our Palo Alto Firewalls and have discovered what it was.  The amount of traffic was significant - always used the more bandwidth than anything else on the network.  There is a new-ish VPN service by BetterNet that uses a protocol called "Hexa" (https://www.betternet.co/hexatech-vpn) and is free to install on Android and IOS devices.  It tunnels 100% over UDP on randomized ports to over 2300 IP addresses that we've been able to isolate.  It's designed specifically to be evasive and be difficult to block.

 

As I work for a large K-12 school district, we are obligated to take measures to ensure students are not using applications like this to circumvent web filtering.  I have a case open with Palo Alto to see if an app-id is possible but in the meantime we've managed to stop this service from functioning by blocking any "unknown-udp" traffic.

 

If anyone else has run across this and has a better solution, I'm all ears.

4 REPLIES 4

L0 Member

I see this is over a year old, but it's the only "betternet" result on the community.  Did you have any luck?  Or did anyone else on here find a way and I'm just not seeing it?  

 

I too am in K-12 and have try my best to block this.  I'm seeing it flagged on URL filtering, but it still works, unfortunately.

@Ashley_Bell,

Palo Alto actually has a App-ID for this; hexatech-vpn. I'm not sure how reliable it is but do you see that app-id within your logs at all? 

I do, trying it out now. I appreciate the quick response!

 

Looks like the app itself isn't blocked and content gets through - but the content is severely slowed, which if it makes it unusable, then good!  🙂

I was able to block it completely by blocking 'unknown-udp' and 'hexatech-vpn'.

  • 2851 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!