Decryption or blocking NordVPN

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Decryption or blocking NordVPN

L2 Linker

Is it possible for Palo Alto Firewall to decrypt third party VPN agent traffic such as NordVPN, NordLynx like decrypt HTTPS web-browsing traffic?

 

If it cannot decrypt these traffic, anyone know the App-ID for NordVPN, NordLynx?

I found some VPN app-ID like ciscovpn, open-vpn but no Nord related. What App-ID should I use to block NordVPN, NordLynx?

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

Decrypting would break the VPN connection. You would be better off blocking it like you are attempting to do. Check for the following applications, these are the typical apps identified for vpn client traffic.

https://applipedia.paloaltonetworks.com/

OtakarKlier_0-1652911638730.png

 

Also make sure to have a DENY ALL policy and only allow the traffic you want. This is always the tough one to implement since there are so many pieces to the puzzle.

Regards,

Thanks for you reply.

 

I can found some VPN client App-ID, but it seems like no NordVPN. Would you know the App-ID can block this VPN?

Cyber Elite
Cyber Elite

Hello,

We take the opposite approach here. We block everything and only allow things by exception. So its already blocked, but not by a particular app/url/ip address. Its blocked by my DENY ALL policy. You would have to know how they work and check the destination IP's and or ports used to block that particular service. However the question to ask is, why would someone from inside your network need to access a third party VPN provider?

 

Regards,

  • 3456 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!