05-18-2022 06:36 AM
Is it possible for Palo Alto Firewall to decrypt third party VPN agent traffic such as NordVPN, NordLynx like decrypt HTTPS web-browsing traffic?
If it cannot decrypt these traffic, anyone know the App-ID for NordVPN, NordLynx?
I found some VPN app-ID like ciscovpn, open-vpn but no Nord related. What App-ID should I use to block NordVPN, NordLynx?
05-18-2022 03:11 PM
Hello,
Decrypting would break the VPN connection. You would be better off blocking it like you are attempting to do. Check for the following applications, these are the typical apps identified for vpn client traffic.
https://applipedia.paloaltonetworks.com/
Also make sure to have a DENY ALL policy and only allow the traffic you want. This is always the tough one to implement since there are so many pieces to the puzzle.
Regards,
05-18-2022 07:39 PM
Thanks for you reply.
I can found some VPN client App-ID, but it seems like no NordVPN. Would you know the App-ID can block this VPN?
05-19-2022 01:00 PM
Hello,
We take the opposite approach here. We block everything and only allow things by exception. So its already blocked, but not by a particular app/url/ip address. Its blocked by my DENY ALL policy. You would have to know how they work and check the destination IP's and or ports used to block that particular service. However the question to ask is, why would someone from inside your network need to access a third party VPN provider?
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
