03-28-2017 02:18 AM
I am currently facing paloalto can't block and see hotspot shield app.
Our organization do not want to use ssl decryption to block hotspot shield.
Any other solutions to block hotsport shield without decryption ???
03-28-2017 02:52 AM - edited 03-28-2017 02:53 AM
I tried it just now and PA detected hotspot-shild app without SSL decrpytion. However i don't know what happens if you put it on block and app tries to connect to some less known IPs and/or URLs. I guess in that case SSL decryption is needed.
But that goes for any device; you need to decrypt SSL to be able to see what's inside. Without that you're limitd to known URL and IP blocking.
03-28-2017 03:33 AM
hotspot-shield depends on ike, ipsec-esp-udp, ssl and web-browsing
maybe you're allowing ike or ipsec through in a different rule? (as these are generic protocols that can't be differentiated between layer7 applications)
04-06-2017 02:45 AM
Thanks for your cooperation.
Currently, PA can block Hotspot Shield for computers.
But,PA did not know and can't still block Hotspot Shield for mobile phones such as android and IOS.
Do you have any idea to block Mobile Phone Hotspot Shield ???
Please let me know.
04-06-2017 03:56 AM
It happened with me one time and I had to block unknown-tcp & unknown-udp to work. You may check this in the traffic monitor screen to see if this applications are really used on not.
04-06-2017 10:26 PM
04-10-2017 01:27 AM
It seems that you are struggling with blocking Proxy applications like Hotspot Shield but the major point here is that you can only ensure that all Hotspot shield attempts are blocked by enabling the SSL Decryption.
As you say the SSL Decryption is not possible on your network then the possibility of the user to bypass the Firewall is high because these Proxy applications like Hotspot shield users IKE, IPSEC, SSH, SSL to create encrypted tunnels which will completely bypass the filtering...
You may block Unknown-UDP / TCP and it will block a considerable amount of users but again these apps are trying to bypass the limitation using these ports which will be very difficult to block with a security policy....
Ports: 22, 53, 443, 80, 8080 and many mores or it will open ports....
Monitoring the logs will shows the App is blocked but in the other hand many attempts has already bypassed the firewall...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!