Recently, I have issues with the application called Psiphon, this app is eating my internet based on authentication portal page.
As I check previous threads in the community, all speaking about a decrypted traffic or blocking an applications that are vital such as http-proxy
,ike, ipsec, l2tp, ssh, ssh-tunnel.
it a virtual wire deployment and traffic decryption can't be done due to network needs.
Any one who could succeed in this Psiphon blocking because simply blocking the application in a security rule is not working unless traffic being decrypted.
Any recommendation, Thanx in advance.
If you can't enable decryption and you can't block the associated app-ids that the traffic relies on, the next possible step would be blocking the domains or hosts that Psiphon relies on. Due to how Psiphon works and how it connects, you can't really successfully block it without Decryption enabled.
If this is something you simply can't enable on your network I would start blocking clients you've identified as running this traffic. Assuming you have rules against bypassing your firewall, simply block anyone you've identified as bypassing the firewall.
i had that same issue but with users personal mobile phones, i made a dynamic group and auto tagged and blocked the users that used psiphone.
as you will see that psiphone tries to connect with ssh as well and changes the sites SNI field to random sites to hide the URL traffic
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!