Fullmoon
Platinum Member
- Total Posts : 948
- Scores: 16
- Reward points: 0
- Joined: 2010/08/02 18:02:10
- Status: offline
psiphon
now the headache backs again, anyone does the trick on how block psiphon? Im using FGT 1000C and FGT 92D running in FOS 5.4.3 and 5.2.10 seems psiphon able to bypass. applied ssl deep inspection (select all ports), blocked botnet p2p and proxy under app control, blocked web proxy under web filter profile, even limits the service to http/s and dns still no glory.
anyone willing to share their tricks on how to block psiphon? thanks
IPS Definitions Version 10.00070 IPS Engine Version 3.00299
|
hmtay_FTNT
Expert Member
- Total Posts : 228
- Scores: 49
- Reward points: 0
- Joined: 2017/02/22 11:02:10
- Status: offline
Hello,
Can you update your IPS Definition to 10.00071 or above. An update on the Psiphon signature was released in 10.00071 to cover the recent update.
On the same topic, with IPS Engine 3.00299 and FortiOS 5.4 and above, our Psiphon signature does not require SSL deep-inspection anymore. We have added a new feature into the engine that allows us to block it without deep inspecting the packet.
|
nawaysa
New Member
- Total Posts : 3
- Scores: 0
- Reward points: 0
- Joined: 2017/03/20 02:16:14
- Status: offline
I have update IPS and FOS but still Psiphone can bybass the fortigate?? any help please
|
hmtay_FTNT
Expert Member
- Total Posts : 228
- Scores: 49
- Reward points: 0
- Joined: 2017/02/22 11:02:10
- Status: offline
Did you enable certificate-inspection or deep-inspection? Can you show me the output to the CLI command "diagnose autoupdate versions? Can you send me your configuration file in a PM? Thanks.
HoMing
|
Fullmoon
Platinum Member
- Total Posts : 948
- Scores: 16
- Reward points: 0
- Joined: 2010/08/02 18:02:10
- Status: offline
dear hmtay_FTNT, TAC sent me IPS signature FOS 5.2.10 (flen-520-3.0406.pkg) few days back, i thought I was able to blocked psiphon completely but after a few minutes of waiting, psiphon successfully connected. whew!i started to scratched my head again ;-)
|
nawaysa
New Member
- Total Posts : 3
- Scores: 0
- Reward points: 0
- Joined: 2017/03/20 02:16:14
- Status: offline
Last Update Attempt: Tue Mar 21 12:24:18 2017 Result: No Updates Botnet Domain Database --------- Version: 1.00638 Contract Expiry Date: n/a Last Updated using manual update on Tue Jan 10 11:02:00 2017 Last Update Attempt: n/a Result: Updates Installed Modem List --------- Version: 0.000 Device and OS Identification --------- Version: 1.00055 Contract Expiry Date: Thu Nov 29 2018 Last Updated using manual update on Fri Mar 3 23:15:00 2017 Last Update Attempt: Tue Mar 21 12:24:18 2017 Result: No Updates IP Geography DB --------- Version: 1.062 Contract Expiry Date: n/a Last Update Date: Fri Mar 10 18:09:33 2017 Certificate Bundle --------- Version: 1.00005 Last Update Date: Thu May 5 10:58:00 2016 FDS Address --------- 96.45.33.81-443 URL White list --------- Version: 1.00618 Contract Expiry Date: Thu Nov 29 2018 Last Updated using scheduled update on Mon Mar 20 18:24:23 2017 Last Update Attempt: Tue Mar 21 12:24:18 2017 Result: No Updates Primary_FortiGate # I enable ssl deep inspection , but still user can bybass fortigate
|
hmtay_FTNT
Expert Member
- Total Posts : 228
- Scores: 49
- Reward points: 0
- Joined: 2017/02/22 11:02:10
- Status: offline
nawaysa,
Your "diagnose autoupdate versions" is incomplete. I dont see any info about your IPS Engine and IPS Definition versions. Can you PM your configuration file to me and let me know which policy ID are you using?
|
nawaysa
New Member
- Total Posts : 3
- Scores: 0
- Reward points: 0
- Joined: 2017/03/20 02:16:14
- Status: offline
Is there any new solution to block Psiphon?????
|
juanchonica
New Member
- Total Posts : 6
- Scores: 0
- Reward points: 0
- Joined: 2015/04/02 15:31:08
- Status: offline
the only way is apply ssl deep inspection and install certificate in ALL computers in your network
|
Itsmejerry04
New Member
- Total Posts : 2
- Scores: 0
- Reward points: 0
- Joined: 2018/12/05 19:39:05
- Status: offline
The speed of the service is certainly acceptable, If you want to block this Psiphon VPN, you will must to block all VPN which are not yours.
post edited by Itsmejerry04 - 2019/01/08 04:17:34
|
juancava
New Member
- Total Posts : 1
- Scores: 1
- Reward points: 0
- Joined: 2018/12/17 04:11:22
- Status: offline
Any update on this? I have a FortiGate 500D with deep inspection. All clients have to use a certificate, but I can't block psiphon, even if it is blocked in application control. I'm managing a high school, and this is starting to become a very big problem.
|
Ashik Sheik
Gold Member
- Total Posts : 159
- Scores: 13
- Reward points: 0
- Joined: 2015/04/17 04:33:45
- Location: Doha,Qatar
- Status: offline
Hi
Any suggestions to block psiphon we can't use deep packet inspection due to current firewall architecture .
|
binnyrog
New Member
- Total Posts : 4
- Scores: 0
- Reward points: 0
- Joined: 2019/06/20 00:43:09
- Status: offline
Why is Fortigate is not able to block Psiphon even with the application controls and deep packet inspection? It's giving me a headache going through the settings and blocking Psiphon.
Did anyone get success in blocking the same?
|
Ashik Sheik
Gold Member
- Total Posts : 159
- Scores: 13
- Reward points: 0
- Joined: 2015/04/17 04:33:45
- Location: Doha,Qatar
- Status: offline
The only other method I can think of is to block based on IP addresses. You may consider the ISDB (internet service database) and block based proxy IP category. Hoping that the addresses they use are part of this group.
|
Shehroz
New Member
- Total Posts : 1
- Scores: 0
- Reward points: 0
- Joined: 2019/07/01 23:38:51
- Status: offline
I have same issue since i install fortigate i'm unable to block psiphon vpn app but in the logs section of app control and web filter it is continue blocking but in the actual users are able to connect through psiphon on pc as well as on mobile using corporate wifi network. I was using fortiOS 5.6.8 and yesterday have upgraded to 5.6.9 but issue is the same it is showing block in app and web but not blocking in actual..
Any expert can give lead pl
|
cwb2205
Bronze Member
- Total Posts : 24
- Scores: 0
- Reward points: 0
- Joined: 2019/07/01 17:15:39
- Status: offline
I have a Fortgate 500E I just set up at at client running FortiOS 5.0.6. We have application control blocking all Proxy signatures which I have applied to their internet policies. I am seeing daily hits on the firewall blocking Psiphon. I just checked the signatures for application control and Psiphon is there.
currently running app control version 14.00659
|
geekmooc
New Member
- Total Posts : 1
- Scores: 0
- Reward points: 0
- Joined: 2020/07/22 18:26:33
- Status: offline
|
thanh
New Member
- Total Posts : 1
- Scores: 0
- Reward points: 0
- Joined: 2020/11/26 07:52:10
- Status: offline
My problem is someones are using proxy/vpn mobile apps to access social media sites (like youtube and facebook), i can't find any way to restrict its !
|