USG40

Hello everyone... i have usg40 and i want to block all vpn applications like psiphon...how to do this
«1

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @joudeh1996,
    Welcome to Zyxel community. :) You can block VPN service by App patrol.
    1) Go to CONFIGURATION >  UTM profile > App patrol, and select "Bypass_Proxies_and_Tunnels service" to create app profile.

    2) Apply app profile to security policy at CONFIGURATION  > Security Policy > LAN_Outgoing.

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    App patrol is a yearly payed service?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Yep, it's yearly payed license service.
  • After doing all the suggested steps
    PSIPHON  is still working
    Any suggestions?
  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Did you select all?
    is service status active? 
     
  • yes i do
    Psiphon still working
  • SamerShream
    SamerShream Posts: 6  Freshman Member
    Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Security

    I have the same problem (PSIPHON  is still working)
     Please help



  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    So I decided to activate my Trial on Zywall 110 (updated the Signature) to block this Psiphon and even with only ports 80,443,53 to block this it was allowed. Now this is not surprising to me you can bypass anything to look like normal traffic.

    So what are your options...well you could block the IP of the servers which will take time to do and thats if they don't change over time.


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited August 2022
    Hi @joudeh1996,
    We would like to conduct a lab test.
    Did you test on Mobile version(IOS/Android) or Windows Desktop version?
  • How to update my signature?