USG40

joudeh1996
joudeh1996 Posts: 8
First Anniversary
in Security
Hello everyone... i have usg40 and i want to block all vpn applications like psiphon...how to do this
«1

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,510  Zyxel Employee
    100 Answers Sixth Anniversary 1000 Comments Zyxel Certified Sales Associate
    Hi @joudeh1996,
    Welcome to Zyxel community. :) You can block VPN service by App patrol.
    1) Go to CONFIGURATION >  UTM profile > App patrol, and select "Bypass_Proxies_and_Tunnels service" to create app profile.

    2) Apply app profile to security policy at CONFIGURATION  > Security Policy > LAN_Outgoing.

    Don't miss this great chance to upgrade your Nebula org. for free!

    Untitled Image
    Untitled Image

  • mMontana
    mMontana Posts: 1,351  Guru Member
    Fifth Anniversary Community MVP 50 Answers 1000 Comments
    App patrol is a yearly payed service?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,510  Zyxel Employee
    100 Answers Sixth Anniversary 1000 Comments Zyxel Certified Sales Associate
    Yep, it's yearly payed license service.

    Don't miss this great chance to upgrade your Nebula org. for free!

    Untitled Image
    Untitled Image

  • joudeh1996
    joudeh1996 Posts: 8
    First Anniversary
    After doing all the suggested steps
    PSIPHON  is still working
    Any suggestions?
  • PeterUK
    PeterUK Posts: 3,118  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers
    Did you select all?
    is service status active? 
     
  • joudeh1996
    joudeh1996 Posts: 8
    First Anniversary
    yes i do
    Psiphon still working
  • SamerShream
    SamerShream Posts: 6  Freshman Member
    Zyxel Certified Network Engineer Level 2 - Switch Second Anniversary Network Detective Badge First Comment

    I have the same problem (PSIPHON  is still working)
     Please help


  • PeterUK
    PeterUK Posts: 3,118  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers

    So I decided to activate my Trial on Zywall 110 (updated the Signature) to block this Psiphon and even with only ports 80,443,53 to block this it was allowed. Now this is not surprising to me you can bypass anything to look like normal traffic.

    So what are your options...well you could block the IP of the servers which will take time to do and thats if they don't change over time.


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,510  Zyxel Employee
    100 Answers Sixth Anniversary 1000 Comments Zyxel Certified Sales Associate
    edited August 2022
    Hi @joudeh1996,
    We would like to conduct a lab test.
    Did you test on Mobile version(IOS/Android) or Windows Desktop version?

    Don't miss this great chance to upgrade your Nebula org. for free!

    Untitled Image
    Untitled Image

  • joudeh1996
    joudeh1996 Posts: 8
    First Anniversary
    How to update my signature?

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)