USG40
All Replies
-
I tried on Windows and AndroidIt still connectedWhat to do?I'm ready to remotely connection to view my problem0
-
joudeh1996 said:How to update my signature?
Config > licensing > signature update > IDP/AppPatrol tab
I tested on Mobile with Android 12 the app is called Psiphon Pro think they did a good job of bypassing the firewall short from blocking all LAN to WAN that is.
0 -
0
-
0
-
Since Psiphon will try to go through these ports, QUIC(UDP port 443), SSH(TCP port 22)/DNS(TCP/UDP port 53)/HTTP(TCP port 80)/HTTPs(TCP port 443)
So I doing couple test with Psiphon pro on Android 12 phone under ZyWALL110.
Test case 1:
Allow only HTTP(TCP port 80) from Android phone to Internet + App Patrol block Psiphon
Result: Can block Psiphon
Test case 2:
Allow only HTTPs(TCP port 443) from Android phone to Internet + App Patrol block Psiphon + SSL inspection(block un-supported/untrusted cipher & inspection TLS 1.0/1.1/1.2)
Result: Cannot block Psiphon. In App Patrol statistic the traffic is aware as SSL/TLS (Access).
Test case 3:
Allow only SSH(TCP port 22) from Android phone to Internet + App Patrol block Psiphon
Result: Cannot block Psiphon. In App Patrol statistic the traffic is aware as Secure Shell (SSH) (Authentication).
Test case 4:
Allow only DNS(UDP port 53) from Android phone to Internet + App Patrol block Psiphon
Result: Cannot block Psiphon. In App Patrol statistic the traffic is aware as DNS (Access).
So here my thought,
Lok like no effective way to block Psiphon with my ZyWALL110.
Although with the test case 1 can block it.
But the main issue is, it not possible to block HTTPs port for Internet surfacing.
0 -
But might be possible by doing this
https://community.zyxel.com/en/discussion/14061/ssl-tls-filtering-must-have-extension-server-name
Since Psiphon gets around this by not having the extension server_name and by blocking traffic without this might stop Psiphon with limited outgoing ports rules.
0 -
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight