1

Have anyone managed to block psiphon3 completely using Sophos XGS Firewall or any other firewalls?

Anyone managed to completely block it? I’d love to hear how you did and gone about blocking it.

3 Spice ups
2

The short answer is no, not just for this firewall, but most.

The product is evasive and notorious to block, completely.

You can use a combination of

Sophos Firewall: Block unwanted firewall/proxy-evading applications

Sophos Firewall: Configure recommended settings for P2P and Proxy and Tunnel

To get you some way to blocking parts, but not all.

You should also block categories: Anonymizers, Spam URLs, Uncategorized, Parked Domains, Spyware & Malware.

2 Spice ups
3

Sophos XGS’s have a pre-defined Application Filter for PSiphon Proxys and Tunnels you could try as a top positioned deny action.

You’ll probably need to enable both HTTPS scanning and DPI-SSL inspection too.

Also IPS if enabled on your rules should detect and block Psiphon, even if ports used fall within your usual allowed ports.

4

In my case, I’ve managed to block the Psiphon3 by doing the following;

Rule One: DNS Rule

  • Allowed internal DNS Server with DNS Service to passthrough from LAN to WAN to trusted DNS server

Rule Two: Exception Rule

  • Created a bypass rule where I specify only destination hosts for certain sites that are blocked and place it before the base rule
  • Allowed only https services to passthrough

Rule Three: Base Rule

  • Web Category: Allow only business related categories while the rest are being blocked
  • Application Filtering: Allow all business related applications while unused categories are blocked
  • I’ve allowed only https port from LAN to WAN
  • Destination I’ve put the only countries that were closer to me where I will access the services from.

Rule Four: DENY ALL

  • LAN to WAN with any services/destination/application is blocked.

This works for me which I’ve deployed to one of my customer.