Palo Alto Networks Knowledgebase: How to Block the GOM VPN Application

How to Block the GOM VPN Application

8088
Created On 02/07/19 23:43 PM - Last Updated 02/07/19 23:44 PM
URL Filtering
Resolution

GOM VPN is an extension in the Chrome browser that enables blocked websites to be browsed through the firewall by encrypting the data inside the SSL connection.

 

In order for blocked websites to still be blocked, the GOM VPN SSL connection needs to be blocked through the firewall.

There are two approaches to block GOM VPN. This article outlines both approaches.

 

 

Method 1 to block GOM VPN

 

Note: This approach requires URL filtering license and database on the firewall. To understand the behavior in case the license expires, please click here

 

The GOM VPN connection is categorized as "proxy-avoidance-and-anonymizers". Some of the hosts that GOM VPN tries to connect to are "b-7.gomcomm.com", "b-4.gomcomm.com", "b-9.gomcomm.com" etc. To check the category of the URL, the following websites can be used:

 

BrightCloud's URL Test site:

http://www.brightcloud.com/tools/url-ip-lookup.php

 

Palo Alto Networks URL Test site:

https://urlfiltering.paloaltonetworks.com/testasite.aspx

 

 

Step 1. Set the action for "proxy-avoidance-and-anonymizers" to "block" in the URL filtering profile (Objects > Security Profiles > URL Filtering) as follows:

 

 

Screen Shot 2016-12-18 at 11.59.22 AM.png

 

Step 2. Use this URL filtering profile in the security policy that allows the traffic to Internet.

 

Screen Shot 2016-12-18 at 11.57.57 AM.png

 

 

Step 3. URL filtering logs depicting GOM connection being blocked:

 

Screen Shot 2016-12-18 at 11.42.17 AM.png

 

 

Method 2 to block GOM VPN

 

Note: This approach can be used even if there is no URL filtering license on the firewall. (since predefined-categories would not be used)

 

Step 1. Since GOM VPN connection are made to hosts "*.gomcomm.com" and "gomcomm.com", these URLs can be used in custom URL category (Objects > Custom Objects > URL Category) as follows:

 

Screen Shot 2016-12-18 at 11.47.43 AM.png

 

 

Step 2. When done, either use a URL filtering profile in the security policy and set the action of this custom category to "block" in URL filtering profile or, use this custom URL category directly in security policy with the action of security policy set to "deny".

 

Note:

 

  • You would get "No valid URL filtering license" warnings when this custom URL category is referred in URL filtering profile and there is no URL filtering license on the firewall.
  • There would be no warning when this custom URL category is used directly in security policy even if there is no URL filtering license.


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpiCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language