Palo Alto Networks Knowledgebase: How to Block the GOM VPN Application
How to Block the GOM VPN Application
Created On 02/07/19 23:43 PM - Last Updated 02/07/19 23:44 PM
GOM VPN is an extension in the Chrome browser that enables blocked websites to be browsed through the firewall by encrypting the data inside the SSL connection.
In order for blocked websites to still be blocked, the GOM VPN SSL connection needs to be blocked through the firewall.
There are two approaches to block GOM VPN. This article outlines both approaches.
Method 1 to block GOM VPN
Note: This approach requires URL filtering license and database on the firewall. To understand the behavior in case the license expires, please click here
The GOM VPN connection is categorized as "proxy-avoidance-and-anonymizers". Some of the hosts that GOM VPN tries to connect to are "b-7.gomcomm.com", "b-4.gomcomm.com", "b-9.gomcomm.com" etc. To check the category of the URL, the following websites can be used:
Step 1. Set the action for "proxy-avoidance-and-anonymizers" to "block" in the URL filtering profile (Objects > Security Profiles > URL Filtering) as follows:
Step 2. Use this URL filtering profile in the security policy that allows the traffic to Internet.
Step 3. URL filtering logs depicting GOM connection being blocked:
Method 2 to block GOM VPN
Note: This approach can be used even if there is no URL filtering license on the firewall. (since predefined-categories would not be used)
Step 1. Since GOM VPN connection are made to hosts "*.gomcomm.com" and "gomcomm.com", these URLs can be used in custom URL category (Objects > Custom Objects > URL Category) as follows:
Step 2. When done, either use a URL filtering profile in the security policy and set the action of this custom category to "block" in URL filtering profile or, use this custom URL category directly in security policy with the action of security policy set to "deny".
You would get "No valid URL filtering license" warnings when this custom URL category is referred in URL filtering profile and there is no URL filtering license on the firewall.
There would be no warning when this custom URL category is used directly in security policy even if there is no URL filtering license.