How to successfully block Psiphon VPN in the security policy

How to successfully block Psiphon VPN in the security policy

1263
Created On 05/05/22 23:29 PM - Last Modified 03/11/25 23:22 PM


Objective


To Block Psiphon VPN using firewall Security Policy.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • Decryption
  • SSL Forward Proxy 
     

Procedure


  1. Configure a Decryption profile for decrypting traffic in the desired zones.


Decryption profile

  1. Name the clone profile as Psiphon-decrypt-profile (or any name you want).
  2. Under SSL Decryption > SSL Forward Proxy:
    1. Under Server Certificate Verification:
      1. Check: Block sessions with expired certificates
      2. Block sessions with untrusted issuers
      3. Block sessions with unknown certificate status
      4. Block sessions on certificate status check timeout
    2. Under Unsupported Mode Checks
      1. Check: Block sessions with unsupported versions
      2. Block sessions with unsupported cipher suites
  3. Commit the changes.
     
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNqtCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail