How to block Psiphon VPN application in the security policy

How to block Psiphon VPN application in the security policy

5585
Created On 05/06/22 00:26 AM - Last Modified 10/03/24 21:32 PM


Objective


Block highly evasive Psiphon VPN application in Palo Alto firewall in the security policy. 

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS 
  • App ID
  • SSL Decryption 

Procedure


  1. Configure decryption profile to be use for decryption traffic in the affected zones.  Add the certificate verification checks as seen in the image below.
           Psiphon-Decrypt-profile
  1. Add decryption policy for the zones you want to block Psiphon VPN traffic. Make sure it is a the top of the decryption policies. See image below. 
         Decryption-policy
 
  1. Configure the security policy and place it on top of the security rules. Add the following applications in the Application tab of the policy with Actions as Deny.
  • psiphon
  • quic
  • ssh
  • telnet
  • unknown-tcp
  • unknown-udp
       Psiphon-deny-sec-policy   
  1. Commit the configuration.
Note:  When the above applications are denied some of the applications may be affected if these services are used. In this case create security rule for the affected application with permit action.
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNqyCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language