Skip to main content
Fullmoon
Fullmoon
New Member
February 16, 2017
Question

psiphon

  • February 16, 2017
  • 5 replies
  • 29391 views
now the headache backs again, anyone does the trick on how block psiphon? Im using  FGT 1000C and FGT 92D running in FOS 5.4.3 and 5.2.10 seems psiphon able to bypass. applied ssl deep inspection (select all ports), blocked botnet p2p and proxy under app control, blocked web proxy under web filter profile, even limits the service to http/s and dns still no glory.   anyone willing to share their tricks on how to block psiphon? thanks  IPS Definitions Version 10.00070 IPS Engine Version 3.00299

5 replies

hmtay_FTNT
Staff
hmtay_FTNT
Staff
February 22, 2017

Hello,

 

Can you update your IPS Definition to 10.00071 or above. An update on the Psiphon signature was released in 10.00071 to cover the recent update. 

 

On the same topic, with IPS Engine 3.00299 and FortiOS 5.4 and above, our Psiphon signature does not require SSL deep-inspection anymore. We have added a new feature into the engine that allows us to block it without deep inspecting the packet.

nawaysa
nawaysa
New Member
March 20, 2017

I have update IPS and FOS but still Psiphone can bybass the fortigate?? any help please

 

hmtay_FTNT
Staff
hmtay_FTNT
Staff
March 20, 2017

Did you enable certificate-inspection or deep-inspection? Can you show me the output to the CLI command "diagnose autoupdate versions? Can you send me your configuration file in a PM? Thanks.

 

HoMing

juanchonica
juanchonica
New Member
August 7, 2017

the only way is apply ssl deep inspection and install certificate in ALL computers in your network

Itsmejerry04
Itsmejerry04
New Member
December 6, 2018

The speed of the service is certainly acceptable, If you want to block this Psiphon VPN, you will must to block all VPN which are not yours.

juancava
juancava
New Member
December 17, 2018

Any update on this? I have a FortiGate 500D with deep inspection. All clients have to use a certificate, but I can't block psiphon, even if it is blocked in application control. I'm managing a high school, and this is starting to become a very big problem.

Ashik_Sheik
Ashik_Sheik
New Member
June 18, 2019

Hi 

 

Any suggestions to block psiphon we can't use deep packet inspection due to current firewall architecture .

 

 

Shehroz
Shehroz
New Member
July 2, 2019

I have same issue since i install fortigate i'm unable to block psiphon vpn app but in the logs section of app control and web filter it is continue blocking but in the actual users are able to connect through psiphon on pc as well as on mobile using corporate wifi network. I was using fortiOS 5.6.8 and yesterday have upgraded to 5.6.9 but issue is the same it is showing block in app and web but not blocking in actual..

 

Any expert can give lead pl

geekmooc
geekmooc
New Member
July 28, 2020

want to know that, too

thanh
thanh
New Member
November 26, 2020

My problem is someones are using proxy/vpn mobile apps to access social media sites (like youtube and facebook), i can't find any way to restrict its !

Terms & ConditionsAccessibility statement