Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JJM
New Contributor

To Block psiphon vpn application at Fortigate 2500E and 101F

Dear all,

Let me ask some helps from you all, i'm facing some case that i'm trying to block vpn application at our fortigate firewall, cloudflare and psiphon vpn apps:. It does not work using p2p and proxy to deny these apps:. Cloudflare is ok to deny by blocking cloudflare used ip address and ports. But, psiphon is not ok to block by choosing psiphon at application. 

 

JJM_0-1657463848542.png

 

 

Anyone have ever been? or could you pls anyone help that problem to solve?  Thanks much!

1 Solution
Yurisk
SuperUser
SuperUser

Try to find this specific application by name, not as part of some category, seems like Fortiguard have a signature for this app: https://www.fortiguard.com/appcontrol/32642

 

Pay attention to the notes - you have to block QUIC protocol altogether, and to reach 100% identification use SSL Deep inspection as well.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.

View solution in original post

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
6 REPLIES 6
Yurisk
SuperUser
SuperUser

Try to find this specific application by name, not as part of some category, seems like Fortiguard have a signature for this app: https://www.fortiguard.com/appcontrol/32642

 

Pay attention to the notes - you have to block QUIC protocol altogether, and to reach 100% identification use SSL Deep inspection as well.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
echacon
New Contributor II

It is not work that you say!!

It Specialist
It Specialist
echacon
New Contributor II

even with SSL Deep inspection!!

It Specialist
It Specialist
Khsajid

SSL Insepction Profile.jpgi tried the above setting in Deep SSL and the Psiphon is not connecting anymore 

without deep SSL inspection its not possible to block psiphon VPN.

JJM
New Contributor

thanks for your help, @Khsajid . Let me test in my lab with this setting.

psiphoniphone
New Contributor

best way to bypass the original file name with a classic firewall system and then restart the VPN its works

https://gadgetssai.blogspot.com/2017/02/psiphon-app-download-psiphon-app-for.html

https://www.thekartinatv.com/
https://www.thekartinatv.com/
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors