Block VPN , Browser Based VPNs

anwar Lv1Posted 19 Jan 2024 15:12

Dear Community,

I have NGAF 5300-I and I am trying to block VPN applications and Browser-Based VPNs i have tried creating denial rule for VPN but it is still not blocking users from connecting VPNs.

Need your technical assistance.

Farina Ahmed has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

To effectively block VPN applications and browser-based VPNs on your NGAF 5300-I firewall, ensure that you've correctly identified and added the necessary application signatures associated with these VPN services in your denial rule. Additionally, consider implementing SSL decryption to inspect encrypted traffic, as some VPNs may use SSL/TLS for obfuscation. Update your firewall signatures regularly to stay current with emerging VPN services. Furthermore, make sure that the denial rule is placed at a higher priority in your rule set, allowing it to take precedence over other rules. Finally, monitor logs and adjust the rule as needed to maintain effective VPN blocking.
Is this answer helpful?
Newbie517762 Lv5Posted 19 Jan 2024 15:43
  
HiHi,

Sangfor NGAF Correlate with Cloud Endpoint Secure provides Anti Proxy Tools Protection.
This feature includes a range of anti-proxy applications, anonymous browsers, and VPNs.
These tools enable the creation of blocking and monitoring policies enforced by the Endpoint Secure Protect Agent.
For more information, please refer to the link provided:
anwar Lv1Posted 19 Jan 2024 15:47
  
NO, can I block vpns using firewall ?
anwar Lv1Posted 22 Jan 2024 18:35
  
still it is not blocking VPNs

Screenshot 2024-01-22 153243.png (64.94 KB, Downloads: 246)

1

1
Adam Suhail Lv1Posted 23 Jan 2024 11:28
  
i think you need to do decryption for the policy to works

Hope this help
jerome_itable Lv3Posted 23 Jan 2024 16:53
  
Blocking VPN applications and Browser-Based VPNs on a Sangfor NGAF 5300-I can be tricky, as users often find ways to circumvent basic rules. Here are some factors to consider and actions you can take to improve your blocking effectiveness:

Understanding VPN Detection and Techniques:

    Deep Packet Inspection (DPI): Most modern NGAFs use DPI to analyze traffic and identify VPN protocols like OpenVPN, PPTP, L2TP, and SSTP. However, advanced VPNs might encrypt their traffic, making DPI ineffective.
    Application Recognition: NGAF can also identify VPN applications based on known signatures or behavior patterns. However, new or obfuscated VPN apps might bypass this detection.
    DNS filtering: Blocking access to known VPN providers' DNS servers can prevent users from configuring their devices for a VPN connection.

Enhancing your Blocking Rules:

    Combine different techniques: Use a combination of DPI, application recognition, and DNS filtering for a multi-layered approach. This makes it harder for users to circumvent the block.
    Update your NGAF software: Ensure you're running the latest software version with updated signatures and detection algorithms for current VPN methods.
    Target specific applications: Instead of blocking all VPN traffic, identify and block only known VPN applications used by your users. This minimizes disruption for legitimate applications.
    Use URL filtering: Block website categories or specific URLs associated with VPN services.
    Monitor and adjust: Regularly monitor your logs and network traffic for VPN usage attempts. Refine your rules as needed to address new techniques or bypasses.

Additional Tips:

    Educate your users: Communicate the policy on VPN usage and the consequences of circumventing security measures. Encourage users to use authorized VPNs if necessary for business purposes.
    Consider user needs: If certain business functions require VPN access, create exceptions or dedicated secure access for authorized users.
    Seek expert help: If you're facing significant challenges, consider consulting Sangfor support or a network security specialist for advanced configuration and monitoring strategies.
Farina Ahmed Lv5Posted 23 Jan 2024 17:53
  
To effectively block VPN applications and browser-based VPNs on your NGAF 5300-I firewall, ensure that you've correctly identified and added the necessary application signatures associated with these VPN services in your denial rule. Additionally, consider implementing SSL decryption to inspect encrypted traffic, as some VPNs may use SSL/TLS for obfuscation. Update your firewall signatures regularly to stay current with emerging VPN services. Furthermore, make sure that the denial rule is placed at a higher priority in your rule set, allowing it to take precedence over other rules. Finally, monitor logs and adjust the rule as needed to maintain effective VPN blocking.
Tayyab0101 Lv2Posted 23 Jan 2024 19:25
  
hello,
can you please share the policy you have set for this.
Enrico Vanzetto Lv4Posted 23 Jan 2024 19:33
  
Hi, you first have to set on NGAF the application signature in order to let NGAF identify vpn traffic properly. If the vpn traffic is encrypted with sl, you have to configure SSL decryption and import SSL certificates on NGAF in order to let it analyze vpn traffic packets properly. After that, yo can define a deny policy to block this vpn traffic.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders