|
 |
Sonicwall Signatures
Go to All Categories list. Go to All Applications list.
Application: PsiphonPsiphon is a free, anonymizing web proxy client that enables users to bypass firewall controls. The most recent version has several modes of operation including SSH-PLUS, VPN, and SSH. To block Psiphon:
(1) Enable DPI-SSL Client Inspection;
(2) Enable App Control "Psiphon" signatures, all;
(3) Enable App Control "Encrypted Key Exchange" Random Traffic for TCP (SID 5) and UDP (SID 7);
(4) Enable App Control "SSH -- Client Request Outbound" (SID 10097), or alternatively, create Access Rule to block outbound TCP/22 SSH Service from this LAN->WAN;
(5) Enable App Control "HTTP Protocol -- Range Header" (SID 6872);
(6) Enable App Control "ISAKMP" signatures, or create Access Rule to block outbound udp/500 from LAN to WAN (IPSec VPN mode);
(7) Enable App Control "Google QUIC" signatures;
(8) Create Access Rule to block outbound TCP/53 (DNS) from LAN to WAN;
(9) Create Access Rule deny rule outbound UDP/53 (DNS) from LAN to WAN, and a second, allow rule to permit all necessary DNS traffic, but only to known good DNS servers being used;
(10) Create Access Rule to block all outbound UDP ports below 1025 from LAN to WAN, with exception noted above;
|
 |
|