How to block Hotspot Shield proxy/VPN using Advanced Application Control?

Description

Hotspot Shield from AnchorFree is a proxy application to bypass firewall restrictions. This article describes how to block Hotspot Shield using App Control.

 

NOTE: Client DPI-SSL should be applied along with App Control to effectively block the Hotspot Shield VPN application.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

To block Hotspot Shield, follow the steps below:-

  1. To enable client DPI-SSL Go to Policy tab|DPI-SSL|Client SSL, Enable SSL Client Inspection and Application Firewall.
  2. Go To Security Services |App Control, Enable App Control.
    Image

  3. Under the App Control Signatures tab, select Viewed by as Application then select Category as VPN, and Application as Hotspot Shield VPN.

    Image

  4. Edit the Application Hotspot Shield VPN to enable Block and Log.

    Image

  5. Also, make sure you Enable (block) App Control "Encrypted Key Exchange" Random Traffic for TCP (SID 5) and UDP (SID 7).

 

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

 

  1. Log in to the SonicWall management GUI.
  2. Click Manage  in the top navigation menu.
  3. Navigate to the Rules | Advanced Application Control page. 
  4. Check the box under Enable App Control and click on the Accept button at the bottom to enable App Control.
  5. Under App Control Advanced | View Style, select PROXY-ACCESS under Category.
  6. From the drop-down under Application, select Hotspot Shield VPN

    Image

  7. Click on the Configure button next to the selected Application and select Enable Block and Log.
  8. Block SIDs 5 & 7 for Encrypted Key Exchange under Signatures as well.ImageImage

 

Enabling Application Control on zones

  1. Navigate to Network | Zones
  2. Click on the configure button under the zone where you want App Control enabled.
  3. Check Enable App Control Service.
    Image

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community