Blocking Access to the Hamachi Peer to Peer VPN Network
03/26/2020 
8 
11854
DESCRIPTION:
Blocking Access to the Hamachi Peer to Peer VPN Network
RESOLUTION:
Users attempting to access the Hamachi peer-to-peer VPN service can be blocked by SonicWall firewall (UTM) appliances by creating firewall access rules prohibiting all traffic to the IP address ranges used by the operators of that service. Follow these steps to block Hamachi access.
SonicOS Standard:
- Select Firewall > Access Rules.
- Click the Add a new Network Access Rule button and enter the following:
- Action: Deny
- Service: Any
- Source: LAN
- Source Address Range Begin: *
- Source Address Range End: (leave blank)
- Destination: WAN
- Destination Address Range Begin: 69.25.20.0
- Destination Address Range End: 69.25.21.255
- Click OK to add the first rule.
- Click the Add a new Network Access Rule button and enter the following:
- Action: Deny
- Service: Any
- Source: LAN
- Source Address Range Begin: *
- Source Address Range End: (leave blank)
- Destination: WAN
- Destination Address Range Begin: 72.5.76.0
- Destination Address Range End: 72.5.77.255
- Click OK to add the second rule.
Users attempting to access the Hamachi network will now receive an error from the client indicating that they are unable to connect to the proxy.
SonicOS Enhanced:
- Select Network > Address Objects.
- Click the Add a new address object button and enter the following:
- Name: HamachiRange1
- Zone Assignment: WAN
- Type: Range
- Starting IP Address: 69.25.20.0
- Ending IP Address: 69.25.21.255
- Click OK to create the new address range object.
- Click the Add a new address object button and enter the following:
- Name: HamachiRange2
- Zone Assignment: WAN
- Type: Range
- Starting IP Address: 72.5.76.0
- Ending IP Address: 72.5.77.255
- Click OK to create the new address range object.
- Click the Add a new address object group button and specify the following:
- Name: HamachiGroup
- Select both HamachiRange1 and HamachiRange2 as members and click the right arrow button.
- Click OK to create the new address group object.
- Select Firewall > Access Rules.
- Select from LAN to WAN from the matrix.
- Click the Add a new entry button and specify the following:
- Action: Deny
- From Zone: LAN
- To Zone: WAN
- Service: Any
- Source: Any
- Destination: HamachiGroup
- Users Allowed: All
- Schedule: Always On
- Click OK to add the firewall access rule.
Users attempting to access the Hamachi network will now receive an error from the client indicating that they are unable to connect to the proxy.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
