This article describes how to block the Psiphon application by enabling DPI-SSL Client, and app control signatures.
Psiphon is a circumvention tool from Psiphon Inc. that utilizes VPN, SSH and HTTP Proxy technology to provide uncensored access to internet content. Psiphon does not increase online privacy and should not be considered or used as an online security tool.
NOTE: In some cases, Psiphon 3 will continuously keep connecting and disconnecting. During this time the end-user will not be able to connect to external websites or be able to manage the firewall. This is due to Psiphon modifying the end-users proxy settings which are used to access the network. If the Psiphon application does not exit properly it may not correctly restore the original proxy settings which will prevent access to the network.
To block Psiphon:
Enable DPI-SSL Client Inspection. Enable DPI-SSL Client Inspection by going to the Manage tab and then to Deep packet Inspection | SSL Client Deployment and selecting Enable SSL Client Inspection. Ensure that IPS, GAV, Spyware, and Application Firewall are selected.
Enable App Control "Psiphon" signatures, all. Enable all Psiphon application signatures by going to the Manage tab and then to Rules | Advanced Application Control. Select the category PROXY-ACCESS and application Psiphon. Configure the application to be blocked and logged.
Enable (block) App Control "Encrypted Key Exchange" Random Traffic for TCP (SID 5) and UDP (SID 7).
Enable (block) App Control "SSH -- Client Request Outbound" (SID 10097), or alternatively, create Access Rule to block outbound TCP/22 SSH Service from this LAN->WAN.
Enable (block) App Control "HTTP Protocol -- Range Header" (SID 6872).
Enable App Control "ISAKMP" signatures, or create Access Rule to block outbound udp/500 from LAN to WAN (IPSec VPN mode).
Enable App Control "Google QUIC" signatures.
Create Access Rule to block outbound TCP/53 (DNS) from LAN to WAN.
Create Access Rule deny rule outbound UDP/53 (DNS) from LAN to WAN, and a second, allow rule to permit all necessary DNS traffic, but only to known good DNS servers being used;
Create Access Rule to block all outbound UDP ports below 1025 from LAN to WAN, with exception noted above;
In some cases, to fully block Psiphon please contact Technical Support and request hot fix 151710.
There are two ways to contact technical support:
1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case.
2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.