How to block Hotspot Shield proxy/VPN using Advanced Application Control
11/21/2024 35 People found this article helpful 491,575 Views
Description
Hotspot Shield from AnchorFree is a proxy application to bypass firewall restrictions. This article describes how to block Hotspot Shield using App Control Advanced.
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Login to the SonicWall management GUI.
- Click Manage in the top navigation menu
- Navigate to the Rules | Advanced Application Control page.
- Check the box under Enable App Control and Click on the Accept button at the bottom to enable App Control.
- Under App Control Advanced | View Style select PROXY-ACCESS under Category;
- From the drop-down under Application, select Hotspot Shield VPN
- Click on the Configure button next to the selected Application and select Enable Block and Log.
- Block SID’s 5 & 7 for Encrypted Key Exchange under Signatures as well.
Enabling Application Control on zones
- Navigate to Network | Zones
- Click on the configure button under the zone where you want App Control enabled.
- Check Enable App Control Service.
Note : DPI SSL should be enabled to block Hotspot shield VPN
- Login to the SonicWall management GUI.
- Click POLICY in the top navigation menu
- Navigate to the DPI-SSL | Client SSL page.
- Click Enable SSL Client Inspection & Application Firewall.
- Navigate to Common Name page & make sure there are no custom common names.
- If present then delete those.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
- Login to the SonicWall management GUI.
- Navigate to the Firewall | App Control Advanced page. In Gen5 TZ 100/W & 200/W devices this page is under Security Services | App Control
- Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
- Under App Control Advanced | View Style select PROXY-ACCESS under Category;
- From the drop-down under Application, select Hotspot Shield.
- Click on the Configure button and select Enable under Block and Log.
Enabling Application Control on zones
- Navigate to Network | Zones
- Click on the configure button under the zone where you want App Control enabled.
- Check Enable App Control Service.
- Under App Control Advanced | View Style select PROXY-ACCESS under Category;
- From the drop-down under Application, select Hotspot Shield VPN
- Block SID’s 5 & 7 for Encrypted Key Exchange under Signatures as well.
Note : DPI SSL should be enabled to block Hotspot shield VPN
- Login to the SonicWall management GUI.
- Click POLICY in the top navigation menu
- Navigate to the DPI-SSL | Client SSL page.
- Click Enable SSL Client Inspection & Application Firewall.
- Navigate to Common Name page & make sure there are no custom common names.
- If present then delete those.
Related Articles
Categories
Was This Article Helpful?
YESNO