How to block Nord VPN from connecting

Description

In testing we see that app control is not currently able to block Nord VPN due to the dynamic nature of Nord's VPN services used. 

Cause

The domain Nord VPN uses to connect via SSL is randomized so it makes blocking the TLS client hello more difficult. If DPI SSL is enabled the connection will fail but this is due to certificate pinning. Additionally the Nordlynx signature is not currently a part of App Control which rides on UDP port 51820. 

Resolution

Create a DENY policy for UDP port 51820. In lab testing the VPN will not connect if access to this port is denied. 

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Firewalls
NSsp Series
Firewalls
TZ Series
not finding your answers?
Ask the Community