How to block Nord VPN from connecting

Description

In testing we see that app control is not currently able to block Nord VPN due to the dynamic nature of Nord's VPN services used. 

Cause

The domain Nord VPN uses to connect via SSL is randomized so it makes blocking the TLS client hello more difficult. If DPI SSL is enabled the connection will fail but this is due to certificate pinning. Additionally the Nordlynx signature is not currently a part of App Control which rides on UDP port 51820. 

Resolution

Create a DENY policy for UDP port 51820. In lab testing the VPN will not connect if access to this port is denied. 

Related Articles

  • Remediation Playbook
    Read More
  • SonicWall NetExtender 10.3.4 – “SonicWall NetExtender service does not respond!” Error
    Read More
  • SSLVPN user sessions timeout after upgrading to NetExtender version 10.3.5
    Read More

Categories

Firewalls
NSa Series
Firewalls
NSsp Series
Firewalls
TZ Series
not finding your answers?
Ask the Community
Chat