Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1388
Views
5
Helpful
3
Replies

Block incoming traffic from known VPN providers

dporod
Level 1
Level 1

‎07-30-2020 11:59 AM

Hi all, is there a way to block incoming traffic from known VPN providers? I see that URL filtering has a Proxy avoid and Anonymizers category that I could use in an ACP rule, but would that work for incoming traffic?

0 Helpful
3 Replies 3

Mohammed al Baqari
Level 11
Level 11

‎07-30-2020 08:07 PM

In ACP, you can create a policy to match VPN apps. This will be better than URL filtering unless the VPN software of your interest isn't listed in the apps. It will take couple of packets before identifying appID and blocking the connection. 

 

Both URL filtering and application filtering work for both inbound and outbound connections. 

 

***** please remember to rate useful posts

dporod
Level 1
Level 1
In response to Mohammed al Baqari

‎07-31-2020 04:35 AM

Hi, thanks for the reply. I don't understand how the application filtering would apply. Wouldn't the traffic between the VPN provider and the FTD look like "normal" traffic with no VPN application involved?

 

 

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to dporod

‎07-31-2020 06:43 AM

AppID uses signatures to detect this traffic. They look for CNs in cert
names, handshakes, traffic patterns etc
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card