06-22-2016 12:07 AM - edited 03-12-2019 06:02 AM
Dears,
I have a firewall with software source fire.
license : ips + application + url filtering
i blocked everything related to facebook , youtube , some vpn ,etc... and all is okey.
There is an application ( PSIPHON) that users install it on their mobile and on their laptops or PCs .And through this application they can open facebook,youtube,etc...
All users are using it and bypass the Firesight rule.
https://psiphon.ca/en/download.html
this application will open a VPN session through the internet and it is available on android and now as a portable version for windows desktop.
Do you have any idea oe a step-by-step on how to stop the above application?
thanks in advance...
please send me the answer on chawki.dib@bmbgroup.com
Best Regards,
Chawki Dib
06-22-2016 12:39 AM
Hi Chawki,
You can try to use the application block on firepower to block proxy application. There is a application detector for Psiphon in there.
You can either try to block that or block the whole category VPN, proxy/anonymiser category itself which blocks the proxy apps.
Rate if helps.
Yogesh
06-22-2016 12:54 AM
Dear,
Thank you for your quick response.
Can you tell me which starting version of the firesight/firepower the psiphon application is there?
Because I cannot detect it.
My current version is firesight : 5.4.1
ASA 5506-x
Firepower = software not hardware module
So i can do the upgarde and tell you if the above will solve my issue.
Thanks in advance…
06-22-2016 01:00 AM
Hi
Please update the VDB to latest. I am running VDB 270 which has this application.
Rate if helps.
Yogesh
06-22-2016 01:06 AM
Dear Yogdhanu,
As i understand from you.
it is not necessary to upgrade my firesoght and firepower version.
what i need to do just update the VDB.
can you tell me from where can i get the VDB latest version and how i can upgrade it?
thank you
06-22-2016 01:19 AM
Navigate to System>updates and download the update. It will download the latest VDB update.
Install it and then push the policies once more.
06-26-2016 08:10 AM
Dear ,
I updated the VDB to the latest version (270),and I can see psiphon application and proxy/anonymizer,
I created a rule to block the above, but with no success.
all the users still can open psiphon.
any idea? please?
your quick feedback is appreciated.
thanks in advance...
06-26-2016 09:08 PM
Hello Chawkideeb,
If you already updated the VDB version and still doesnt work then we need to open a TAC request to verify which policy the rule hits and we also need the pcap for this traffic to verify why its not hitting the rule.
In version 5.4.1 and 5.4.1.1 few bugs are there .It would be great if you can upgrade this to a stable 6.0.1.1 version and check the same.
Regards
Jetsy
06-27-2016 12:01 AM
dear jetsy,
thank you for your response.
I will try to open a tac case, otherwise I will upgrade the firesight and the firepower to the latest version and get back to you.
thank you...
08-23-2016 06:37 AM
Dear Chawkideeb,
Did you succeed to block the PSIPHON via ASA Firepower ?
Regards
Mohamed
08-23-2016 11:42 PM
Hi,
I did an upgrade to the latest version 6.0.1.1 and VDB also 271.
But I couldn't stop the phsiphon application.
a TAC case was opened (3 days ago) and I am still waiting their feedback (they asked me to provide show-tech and firepower/firesight troubleshooting files.
once the issue was solved I will inform you.
thank you
Best Regards,
Chawki Dib
09-29-2016 03:31 AM
Dears,
Kindly note that the cisco engineer inform me that it is a bug and that cisco developpers are working on it.
once done they will put on cisco website a new VDB version.
so we should wait
best regards,
chawki dib
10-04-2016 08:49 PM
Hi Chawki,
We have the same situation. Do you have any update on cisco TAC?
Thank you and Best Regards!
10-08-2016 06:23 AM
Hi,
the Cisco TAC told me that this is a bug and that cisco developpers are working on.
we should wait till the next VDB update to install it and try it.
my current VDB is 271
best regards,
chawki dib
10-09-2016 06:15 PM
Hi chawki,
Did you already follow up cisco TAC about the update?
Best Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide