Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8799
Views
10
Helpful
28
Replies

block psiphon application on source fire.

chawkideeb
Level 1
Level 1

‎06-22-2016 12:07 AM - edited ‎03-12-2019 06:02 AM

Dears,

I have a firewall with software source fire.

license : ips + application + url filtering

i blocked everything related to facebook , youtube , some vpn ,etc... and all is okey.

There is an application ( PSIPHON) that users install it on their mobile and on their laptops or PCs .And through this application they can open facebook,youtube,etc...

All users are using it and bypass the Firesight rule.

 

https://psiphon.ca/en/download.html

 

this application will open a VPN session through the internet and it is available on android and now as a portable version for windows desktop.

Do you have any idea oe a step-by-step  on how to stop the above application?

thanks in advance...

please send me the answer on chawki.dib@bmbgroup.com

Best Regards,

 

Chawki Dib

4 people had this problem
Labels:
0 Helpful
28 Replies 28

yogdhanu
Cisco Employee
Cisco Employee

‎06-22-2016 12:39 AM

Hi Chawki,

You can try to use the application block on firepower to block proxy application. There is a application detector for Psiphon in there.

You can either try to block that or block the whole category VPN, proxy/anonymiser category itself which blocks the proxy apps.

Rate if helps.

Yogesh

chawkideeb
Level 1
Level 1
In response to yogdhanu

‎06-22-2016 12:54 AM

Dear,

 

Thank you for your quick response.

 

Can you tell me which starting version of the firesight/firepower the psiphon application is there?

Because I cannot detect it.

 

My current version is firesight :  5.4.1

ASA 5506-x

Firepower = software not hardware module

 

So i can do the upgarde and tell you if the above will solve my issue.

Thanks in advance…

0 Helpful

yogdhanu
Cisco Employee
Cisco Employee
In response to chawkideeb

‎06-22-2016 01:00 AM

Hi

Please update the VDB to latest. I am running VDB 270 which has this application.

Rate if helps.

Yogesh

chawkideeb
Level 1
Level 1
In response to yogdhanu

‎06-22-2016 01:06 AM

Dear Yogdhanu,

As i understand from you.

it is not necessary to upgrade my firesoght and firepower version.

what i need to do just update the VDB.

can you tell me from where can i get the VDB latest version and how i can upgrade it?

thank you

0 Helpful

yogdhanu
Cisco Employee
Cisco Employee
In response to chawkideeb

‎06-22-2016 01:19 AM

Navigate to System>updates and download the update. It will download the latest VDB update.

Install it and then push the policies once more.

0 Helpful

chawkideeb
Level 1
Level 1
In response to yogdhanu

‎06-26-2016 08:10 AM

Dear ,

I updated the VDB to the latest version (270),and I can see psiphon application and proxy/anonymizer,

I created a rule to block the above, but with no success.

all the users still can open psiphon.

any idea? please?

your quick feedback is appreciated.

thanks in advance...

0 Helpful

Jetsy Mathew
Cisco Employee
Cisco Employee
In response to chawkideeb

‎06-26-2016 09:08 PM

Hello Chawkideeb,

If you already updated the VDB version and still doesnt work then we need to open a TAC request to verify which policy the rule hits and we also need the pcap for this traffic to verify why its not hitting the rule.

In version 5.4.1 and 5.4.1.1 few bugs are there .It would be great if you can upgrade this to a stable 6.0.1.1 version and check the same.

Regards

Jetsy 

0 Helpful

chawkideeb
Level 1
Level 1
In response to Jetsy Mathew

‎06-27-2016 12:01 AM

dear jetsy,

thank you for your response.

I will try to open a tac case, otherwise I will upgrade the firesight and the firepower to the latest version and get back to you.

thank you...

 

0 Helpful

Mohamed Abdallah
Level 1
Level 1
In response to chawkideeb

‎08-23-2016 06:37 AM

Dear Chawkideeb,

Did you succeed to block the PSIPHON via ASA Firepower ?

Regards

Mohamed

0 Helpful

chawkideeb
Level 1
Level 1
In response to Mohamed Abdallah

‎08-23-2016 11:42 PM

Hi,

I did an upgrade to the latest version 6.0.1.1 and VDB also 271.

But I couldn't stop the phsiphon application.

a TAC case was opened (3 days ago) and I am still waiting their feedback (they asked me to provide show-tech and firepower/firesight troubleshooting files.

once the issue was solved I will inform you.

 

thank you

Best Regards,

Chawki Dib

0 Helpful

chawkideeb
Level 1
Level 1
In response to chawkideeb

‎09-29-2016 03:31 AM

Dears,

Kindly note that the cisco engineer inform me that it is a bug and that cisco developpers are working on it.

once done they will put on cisco website a new VDB version.

so we should wait

best regards,

chawki dib

0 Helpful

ccg-security
Level 1
Level 1
In response to chawkideeb

‎10-04-2016 08:49 PM

Hi Chawki,

We have the same situation. Do you have any update on cisco TAC?

Thank you and Best Regards!

0 Helpful

chawkideeb
Level 1
Level 1
In response to ccg-security

‎10-08-2016 06:23 AM

Hi,

the Cisco TAC told me that this is a bug and that cisco developpers are working on.

we should wait till the next VDB update to install it and try it.

my current VDB is 271

 

best regards,

chawki dib

0 Helpful

ccg-security
Level 1
Level 1
In response to chawkideeb

‎10-09-2016 06:15 PM

Hi chawki,

Did you already follow up cisco TAC about the update?

Best Regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card