How to Block VPN apps ( Turbo, Hotspot Shield ....) on mobile devices ?

How I can block VPN apps like Hotspot Shield or Turbo VPN from working on my network ? I have a web filter, but the filter is unable to block these services because the IP addresses change so rapidly. I also blocked port 500 and 4500 but failed. I'm using a M370 with OS 12.5.1.
Many Thanks,

Comments

  • Application Control does not block these, but can block some under "Tunneling and Proxy Services"

    Some VPN app use TCP port 443, but do not use real HTTPS, so using a HTTPS proxy may help but you may need to implement deep packet inspection for this to really work.

    Some services use DNS lookups to get needed IP addrs.
    You could set up a DNS proxy, and log Query Names, which will show what DNS names are being requested for particular accesses.

  • James_CarsonJames_Carson WatchGuard Representative

    Hi @Nguyen_Dung

    Like Bruce mentioned, Content Inspection/Deep Packet Inspection (DPI) is the most effective way to block this type of traffic, as the firewall can then open and inspect encrypted HTTPS traffic. You'll also need to close the other ways this application might be able to get out.

    The article here goes over how to set up proxies on other ports, which will need to be closed, as most VPN apps will try to get out over other ports too.

    I'd suggest taking a look at this article:

    (Block Evasive Applications)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/configuration_examples/block_evasive_apps_example.html

    If you're still unable to block it, I'd suggest opening a support case so that one of our technicians can assist.

    Thank you,

    -James Carson
    WatchGuard Customer Support

Sign In to comment.