Sophos Firewall v19: How to configure block UltraSurf Application on Sophos XGS v19.

1.Overview

Ultrasurf is a proxy application, it is a program designed to allow users to bypass security devices such as firewalls with web filters and application filters to surf the Internet without restrictions with configured policies as to be able to access a website that has been blocked by the firewall,…

This article will guide you how to configure block Ultrasurf application on Sophos XGS, not for users to use to bypass configured web policies.

2.Instructions

Step 1: Configure Application Filter.

Log in to the admin interface of Sophos XGS> Protect > Applications > Application Filter > Add.

Name: Enter the name of the application you want to block. Click Save.

Click on the application name you just created. Click Add.

In the Name section, click the filter icon. Enter the name Ultra in the Name contains section. Click Apply.

Click choose UltraVPN và UltraSurf Proxy.

Action: choose Deny. Click Save.

Next, click Save.

Step 2: Configure Web Policy.

On the Sophos XGS admin interface > Protect > Web > Policies > Add Policy.

Name: Enter the name you want. Click Add rule.

Under Activities select Add New item:

  • User Activity: select Not Suitable for Schools; Not Suitable for the Office.
  • Web Category: choose Anonymizers, IPAddress, Jobs Search, None, ParkedDomain, Peer-to-peer & torrents, Spam URLs, Spyware & Malware, Unauthorized Software Stores, Uncategorized.

Under Action: select Block HTTP and Block HTTPS

Click Save.

Go to General Settings tab > HTTPS decryption and scanning.

Click to select Block unrecognized SSL protocols and Block invalid certificates.

Click Apply.

Step 3: Configure SSL/TLS inspections

Note: To use SSL/TLS inspections, users need to have Sophos’ SSL certificate installed on device.

On the Sophos XGS admin interface > Rule and Policies > SSL/TLS Inspection Rule.

Click ON SSL/TLS inspection > Add.

Fill in the following parameters:

Rule name: Enter the name you want

Action: select Decrypt.

Decryption Profile: select Add.

Enter a name for the Decryption Profile and select the Drop parameters as shown below. Click Save.

Source zones: select LAN

Destination and services: select WAN

Click Save.

The SSL/TLS Inspection rule has been created.

Step 4: Create Firewall Rule.

On the Sophos XGS admin interface > Rule and Policies > Firewall Rules > Add firewall rule > New firewall rule.

Source zones: select LAN

Destination and services: select WAN

Services: You should choose the necessary services and should not leave Any.

Web policy: select the “Block UltraSurf Web” policy created in step 2.

Click Block QUIC protocol and Scan HTTP and decrypted HTTPS.

Identify and control applications (App control): select “Block UltraSurf App” created in step 1.

Click Save.

Step 5: Check the results

On the user device install the UltraSurf application.

UltraSurf will show the status as Connecting….and the user will not be able to access any website

When turning off UltraSurf users can access the internet normally.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.