i have 81F and i trying to block psiphon pro but no luck, i tried
blocking from application control
web filter
also blocking Quic,IKE,ISAKMP
logs showing blocked psiphon and those protocols but still i can access blocked websites and apps??
Psiphon will iterate over a list of vpn endpoints until it finds one it’s able to connect to. Sometimes over normal tcp/443 and endpoints hosted in cloud services like aws and Akamai.
In order to detect it you need to be doing full ssl inspection to detect the app signature.
In application control, quarantine instead of block, even if it’s only for 5 minutes. It will trigger on a detected connection, but will be quarantined when it keeps trying different methods. It may still rarely connect, but it will be much more effective.
cant install certs on mobile devices, no other way??
As it loops over the list of endpoints, there’s a good chance that some of the failed connection attempts will be picked up by app control as psiphon.
So the manual method may be to monitor app control logs and check which users have tried to use psiphon and go hit them with a stick.
No mdm to distribute ssl proxy certs?