Summary
This article explains the steps needed to block the X-VPN application from connecting.
Problem
X-VPN can be used to circumvent the Web Filter, this means users can access website that would otherwise be blocked.
Solution
To successfully block X-VPN you need to set up both a Firewall rule and a HTTPS inspection rule.
X-VPN uses a range of different ports to connect (including Port 21 & 25) unfortunately this range changes quite often. Therefore, you need to have a locked down firewall to successfully block this. You should only have ports open that are absolutely required, and then have a rule at the bottom of the table to reject/drop all other traffic.
For more details on how to set up a firewall rule, visit: Using the Smoothwall Firewall
The next step is to create a HTTPS inspection policy:
- From the Guardian menu, under the HTTPS inspection submenu, click Policy Wizard.
- Add in the following attributes:
- Who - Everyone*
- What - Everything
- Where - Everywhere*
- When - Always*
- Action - Decrypt and Inspect/Validate Certificate
*Change as appropriate
Once the firewall rule and the HTTPS inspection rule have been enabled, users should no longer be able to connect to X-VPN.