Torrent traffic: maybe with a good L7 filter (not tried this myself). But HTTPS proxies and SSL VPN's.... forget about it. It's a game of whack-a-mole. As soon as you squash one, three more will pop-up. You can't block SSL. You'd need to get a real web filtering solution and by that I mean a service that constantly updates with new content and category definitions. Barracuda, Iron Port, Websense, to name a few companies. It's still a game of whack-a-mole but you're paying them to do it. It still won't get them all but it will get you hopefully into the 99% range.
There would likely still be outliers, SSH tunnels and people clever enough to setup tunnels on non-standard ports and protocols that wouldn't be monitored. I'd be happy to be wrong and welcome a correction from someone who knows more about it on this list (there are plenty of them). On Tue, Mar 24, 2015 at 5:12 AM, Rizwan Saeed <[email protected]> wrote: > Hi Guys, > > > > I am managing a 1000+ university network. pfsense is working fine. The > only problem I have is that the students bypass all the security with web > vpn’s and free https proxies. So I would like to know that if there is an > effective way to block https web proxies, web based VPN and encrypted > torrent traffic? > > > > Regards, > > Riz > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold >
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
