Procera Packet Logic works very well, also the IPOQUE Pace engine is good at
blocking as well.
Inside vpns though? Not going to happen, even with a very good DPI engine.
On March 27, 2015 1:56:26 AM AKDT, Ivo Tonev <[email protected]> wrote:
>You can block torrents with suricata. Works 100%. Install the package
>and
>activate all p2p rules.
>
>For web proxies you can use squid+(squidguard with
>http://www.urlblacklist.com/ ) and force everyone to use your proxy.
>
>On Thu, Mar 26, 2015 at 11:44 PM, Sean <[email protected]> wrote:
>
>> Torrent traffic: maybe with a good L7 filter (not tried this myself).
>> But HTTPS proxies and SSL VPN's.... forget about it.
>> It's a game of whack-a-mole. As soon as you squash one, three more
>will
>> pop-up.
>> You can't block SSL. You'd need to get a real web filtering solution
>and
>> by that I mean a service that constantly updates with new content and
>> category definitions.
>> Barracuda, Iron Port, Websense, to name a few companies. It's still
>a
>> game of whack-a-mole but you're paying them to do it. It still won't
>get
>> them all but it will get you hopefully into the 99% range.
>>
>> There would likely still be outliers, SSH tunnels and people clever
>enough
>> to setup tunnels on non-standard ports and protocols that wouldn't be
>> monitored.
>>
>> I'd be happy to be wrong and welcome a correction from someone who
>knows
>> more about it on this list (there are plenty of them).
>>
>> On Tue, Mar 24, 2015 at 5:12 AM, Rizwan Saeed
><[email protected]>
>> wrote:
>>
>>> Hi Guys,
>>>
>>>
>>>
>>> I am managing a 1000+ university network. pfsense is working fine.
>The
>>> only problem I have is that the students bypass all the security
>with web
>>> vpn’s and free https proxies. So I would like to know that if there
>is an
>>> effective way to block https web proxies, web based VPN and
>encrypted
>>> torrent traffic?
>>>
>>>
>>>
>>> Regards,
>>>
>>> Riz
>>>
>>> _______________________________________________
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>>>
>>
>>
>> _______________________________________________
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
>
>
>--
>Ivo R. Tonev
>+55 61 8409-2642
>[email protected]
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>pfSense mailing list
>https://lists.pfsense.org/mailman/listinfo/list
>Support the project with Gold! https://pfsense.org/gold
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
