Is there anyway to disable/stop SSL VPN on a firewall without doing SSL inspection?
My firewall is capable of doing this with inspection but I need this done without due to regulations.
1
- you might want to tell us what firewall you're using?LHWizard– LHWizard2017-10-26 02:22:56 +00:00Commented Oct 26, 2017 at 2:22
Add a comment |
1 Answer
There is no completely reliable way to restrict tunneling via SSL while allowing unrestricted SSL access to any site. Even with packet inspection it's not 100% reliable.
If you want to prevent tunneling to a specific site (eg a specific VPN) you could block connection to that site.
There are blocklists of proxies and VPNs, that may prevent tunneling to any established, known services, but wouldn't stop someone setting up "just a server somewhere".
You could proxy HTTPS but that involves breaking end-to-end security for clients and installing your own CA certificate on all client machines, and if regulations prevent inspection then they'll almost certainly prevent that kind of security/privacy violation.
- Thanks ... Those lists I would assume you need to subscribe to? Any you had good luck with?Alex– Alex2017-10-27 02:37:45 +00:00Commented Oct 27, 2017 at 2:37