Vpn's are bypassing Zero Trust policies

Hi, ive recently been notified that psiphon easily bypasses the adamnet firewall. This is after we have set up everything correctly and working over a year ago. including the psiphon blacklist subscription, and DTTS (we checked and verified THEN that it blocks VPN’S).

that being said. when starting up the app and pressing connect in psphon. and then watching the “LOG”, IT DOES SHOW THAT IT BLOCKED an attempt with the answer “psiphon neutralizer” but that is actually not the case and the vpn is fully functional. i have also tried other another proxy tool “ultrasurf” and get the same result. havent bothered to try other vpn’s as i think this is a bigger issue then only certain apps

Ive been in contact with other users of ademONE and they are experiencing the same issues. anybody else notice? what can be done to fix it?

Hi there, W.

Sorry to hear you’re having trouble with bypass tools. The good news is: The adam:ONE™ technology stack DOES SUCCESFULLY BLOCK PSIPHON & all other known bypass tools. However, if you made any error as an admin to create a hole it will find its way out. And with Psiphon (which requires only one click of a button), all break-outs from any firewall are normally described as “easy” since Psiphon automates the hard work to seek out the hole for the user. :slight_smile:

This is just one of the many use cases why the Managed Security Service plans exist (MSS / MSS+). All of our managed clients have a solid success rate in blocking ALL bypass tools (Including Psiphon, VPNs, Proxies, TOR etc.) Maintaining a secure network in a dynamic environment is unfortunately never a set-and-forget operation.

NOTE: Apart from the Psiphon Neutralizer, You have to use Adaptive AI Allowlisting, in conjunction with DTTS® (correctly configured).

Some of the most common mistakes admins make that Psiphon takes advantage of are:

  1. Permissive firewall rules.
  2. Not running Adaptive AI Whitelisting / or not running it correctly.
  3. Network configuration errors.
  4. DTTS® not properly set up.

For any users that are concerned about protecting their network / people effectively against bypass tools like Psiphon, we recommend they take advantage of the Managed Plans. All of the variables that are required is covered continuously by the assistance of our engineers and specialists under MSS / MSS+.

You could also consider doing XNS service on a per incident basis to help resolve errors that is allowing Psiphon through… But an ongoing pro-active approach under the care of MSS+ is a far more effective approach than trying to fix mistakes after they occur. So we actually don’t recommend the reactive approach. MSS+ is the way to go.

Either way, we’d love to help get you and your network secured properly. Feel free to reach out to support@adamnet.works if you need to consider moving to MSS / MSS+.