Meraki

Berihun_Addis1 · ‎Dec 17 2023

Blocked Android Clients still accessing My network by VPN like Psiphon in my Cisco Meraki devices .How can I still blocking even using this VPN in-order to prevent unauthorized clients?

alemabrahao · ‎Dec 17 2023

Unfortunately it is not possible to apply group policies to the VPN client until they are connected to the VPN.

So the only option is to try to apply it after it connects. It's not the best solution, but it should work.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

ww · ‎Dec 17 2023

Not sure if this is about client vpn or users on wifi. But if you dont want devices on your network you should use access control with something like a radius server

PhilipDAth · ‎Dec 17 2023

If I understand correctly you have Android clients bypassing security controls by using an anonymizing VPN? Have I understood correctly?

Some of these VPNs can be really hard to block.

Start by trying to block the content category "Filter Avoidance".

If that is not enough, you'll need to Google for measures others have used to specifically block whatever VPN you are targetting. Often there will be a DNS name (such as the system used to log into the VPN) that can be targetted.

I think Psiphon often uses DNS ports, so you might need to block all access to port 53 except for the specific configured name servers that the users are allowed to use.

Meraki

Community

Blocked Android Clients still accessing by VPN

Blocked Android Clients still accessing by VPN