Both UDP

HIi @DarrenOC, please could you be more specific? I can't understand you

Hi @cyriel95 , something along the lines of the below config.  Lets say your internal users subnet is 10.10.10.0/24 the rule should block any traffic from that subnet using ports 500 and 4500 which are the typical VPN ports.

don't understand

is this your office firewall?

That rule after rule 26 is an explicit Allow Any Any.  You're pretty much wide open with that still in place.  Would be worth adding in an explicit Deny Any Any rule in before it.

As you have access to the Outbound Firewall rules below your inbound I would also apply the vpn rules to your outbound rules also.  Where you've configure Any for Source subnet can you not be more specific and tie this down just to your internal data subnet?

@DarrenOC  I assume they are using something like hotspot shield which doesn't use conventional VPN ports. These are a nightmare to block as they use HTTPS and they add and decomission servers on a daily basis making it very hard for vendors to keep up.

I have found they often spoof being other traffic i.e. Paypal, snapchat, facebook.

Hi @BlakeRichardson , I guess tighter admin controls on the end user machines to stop them utilising/installing such features?

@DarrenOC  Yea the the best method. Only issue if its user owned devices i.e. students. 

hi @DarrenOC & @BlakeRichardson 

the administrative contract is strict, users do not have to install any program. But they filter through web browsers. What calls into question our safety rules.

This is something that will have to be defined on a higher (management) level:

Either you're further controlling your client infrastructure (technologically better decision) or try to control it via (network / security) infrastructure built around those clients (which will fail in the long run).

Best way of course would be having controls on both sides of that table. 🙂