Hi,
We are using in our business Meraki MX100 in a school and each user gets a bandwidth of 5 Mbps. Some students found that you can bypass the firewall and download anything you want by installing all kinds of 3rd party VPN software.
I have added the “Personal VPN” on the “Category Blocking” from “Content Filtering” but nothing happened.
Any other ideas on how I can block the use of 3rd party VPN from our WiFi users?
Most schools tend to gravitate to a software solution with a Device Management (Meraki Systems Manager as an example) installed on school purchased devices in able to fully lock down and control devices as there is not really an easy way to catch/block VPN traffic. Though, these days, even that is more of an extra level of headache as VPN’s by nature are designed to be unidentifiable traffic.
Did you try "proxy avoidance and anonymizers category? As others have pointed out you cannot simply block the ports since they all.ost all use 443 now. But the right categories should have a list that blocks the majority. Maybe check the layer 7 firewall rules to see if there is a category there too…
Any way you find to block VPNs, someone will find a way around it. You can VPN out on port 443 now which you don’t have a way of blocking.
VPNs will not bypass bandwidth limits. That’s about all you have.
This is the same issue we face with a lot of educational clients, students find a vpn service that runs on 443 and well that’s about it…
We do deep packet inspection with certificates installed on their BYOD so we can see the vpns and block them but very few clients want that administrative process in place. (We use Fortigate for this)
You win some, you lose some. 