X
Pritisnite ovdje da biste otišli na mobilnu verziju stranice.

Forum podrške

How can corporations prevent users from making connections via the FPN? The FPN bypasses some of our security controls when in use.

Objavljeno

When the FPN is in use, our proxies no longer read the traffic and the thus no longer block based on category, or scan the downloads for malicious payloads. Is there a DNS entry, or URL we can block on the proxy before the FPN connection is made, that will prevent the FPN from working? If we do make such a block, perhaps towards "firefox.*.cloudflareclient.com", will that affect other aspects of FF from working?

When the FPN is in use, our proxies no longer read the traffic and the thus no longer block based on category, or scan the downloads for malicious payloads. Is there a DNS entry, or URL we can block on the proxy before the FPN connection is made, that will prevent the FPN from working? If we do make such a block, perhaps towards "firefox.*.cloudflareclient.com", will that affect other aspects of FF from working?
Citiraj

Dodatni detalji o sistemu

Aplikacija

  • Korisnički agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0

Više informacija

jscher2000
  • Top 10 Contributor
8962 rješenja 73439 odgovora
Objavljeno

Hi kevin57, I don't see any articles on this yet.

For the browser extension, which proxies via Cloudflare, have you tried disabling DNS over HTTPS to see whether that changes its behavior?

Note that the canary domain does not block "user configured" DNS over HTTPS. (See https://support.mozilla.org/questions/1279834) I don't know whether the FPN extension's use of DoH is considered user configured.

Hi kevin57, I don't see any articles on this yet. For the browser extension, which proxies via Cloudflare, have you tried disabling DNS over HTTPS to see whether that changes its behavior? * [[Configuring Networks to Disable DNS over HTTPS]] Note that the canary domain does not block "user configured" DNS over HTTPS. (See [https://support.mozilla.org/questions/1279834]) I don't know whether the FPN extension's use of DoH is considered user configured.
Je li vam ovo pomoglo?
Citiraj

Vlasnik pitanja

Thanks for the reply but FF isn't managed it's merely tolerated in the network. Even with no administrator rights, users place it on the computers and use it. With this latest feature, we may have to remove it from the network unless we can block it (FPN) outside of configuring FF itself.

Thanks for the reply but FF isn't managed it's merely tolerated in the network. Even with no administrator rights, users place it on the computers and use it. With this latest feature, we may have to remove it from the network unless we can block it (FPN) outside of configuring FF itself.
Je li vam ovo pomoglo?
Citiraj
Postavite pitanje

Morate se prijaviti na račun da biste odgovarali na poruke. Molimo postavite novo pitanje, ako još uvijek nemate račun.