How to block hotspot shield VPN in network with WFilter NG firewall?

Hotspot shield is a popular VPN service, with free version available.  When launched, it will try to connect a lot TLS sites for traffic relaying. If you do packet sniffer with wireshark, you will see  traffic  from famous sites like “google.com, baidu.com…”. But in fact, it’s hotspot vpn traffic in the camouflage of normal TLS.

Anyway, our team has worked out a protocol pattern to block Hotspot shield traffic completely in your network. WFilter identifies Hotspot via signature matching, so no matter in which transfer type or client version, all Hotspot traffic can be blocked. Here is a protocol description of hotspot shield VPN: protocol and port range of Hotspot shield.

Below are the steps with WFilter NG firewall:

1. New a “block hotspot” app control policy.

block_hotspot_01

2. Set “Hotspot shield” to “Deny”.block_hotspot_02

3. That’s all. Now hotspot shield will never be able to connect.

hotspot_blocked

4. The blocking event in WFilter NG firewall.

block_hotspot_03

Please note: all WFilter products can support blocking of hotspot shield, including WFilter NG firewall and WFilter Enterprise.