Wireless Access

I'm trying to understand deep packet inspection more.  let's say you have a wifi client on your network and you only allow 80 and 443 out to the internet.  Let's say that a wifi client has Openvpn installed on their device and it is configured to connect to 443 at the remote site.  Just curious if the Aruba controller is smart enough to say, "aha, that is openvpn-type traffic even though it just looks like TCP 443 traffic"  ...hope that makes sense.

It is supposed to detect the OpenVPN handshake.  It is possible that other VPNs with the same handshakes will be blocked as well.

I personally have not tested the different flavors of OpenVPN with Apprf.

Thanks.  It's supposed to block the handshake regardless of the destination port and tcp/udp?  If I get around to testing it I'll post my results back on this post, thanks.

Ok, FWIW I got around to testing this and it appears that if you use an application firewall rule and specify block "openvpn" it will NOT block my android phone running OpenVPN connect app which connects outbound on port TCP443 (so it slips past most firewalls).  I was hoping this next-gen Aruba firewall would be smart enough to sniff out OpenVPN traffic over TCP 443 outbound but apparently not unless somebody knows some other trick/setting I'm issing?  Thanks.

Can you open a TAC case so we can  take a look at your setup?

Before calling TAC, I tinkered some more and after tinkering some more I got it working so I apologize: the next-gen firewall IS smart enough to block OpenVPN on TCP 443 outbound, cool.

Can you please detail your policy and client setup, so others can benefit?

Great!  That make you the expert, so please share what you did.