-1

Bypass Palo Alto company firewall

posted
by
Avatar
martijn79@alien.topB
in
Avatar
main@selfhosted.forum
12 comments
hidereport

Hello,

My company is using a palo alto firewall which replaces the SSL certificate for every HTTPS site by a company generated one. I used to bypass internet filtering by creating a SSH tunnel with Putty (I am local admin and can run Putty on my laptop) and run it on port 443. Then add a socks proxy in my browser setting and I was done. No more SSL filtering and I could access any website.

But now the firewall is blocking this as well. SSH to port 443 is not working anymore.

I tried this: https://hacktr.org/blog/2020/01/01/ssh-tunneling-over-https/ but it didn’t work either.

I also tried this: https://mariobrandt.de/archives/technik/ssh-tunnel-bypassing-transparent-proxy-using-apache-170/

But no go as well.

This has to be possible some way, by proxying apache to SSH using a letsencrypt cert. I tried to add a LE cert but the problem is when apache proxies to SSH it changes to IP ad the firewall blocks that step.

Any idea how to solve this?

Sort:
HotTopControversialNewOld
Avatar
thekrautboy@alien.topB
1 point

You wont like to hear this but: Dont do this. Do not try to circumvent protections that company IT has put in place. You will find yourself in a meeting with IT and HR much quicker than you think.

You have 3 options:

  • Stop doing what youre trying to do

  • Talk to IT and see if they would make exceptions for you

  • Keep attempting this and risk losing your job

You might want to bookmark a sub like /r/LegalAdvice for the future, good luck! /r/SysAdmin and /r/CyberSecurityAdvice can probably also tell you to stop doing this.

permalink
report
reply
Avatar
mrkesu@alien.topB
2 points

This has nothing to do with selfhosting, this is a 100% security/hacker related question.

permalink
report
reply
Avatar
Brent_the_constraint@alien.topB
2 points

I really hope you get a warning for the behaviour… you are endangering the company and explicity circumvent policies… this is not OK.

Do this on your own equipment, not behind a company firewall.

permalink
report
reply
Avatar
lilolalu@alien.topB
1 point

When I was working in companies with very restrictive firewalls and needed to access my homeserver via SSH, I was using TOR browser (which exists as portable versions so you need to install anything which you are not allowed to). TOR Browser creates a socks proxy, which you can then use from kitty/putty ssh (which also have portable versions) to dial out.

permalink
report
reply
Avatar
AdrianTeri@alien.topB
2 points

Stop trying to access non-related work things on corporate networks! Use you own travelling router/mobile tethering etc

If you’re abusing this policy also now anything you do/create on “their” computers is/can be visible to them and in the case of creation they can claim IP!

permalink
report
reply

Self-Hosted Main

!main@selfhosted.forum

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

For Example

  • Service: Dropbox - Alternative: Nextcloud
  • Service: Google Reader - Alternative: Tiny Tiny RSS
  • Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Community stats

  • 17

    Monthly active users

  • 1.8K

    Posts

  • 11K

    Comments

Community moderators