FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 191482
Article
DescriptionUsers are using software to get around firewall policies. This article describes how to prevent this type of use.
Components
  • FortiGate units running FortiOS 3.0.
Steps or Commands

Use FortiGuard Web Filtering options in the protection profile to block this type of software, referred to as proxy avoidance.

To configure the web filtering

  1. Go to Firewall> Protection Profile.
  2. Select edit for a protection profile.
  3. Select the blue arrow for FortiGuard Web Filtering to expand the options
  4. Select the blue arrow for Potentially Liable to expand the options.
  5. Locate Proxy Avoidance and select Block.
  6. Select Log to log any blocking actions if required.
  7. Select OK.

Remember to include the protection profile in a firewall policy if it is not already used.

Note: You can use the IPS signature HTTP.Proxy.Activity to detect proxy servers that are not yet rated by our FortiGuard services.