FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Enabling the UltraSurf IPS signature to detect and prevent any generic https proxy connections.
Components
All FortiGate units.
IPS definitions update version 2.521 or higher
Steps or Commands
Ultrasurf is the latest proxy surfing technology that can get around most firewall installations. Fortinet has an IPS signature to detect and block Ultrasurf connection attempts. To do this, ensure you have IPS definitions update version 2.521 or higher. To check the version, on the FortiGate unit, go to System>Dashboard, and check in the License Information for the IPS Definitions version.
Enabling the IPS signature to block Ultrasurf
In FortiOS 3.0 MR5
Go to Intrusion Protection>Protocol Anomaly>p2p_decoder.
Select Enable for the Ultrasurf signature.
Select Configure and change the action as required.
Select OK.
In FortiOS 3.0 MR6
If the IPS sensor is configured to enable all signatures then nothing has to be done, if you are using all_default sensor use the following steps.
For more information on IPS sensors, see the related article IPS signatures in FortiOS 3.0 MR6.
Go to Intrusion Protection>IPS Sensor.
Select Edit for the all_default.
Select Add Pre-defined Override button.
Click in the Signature field.
Select the filter icon in the name column.
Select Name, then Enable, and enter a filter name of Ultrasurf.
Select the Ultrasurf signature and select OK.
Select Enable for the signature, and block.
Select OK.
Ensure that the protection profile has this IPS group selected and enabled.
