Description
OpenVPN software solutions are rather easy to setup by users of a private network, and could be utilized to bypass security policies within your organization.
There are several ways how to prevent unwanted communication through such applications, and this article shows an example how to block well known applications of this type on a FortiGate unit.
Scope
FortiGate 4.0 MR3
FortiGate 5.0.x (MR0)
Solution
To protect you network, following steps can be followed to block Free OpenVPN software utilities.
1. Go to: UTM Security Profiles -> Application Control -> Application Sensor
Create a new application sensor and give it a name for example "OPENVPN", and then add the following entries as shown below:
2. Select "Specify Applications"
3. Filter the application by name (OpenVPN)
4. Select Action > Block
5. Enable the Application Control Profile into respective Firewall Policy
6. Edit respective Firewall Policy
7. Enable Application Control and choose the Application Sensor Profile, then select Save.
