FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rpmadathil_FTNT
Article Id 196608
Description
This document explains how to block Ultra surf proxy software for all the FortiOS running 5.0.x, 5.2.x.

Solution

Step 1:

In application control enable the below application list;

Go to Security profiles > Application control > Create new

-ultra surf

-ultrasurf 9.6 +

-Freegate.Searching

- or add all the proxy (if you need to block all the proxy based application)

 Refer the screenshot for 5.0.x

Refer the screenshot for 5.2.x


 

 Step 2:

Make sure that the FortiGate has the latest IPS definitions. Execute the below commands to get the latest definitions;

#execute update-now

Step 3:

Apply the created Application control profile in the firewall policy used.

Go to Policy&Objects >  Policy > edit policy used > Enable Application control > Select the profile create in step 1.


Step 4:

Most proxy application such as ultrasurf, Tor use port 443 to communicate with the servers. To block the application you need to you need to enable SSL inspection.

Enable SSL inspection profile in the firewall policy involved. Make sure that HTTPS is enabled. Refer the below steps to create an SSL inspection profile.

>   Go to Policy > Policy& objects > SSL/SSH Inspection.

 >  In the Name field give the profile a name.

Ø  Enabling SSL protocol ports for HTTPS.

Step5 :

These signatures detect some DNS queries. So, if you are using an internal DNS server, you also need to apply them in the policy for the traffic from the computers running Ultrasurf to the DNS server.

 Your computers running Ultrasurf may have cached one Ultrasurf server's IP address. You can clean it up by deleting the temp folder "utmp" in the folder where Ultrasurf program is and Ultrasurf temp files in "C:\Documents and Settings\your windows account\Local Settings\Temp". The temp files' name is random. If you don't know which are Ultrasurf temp files, you'd better delete all files in this folder.

Step 6:

Flush the DNS from the PC's using the below command;

 c\>ipconfig/flushdns


Contributors