Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lmelo
Staff
Staff

Created on ‎10-10-2023 04:55 AM

Article Id 276211

Technical Tip: Block a specific VPN application by using application control

Description This article describes how to block a specific VPN application by using the application control signature.
Scope FortiGate.
Solution

To prevent LAN users from using a specific VPN application, enable SSL Deep Inspection + application control profile in the firewall policy.

 

  1.  Select Security Profiles -> Application Control, select the application profile, and select 'Edit'.
  2. In the Profile, select 'Create New' under Application and Filter Overrides section.

 

2.png

 

  1. Search for the VPN Application, select the signature, and then select the button '+ Add Selected'. Repeat the process for QUIC and then as Action the option Block.

 

3.png

 

4.png

 

It is necessary to block QUIC protocol since UDP/443 is used for some applications, including some VPN applications, to avoid inspection.

 

  1. Add the application control profile to the desired Firewall policy. Also, enable SSL Deep Inspection on the Firewall policy.

 

6.png

 

Related articles:

Technical Tip: How to enable deep inspection and import a certificate in the browser

Technical Tip: How to import CA certificates into IOS mobile devices

Technical Note: How to import CA certificates into Android devices

FortiGuard Application Control 
1339
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.