Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tino_p
Staff
Staff

Created on ‎02-19-2024 09:57 PM

Article Id 300189

Technical Tip: How to block sending files via the Zalo application while still allowing the chat

Description This article describes how to block sending files via the Zalo application while still allowing the chat. Zalo has some dedicated servers to store files, so it is necessary to find their IP addresses to block them on a Firewall policy.
Scope FortiGate, Zalo.
Solution
  1. Open Wireshark on the client's computer, sending big files via Zalo. Collect the server's IP address in Statistics. Zalo has several servers, so it is necessary to repeat a few times (with different file types, and different recipients) to collect enough IP addresses.

 

ws1.PNG    

ws2.PNG

  

ws3.PNG

 

  1. Add those IP addresses to the Firewall address, and address group.

 

add_grp.PNG

 

  1. Define a Firewall policy to Deny traffic based on the Zalo server's IP (as Destination).

 

fw_policy.PNG

  1. As a result, the Zalo application cannot send files anymore. However, the chat/text is still able to be sent out.

 

zalo.PNG

 

The denied traffic is also logged in the Firewall:

 

logs.PNG
335
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.