Skip to main content
Aaron_Abrincia_Meimb
Aaron_Abrincia_Meimb
New Member
September 19, 2014
Question

Unable to block proxy application using apps control

  • September 19, 2014
  • 5 replies
  • 19095 views
Hi Engineers, Can you help me because some of our users in our production are using proxy application that are downloadable in the internet. My question is that how can I prevent from accessing them or block they' re applications. This is the link where they download applications http://en.softonic.com/s/top-10-proxy-software Regards Aaron

    5 replies

    Christopher_McMullan
    Staff
    Christopher_McMullan
    Staff
    September 20, 2014
    Aaron, You could block Proxy Avoidance as a FortiGuard webfilter category. You could also lock down your outgoing policies to only allow the basic network services, and deep scan those ports you allow: i.e., only allow NTP, DNS, HTTP, and HTTPS. Through feedback over time, you could determine any apps that need special ports open that you still allow.
    Aaron_Abrincia_Meimb
    Aaron_Abrincia_MeimbAuthor
    New Member
    September 20, 2014
    Hi Christopher, I tried the proxy avoidance category in webfilter but still can' t block those applications. I didn' t yet tried to allow just the https,https and dns because our current setup is that the policy services is set to " all" so basically its allow all the services. Here is the scenario: Our users download an application to the internet and run them automatically in their desktop computers after that is that its automatically connect them such as youtube.com which is not allowed on our company.
    Dave_Hall
    Dave_Hall
    New Member
    September 20, 2014
    Hi Aaron. What Chris McMullan suggested in his post is sound advice and considered " best practise" . Crafting your firewall policies in such a way will make administrating easier. If you divide up your fw polices based on type of traffic, you can easily see via various logs where traffic is coming from/going to, what policies are being hit (via traffic count, which source IP is taken up most of the bandwidth, etc. (attached pic is a sample of a possible fw chain standard). In your case, it' s hard to tell without knowing how your firewall policies are setup, what UTM features are used, etc., how to go about blocking those proxy connections to youtube. You may need to resort to blocking or throttling those " bad user" connections until they behave themselves.
    Aaron_Abrincia_Meimb
    Aaron_Abrincia_MeimbAuthor
    New Member
    September 21, 2014
    Thank you very much dave Attaching the screenshot of my firewall policies. Is this enough to block those proxy applications? Is this OK that my destination is set to " ALL" ? and set my services to " HTTPS" " HTTP" " DNS" Regards Aaron
    Christopher_McMullan
    Staff
    Christopher_McMullan
    Staff
    September 22, 2014
    For full protection, you would want to enable deep inspection on a webfilter profile and block Proxy Avoidance under the Potentially Liable section, and consider adding an application control sensor that blocks the Proxy category of applications. To allow certificates to continue working properly, you should also consider either allowing NTP as an additional service on your outbound policy, or configure the FortiGate as an NTP server in its own right, and only receive NTP updates on the FortiGate from the FortiGuard NTP pool.
    Adrian_Buckley_FTNT
    Staff
    Adrian_Buckley_FTNT
    Staff
    September 23, 2014
    Many Proxy applications run over HTTP/HTTPS ports. The best way to figure out how to block a piece of software would be to make a breakout firewall policy for your PC. Then enable Full UTM inspection, to block nothing and log everything. After that install this proxy software and use it. Then look at the logs to see what shows up to find out if there' s anything you can block that wouldn' t cause a problem in your network.
    Terms & ConditionsAccessibility statement