Blocking Ultra Surf using Application Control ultrasurf 9.6+
For updates about Application Control ultrasurf, please consult the FortiGuard Center Application Control page at www.fortiguard.com/applicationcontrol/appcontrol.html and http://www.fortiguard.com/encyclopedia/application/ultrasurf.9.6+.html
Scope
FortiOS v4.0 and above
Expectations, Requirements
In FortiGate IPS Database Version 3.00049 , ultrasurf 9.6+ application will block the following versions:
Ultra Surf 9.6-Ultra Surf 11.02 (inclusive.)
Configuration
1.Create a new application sensor and give it a name for example "Ultrasurf" then add the following entries as shown below:-
Category --> Proxy
Application --> Freegate.Searching
Action --> block
and
Category --> Proxy
Application --> Ultrasurf.9.6+
Action --> block
2.Apply this application sensor in the UTM profile which is being used on the firewall policy from internal to external. This application sensor must also be applied to the firewall policy managing client>to DNS server traffic.
NB:-To successfully block Ultrasurf traffic there must be a UTM profile with the firewall policy managing the client to DNS Server traffic.
3.On the client PC the cached server ip "utmp" folder installed under the same folder of the Ultrasurf executable file must be cleared..
Related Articles
