FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kraturi_FTNT
Staff
Staff

Description

OpenVPN software solutions are rather easy to setup by users of a private network, and could be utilized to bypass security policies within your organization. 

There are several ways how to prevent unwanted communication through such applications, and this article shows an example how to block well known applications of this type on a FortiGate unit.


Scope

FortiGate 4.0 MR3
FortiGate 5.0.x (MR0)


Solution

To protect you network, following steps can be followed to block Free OpenVPN software utilities.

 

 

 
1.  Go to: UTM Security Profiles -> Application Control -> Application Sensor
 

Create a new application sensor and give it a name for example "OPENVPN", and then add the following entries as shown below:

 

kraturi_openvpn1.PNG

 

 

 

 

 

 
2.  Select "Specify Applications"

 

 

 

 

 

kraturi_openvpn2.PNG 

 

 

3.  Filter the application by name (OpenVPN)

 

 

 

 

 

kraturi_openvpn3.PNG 

 

 

4.  Select Action > Block

 

 

 

 

 

 

kraturi_openvpn4.PNG 

 

 

5. Enable the Application Control Profile into respective Firewall Policy

 

 

 

 

 

kraturi_openvpn5.PNG 

 

 

6.  Edit respective Firewall Policy

 

 

 

 

 

kraturi_openvpn6.PNG 

 

 

7.  Enable Application Control and choose the Application Sensor Profile, then select Save.

 

kraturi_openvpn7.PNG

 

 

 

Contributors