Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
HarveyRebelo
Staff
Staff

Created on ‎09-25-2024 11:24 PM Edited on ‎10-24-2024 09:34 PM By Community Manager

Article Id 344431

Technical Tip: How to Block X-VPN using Application Control and Web Filter

Description

 

This article describes the procedure to block X-VPN.

 

Scope

 

FortiGate v7.0,v 7.2. v7.4.

 

Solution

 

Proxy applications such as (X-VPN) are constantly being updated and, therefore, FortiGate blocking is a 'best effort' practice, which means that a 100% blocking success rate is not guaranteed, this is due to multiple factors including new patterns, domains registered, proxy server IPs, etc.

 

Application updates may result in being able to bypass the FortiGate detection mechanisms, the FortiGuard team is tirelessly working to ensure that any new update is immediately met with a new signature update as well as quickly as possible to block these connection attempts.

 

  1. Ensure that FortiGate Databases are updated.

 

execute update-now

 

HarveyRebelo_8-1727312216114.png

 

  1. After confirming that FortiGate Databases are updated, configure a Web Filter profile in proxy mode as the next (category-based actions can be by default): Security Profiles -> Web Filter.
                                                       

    HarveyRebelo_9-1727312216137.png

  2. Configure an application signature: Security Profiles -> Application Signatures -> Create New -> Custom Application Signatures.

     

    HarveyRebelo_10-1727312216160.png

     

     

See the next configuration:

 

F-SBID(--name "XVPN.TLS1.3.Custom1"; --protocol tcp; --app_cat 6; --weight 15; --service SSL; --flow from_server; --tag test,Tag.PotatoVPN.TLS.ClientHello; --pattern "|160303|"; --context packet; --within 3,context; --pattern "|02|"; --context packet; --distance 2; --within 1; --pattern "|0303|"; --context packet; --distance 3; --within 2; --pattern "|20|"; --context packet; --distance 32; --within 1; --pattern "|14030300010117030313|"; --context packet; --within 300; --depend-on 38941; --depend-on 16074; --depend-on 15896; --depend-on 42533; --scan-range 2k,all;) 

 

HarveyRebelo_11-1727312216163.png

 

  1. Configure Application Control Profile: Security Profiles -> Application Control -> Create New.

Configure the next parameters:

  • Add XVPN signature.
  • Add the custom signature configured previously.
  • Enable the next options:
    • Block applications detected on non-default ports.
    • Allow and Log DNS Traffic.
    • QUIC <block>.
    • Replacement Messages for HTTP-based Applications.

 

HarveyRebelo_12-1727312216185.png

 

  1. After configuring the Web-Filter and Application Control Profile, configure the firewall Policy.
  • Configure the next options on the firewall Policy.
    • Inspection Mode -> Proxy.
    • Web Filter -> XVPN.
    • Application Control -> XVPN.
    • SSL Inspection -> Deep Inspection.

 

HarveyRebelo_13-1727312216192.png

 

  1. After configuring the firewall Policy, try to connect X-VPN, as a result the application is intermittent, connect-disconnect and finally is not possible to navigate.

 

HarveyRebelo_14-1727312216208.png

 

 

HarveyRebelo_15-1727312216222.png

1365
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.