Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vkulik
Staff
Staff

Created on ‎03-24-2010 01:33 PM Edited on ‎01-08-2026 08:12 AM By Community Manager

Article Id 196216

Technical Tip : How to block UltraSurf

Description

 This article describes how can organizations block proxy avoidance applications such as UltraSurf. 
Scope FortiGate.
Solution This article provides the steps to block UltraSurf through a security policy.
UltraSurf traffic does not have a permanent structure and characteristics, hence to create effective signature, application control functionality can be leveraged. 
 
Application control should be to block UltraSurf.
 
Steps

  1. Go to UTM -> Application Control -> Create new list -> Select Create New.

 

image.png

 
  1. Go to Application and Filter Overrides and select Create New from the list. Add UltraSurf, UltraSurf 9.6+, and Freegate. Search, then select the block action for each signature. It is important to add these three signatures to the list.

 

image.png

 

image.png

 

  1. Edit the relevant firewall policies and edit application control to choose the newly created application control profile.  

 

image.png

 
General troubleshooting:
  1. Make sure the latest IPS engine signature version is being used.  
  2. Clear all existing sessions on the firewall after having configured the new application control policy.  A session will continue to work if it was established before the policy was enabled.
Note: This will clear all the session from the firewall, must not be done during production hours. 
 
Run the following from the CLI:
 
diagnose system session clear 

Note: Although UltraSurf sometimes indicates it successfully connects to its server, the connection will be broken soon. The UltraSurf homepage may sometimes be shown. These are expected behaviors but the user should not be able to access other websites.

Note: The UltraSurf software is constantly being updated and it is possible that future versions will not be blocked by the existing signatures. In this case, open a ticket with Fortinet Support and report the version that is being used. If possible, provide traffic sniffer capture output. See Technical Tip: Packet capture (sniffer).

 

Related article:

Technical Tip: Blocking Ultra Surf using Application Control ultrasurf 9.6+ (IPS Engine DB 3.00049)
Labels:
17129
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.