Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mpandya
Staff
Staff

Created on ‎08-26-2025 03:32 AM Edited on ‎08-26-2025 05:42 AM By Moderator

Article Id 408147

Technical Tip: How to block super unlimited proxy VPN

Description This article describes how to block an end user from using a super unlimited proxy VPN.
Scope FortiGate.
Solution

To block a super unlimited proxy.


Custom application signatures for unlimited proxy:

F-SBID( --name "Super.Unlimited.Proxy.Custom"; --app_cat 6; --weight 10; --protocol tcp; --service SSL; --pcre "/\x2E(superunlimited|mobilejump)\x2E/i"; --context host; --no_case; --tag

cset,cTag.Super.Unlimited.Proxy.Custom,300,src_ip,all_sessions; )

  

F-SBID( --name "Super.Unlimited.Proxy.TCP.Custom"; --app_cat 6; --weight 10; --protocol tcp; --dst_port 443; --pattern "|43 68 61 6e 67 65 4d 65 30|"; --context packet; --pattern !"|16 03|"; --context packet; --within 2,context; --pattern !"|17 03|"; --context packet; --within 2,context; --pattern !"HTTP"; --context packet; --no_case; --pattern !"SSH-"; --context packet; --no_case; --tag test,cTag.Super.Unlimited.Proxy.Custom; )


Create Custom Signature from CLI:

 

config application custom
    edit "Super.Unlimited.Proxy.Custom"
        set signature "F-SBID( --attack_id 1333; --name \"Super.Unlimited.Proxy.Custom\"; --app_cat 6; --weight 10; --protocol tcp; --service SSL; --pcre \"/\\x2E(superunlimited|mobilejump)\\x2E/i\"; --context host; --no_case; --tag cset,cTag.Super.Unlimited.Proxy.Custom,300,src_ip,all_sessions; )"
        set category 6
    next
    edit "Super.Unlimited.Proxy.TCP.Custom"
        set signature "F-SBID( --attack_id 4820; --name \"Super.Unlimited.Proxy.TCP.Custom\"; --app_cat 6; --weight 10; --protocol tcp; --dst_port 443; --pattern \"|43 68 61 6e 67 65 4d 65 30|\"; --context packet; --pattern !\"|16 03|\"; --context packet; --within 2,context; --pattern !\"|17 03|\"; --context packet; --within 2,context; --pattern !\"HTTP\"; --context packet; --no_case; --pattern !\"SSH-\"; --context packet; --no_case; --tag test,cTag.Super.Unlimited.Proxy.Custom; )"
        set category 6
    next
end

 

Follow the article below:

Technical Tip: How to apply and validate a custom application signature in FortiGate

 

Later, set the category 'Proxy' and the signatures, 'IKE' and 'ISAKMP', to block in application control; this should block most VPNs.

 

PPTP, L2TP signature falls under the proxy category, so it will cover VPN using those protocols. Ensure to use deep inspection in the firewall policy.

 

Follow the article below:

Technical Tip: How to block third party VPN

Note:
Fortinet's Technical Support department does not offer technical assistance in customizing application control signatures.

Use this form to submit a custom application signature request:

Application Control Submission Form

Details about what is and is not supported by Fortinet TAC support in support tickets can be found here:

Technical Tip: Technical support on customization on various Fortinet products

 

201
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.