Description
This article describes how to block NordVPN using a custom application signature in FortiGate. It provides a solution for cases where NordVPN is not being blocked by standard application control profiles.
Scope
FortiGate.
Solution
- Create a Custom Signature.
- Go to Security Profiles -> Application Control -> Custom Signatures -> Create New.
- Define the signature with the following parameters:
F-SBID( --name 'NordVPN.Custom';--protocol tcp;--service SSL;--app_cat 6;--weight 15;--pattern nord;--context host;--no_case;--pcre /nord(vpn|sec|account|auth)\x2ecom/i;)
-
- Apply the Custom Signature in an Application Control Profile.
- Go to Security Profiles -> Application Control.
- Select the desired profile and add the custom signature.
- Ensure the action for the signature is set to Block.
- Attach the Application Control Profile to a Firewall Policy.
- Select the firewall policy that handles the relevant traffic.
- Enable the application control profile for the policy.
- For encrypted VPN traffic, enable SSL Deep Inspection to ensure detection.
- Verify Blocking.
- Attempt to establish a NordVPN connection from a client machine.
- Monitor logs or packet captures to confirm that the VPN traffic is blocked.
