Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Javed_Bashir
New Contributor

Fortigate 6.2.2 unable to block zenmate proxy

Hi, we configured blocking web proxy using web filter and application control. But Fortigate FG-100E using 6.2.2 is fail to block zenmate proxy, even we configured Inspection Mode in Proxy-based and enable deep inspection on policy, but still can users zenmate and bypass Firewall policy. kindly suggest solution. Thanks Regards, Javed Bashir

1 REPLY 1
Dave_Hall
Honored Contributor

Zenmate is listed on the Fortiguard site as a VPN, so trying to block it via classifying it as a web proxy may not work 100%.  Keep in mind that firewall polices (rules) are executed from top-to-bottom, so if you have crafted web filter rules - it should be applied to outgoing web traffic - this rule should be moved up in the firewall rule chain so it can be triggered. 

 

A google search on blocking zenmate seems to indicated this browser-add-on calls home (e.g. zenguard.biz, zenguard.org, zenmate.io, etc.) - you should be able to craft url filters to block those domains. 

 

Learn to use the FortiView->sources and drill down to a device's indivdual sessions to see what exactly is going on.  If a site is not blocked, drill down into that session and see what the fgt says about what firewall policy is allowing that traffic through.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C