Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Medo162
New Contributor

FreeVPN app needs to be blocked in a school network

Hi Team,

 

I have a FortiGate-200E that I need to have FreeVPN app that can be downloaded from AppStore to be blocked.

I wasn't able to find any logs on FAZ related to the traffic from when the device is trying to connect to a sever and connect to VPN and therefore I submitted a request to Fortinet to create a customized app signature and have applied the below two app signature to the application control security profile and blocked freevpn.org and freevpnapp.org but the devices are still able to connect to Free VPN.

 

The customized app signature are as below:

 

F-SBID( --attack_id 9999; --name "FreeVPN.TCP.custom2"; --protocol tcp; --flow from_client; --pattern "|00 24|"; --context packet; --distance 8,packet; --within 2,packet; --pcre "/\wFV-/i"; --context packet; --distance 0; --within 4; --tag TEST,Tag.FreeVPNBlockDP; --app_cat 6; --weight 20; )

 

F-SBID( --attack_id 9998; --name "FreeVPN.SSL.custom3"; --protocol tcp; --service ssl; --flow from_client; --seq =,1,relative; --pattern "|16 03 01 01 33 01 00 01 2f 03 03|"; --context packet; --within 11,context; --pattern "|00 00 00 0f 00 0d 00 00 0a 67 6f 6f 67 6c 65 2e 63 6f 6d|"; --context packet; --distance 0; --app_cat 6; --weight 20; )

 

Did you guys have any recommendation on how to go about blocking this application?

 

IMG_1AD944E57CED-1.jpeg

 

 

 

 

Ahmed Al-Rashed
1 REPLY 1
JWJ
Staff
Staff

Have you tried to use the "VPN-Anonymizing.VPN.Server" ISDB entry as well as the above signatures you applied?