- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to block Chrome extensions with Fortigate 60E
Hello All,
I have a serious security issue and need your help to solve it.
I have a Fortigate 60E securing Internet access, I'm using Security profile to block unwanted websites and applications and it's working fine except for Chrome extensions. I found that some users are using Hoxx and Windscribe extensions for chrome.
They are able to bypass our security rules and connect to some sites that are blocked by Company's policy.
Could you please help me finding a solution for that.
Thanks and kind regards,
Gr1n3
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
To block this you may simply create Application Control profile with these apps blocked (or "Proxy" category at all) and apply it on your lan-to-wan firewall policy.
Fortinet already has signatures for these applications.
https://fortiguard.com/appcontrol/42312/hoxx-vpn
[link]https://fortiguard.com/appcontrol/43625/windscribe[/link]
NSE 8 #003249, FCT, CCSE, CompTIA CTT+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
To block this you may simply create Application Control profile with these apps blocked (or "Proxy" category at all) and apply it on your lan-to-wan firewall policy.
Fortinet already has signatures for these applications.
https://fortiguard.com/appcontrol/42312/hoxx-vpn
[link]https://fortiguard.com/appcontrol/43625/windscribe[/link]
NSE 8 #003249, FCT, CCSE, CompTIA CTT+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Stanislav,
Thank you for your reply, as I said earlier, I already added the two signature to the Security profil => application Control => Add signature. by doing this the hoxx and windscribe desktop application were blocked successfully however the chrome extensions are still working :(
Kind regards,
Gr1n3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have deep ssl inspection enabled?
NSE 8 #003249, FCT, CCSE, CompTIA CTT+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the "Certificat-Inspection" enabled not "Deep-inspection"
Should I turn it to "deep-inspection", will this affect my current config by blocking any kind of traffic that is aready allowed and working fine?
Thanks for your reply,
Gr1n3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So it seems to be a root cause. With deep inspection enabled FG should be able to block mentioned extensions.
If you enable it - it will not block traffic itself, but you need to prepare your end users to this.
Take a look on this: https://cookbook.fortinet.com/preventing-certificate-warnings/
NSE 8 #003249, FCT, CCSE, CompTIA CTT+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok, will do and keep you informed.
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Stanislav, it worked well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how do this?
