Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Blocking Open Proxy

I try to block open proxy by blocking Proxy Category in Application Control.

So far didn't success.

If someone had success blocking that, please share


Test: -search open proxy that using port 80 from [link][/link] -set Chrome using open proxy for example port 80 -test whether can access


FYI, PaloAlto can block open proxy and SoftEther, but can't block Opera Turbo or Psiphon3



When FortiGate will have Opera Turbo Application Control



1 Solution
New Contributor III


on my fortigate the block works fine.


look atteched file

View solution in original post

Contributor II


please use this IPS signature and share results.


F-SBID(--name "Opera.Turbo.IPS"; --default_action drop_session; --service HTTP; --protocol tcp;--flow from_client;--pattern "X-Opera-Host:"; --no_case; --context header;)

Tuncay BAS
RZK Muhendislik Turkey
Tuncay BASRZK Muhendislik TurkeyFCA,FCP,FCF,FCSS
New Contributor

You can try the following custom application control signatures. 

UDP Connections:

F-SBID( --protocol udp; --flow from_client; --src_port 10000:; --dst_port 1024:; --seq 1,relative; --pattern !"|00 00|"; --within 16,packet; --data_size >16; --data_size <40; --tag set,softEther.UDP.tag; --app_cat 6; )
# please set this signature to 'Monitor'

F-SBID( --protocol udp; --flow from_server; --src_port 1024:; --seq 1,relative; --pattern !"|00 00|"; --within 16,packet; --data_size >90; --data_size <350; --tag test,softEther.UDP.tag; --app_cat 6; )
# please set this signature to 'Reset'

TCP Connections (Please set the following custom signatures to block or reset):

F-SBID( --protocol tcp; --service SSL; --flow from_server; --pattern ""; --context host; --no_case; --app_cat 6; )

F-SBID( --protocol tcp; --seq =,1,relative; --service SSL; --flow from_client; --pattern "|16 03 01|"; --within 3,packet; --pattern "|01|"; --context packet; --distance 5,context; --within 1,context; --pattern "|00 00 6E|"; --context packet; --distance 37; --within 3; --pattern "|01 00|"; --context packet; --distance 110; --within 2; --pattern "|00 0f 00 01 01|"; --context packet; --distance 5,context,reverse; --within 5,context; --pcre "/[0-9]{1,3}\x2e[0-9]{1,3}\x2e[0-9]{1,3}\x2e[0-9]{1,3}/"; --context host; --app_cat 6; )

F-SBID( --protocol tcp; --seq =,1,relative; --service SSL; --flow from_client; --pattern "|16 03 01|"; --within 3,packet; --pattern "|01|"; --context packet; --distance 5,context; --within 1,context; --pattern "|00 2a 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff|"; --context packet; --distance 0; --pattern "|00 00|"; --context packet; --distance 0; --pattern "|00 00|"; --context packet; --distance 4; --pcre "/[0-9]{1,3}\x2e[0-9]{1,3}\x2e[0-9]{1,3}\x2e[0-9]{1,3}/"; --context packet; --distance 15,context,reverse; --app_cat 6; )

There is a bug with UDP signatures having detection loss in certain unique cases like VPNGate. It is currently being analyzed and fixed by the engine team. We will update you when a patch is available. An alternative would be to try the custom signatures for UDP connections. There could be some false positive risks though.

 Second Please create 2 IPS signature for UDP connection Below:

F-SBID( --protocol udp; --flow from_client; --default_action pass; --src_port 10000:; --dst_port 1024:; --seq 1,relative; --pattern !"|00 00|"; --within 16,packet; --data_size >16; --data_size <40; --tag set,softEther.UDP.IPS.tag; ) 

F-SBID( --protocol udp; --flow from_server; --default_action drop_session; --src_port 1024:; --seq 1,relative; --pattern !"|00 00|"; --within 16,packet; --data_size >90; --data_size <350; --tag test,softEther.UDP.IPS.tag; )

Please following my step it's working well at my place.
Please see attach image: for IPS signature
Best Regard,
Yin Buntha
New Contributor III


With Opera Turbo ON, I can still access Internet.

What I want is, without Opera Turbo user can access Internet but can't if Opera Turbo on



-create IPS signature OperaTurbo with ACTION BLOCK

-create policy with ACTION ACCEPT and IPS filter ON OperaTurbo


@Yin Buntha Your SoftEther solution is already working in another thread.

But in this thread I am asking how to block Opera Turbo and Open Proxy.

Or do you mean I can use SoftEther policy to block Opera Turbo?

If that the case, I can still bypass blocking using Opera Turbo
New Contributor III


on my fortigate the block works fine.


look atteched file

New Contributor III


Can you please share your policy for Opera Turbo and Open Proxy

Which one you successfully blocked
New Contributor III

In Mikrotik I am using this filter

Mikrotik: /ip firewall address-list add address= list=LAN /ip firewall layer7-protocol add name=opera regexp="^.+(*\$" /ip firewall filter add action=drop chain=forward layer7-protocol=opera src-address-list=LAN Basically it will block anything going to   How to achieve that in Fortigate

FYI I am using Fortigate 5.4 Unlicensed in Unetlab


Check out our Community Chatter Blog! Click here to get involved
Top Kudoed Authors