Hi Team,
I have a FortiGate-200E that I need to have FreeVPN app that can be downloaded from AppStore to be blocked.
I wasn't able to find any logs on FAZ related to the traffic from when the device is trying to connect to a sever and connect to VPN and therefore I submitted a request to Fortinet to create a customized app signature and have applied the below two app signature to the application control security profile and blocked freevpn.org and freevpnapp.org but the devices are still able to connect to Free VPN.
The customized app signature are as below:
F-SBID( --attack_id 9999; --name "FreeVPN.TCP.custom2"; --protocol tcp; --flow from_client; --pattern "|00 24|"; --context packet; --distance 8,packet; --within 2,packet; --pcre "/\wFV-/i"; --context packet; --distance 0; --within 4; --tag TEST,Tag.FreeVPNBlockDP; --app_cat 6; --weight 20; )
F-SBID( --attack_id 9998; --name "FreeVPN.SSL.custom3"; --protocol tcp; --service ssl; --flow from_client; --seq =,1,relative; --pattern "|16 03 01 01 33 01 00 01 2f 03 03|"; --context packet; --within 11,context; --pattern "|00 00 00 0f 00 0d 00 00 0a 67 6f 6f 67 6c 65 2e 63 6f 6d|"; --context packet; --distance 0; --app_cat 6; --weight 20; )
Did you guys have any recommendation on how to go about blocking this application?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Have you tried to use the "VPN-Anonymizing.VPN.Server" ISDB entry as well as the above signatures you applied?
Hello @Medo162
Please check this article on how to block third party VPN
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-third-party-VPN/ta-p/220170#:....
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.