Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
supportabad
New Contributor II

Created on ‎12-31-2014 03:29 AM

Freegate blocking issue

Dear all,

 

We have FG200D with fortios 5 patch 7. 

 

We are unsuccessful in blocking freegate.searching application through fortigate. We have configured application control to block all proxy softwares and web filter profile to block "proxy avoidance" category. 

 

Fortigate logs shows that freegate.searching is being blocked but actually users can easily bypass it to access blocked websites. 

 

Please help me in creating custom application/ips signature to block freegate.

 

regards

Burhan

11507
0 Kudos
5 REPLIES 5
Dave_Hall
Honored Contributor

Created on ‎12-31-2014 05:03 AM

Can you provide an example of such logs, specifically what ports are being used to send traffic through?  Some proxy software will use known ports that are usually open, like DNS (port 53).  

 

If it is DNS traffic, you should set up a firewall policy allowing access to allowed DNS servers (IP addresses), then create an app sensor for proxy avoidance and tie it to that policy.  Then below this policy create another policy blocking all other DNS traffic.

 

Edit: if your company is running an internal DNS server (e.g. Windows AD server) then the only DNS traffic you really should see on the Fortigate is from the server itself -- you could block all other source IP addresses that connect directly to outside DNS servers.  But check with management to see if your company wants to choose that option.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Proxy-App-Sensor-DNS.gif
Preview file
96 KB
4272
0 Kudos
Fahad
New Contributor III

Created on ‎12-31-2014 05:58 AM

can you share with us how you are blocking it..

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.
4272
0 Kudos
Fullmoon
Contributor III

Created on ‎01-04-2015 05:26 PM

I would suggest to upgrade to the latest firmware.

Fortigate Newbie

Fortigate Newbie
4272
0 Kudos
supportabad
New Contributor II

Created on ‎01-07-2015 02:44 AM

Dear all,

Thanks for reply.

 

Please find the attached snapshot of application control profile and logs which shows that it is blocked.

 

Please note that the freegate is blocked sometimes by fortigate, but if we change its port(default 8085) or try it 4-5 times, it bypasses fortigate. The forward traffic logs always display that it is getting blocked but actually it is getting allowed.

Capture.JPG
Preview file
132 KB
4272
0 Kudos
Dave_Hall
Honored Contributor
In response to supportabad

Created on ‎01-07-2015 06:42 AM

Can you provide a pic of your firewall policy rules list, pointing out which rule(s) has the app sensor attached to them -- something like the attached pic.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Default-Firewall-policy-list.gif
Preview file
105 KB
4272
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.