Hello All,
I have a serious security issue and need your help to solve it.
I have a Fortigate 60E securing Internet access, I'm using Security profile to block unwanted websites and applications and it's working fine except for Chrome extensions. I found that some users are using Hoxx and Windscribe extensions for chrome.
They are able to bypass our security rules and connect to some sites that are blocked by Company's policy.
Could you please help me finding a solution for that.
Thanks and kind regards,
Gr1n3
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi.
To block this you may simply create Application Control profile with these apps blocked (or "Proxy" category at all) and apply it on your lan-to-wan firewall policy.
Fortinet already has signatures for these applications.
https://fortiguard.com/appcontrol/42312/hoxx-vpn
[link]https://fortiguard.com/appcontrol/43625/windscribe[/link]
NSE 8 #003249, FCT, CCSE, CompTIA CTT+
Hi.
To block this you may simply create Application Control profile with these apps blocked (or "Proxy" category at all) and apply it on your lan-to-wan firewall policy.
Fortinet already has signatures for these applications.
https://fortiguard.com/appcontrol/42312/hoxx-vpn
[link]https://fortiguard.com/appcontrol/43625/windscribe[/link]
NSE 8 #003249, FCT, CCSE, CompTIA CTT+
Hi Stanislav,
Thank you for your reply, as I said earlier, I already added the two signature to the Security profil => application Control => Add signature. by doing this the hoxx and windscribe desktop application were blocked successfully however the chrome extensions are still working :(
Kind regards,
Gr1n3
Do you have deep ssl inspection enabled?
NSE 8 #003249, FCT, CCSE, CompTIA CTT+
I have the "Certificat-Inspection" enabled not "Deep-inspection"
Should I turn it to "deep-inspection", will this affect my current config by blocking any kind of traffic that is aready allowed and working fine?
Thanks for your reply,
Gr1n3
So it seems to be a root cause. With deep inspection enabled FG should be able to block mentioned extensions.
If you enable it - it will not block traffic itself, but you need to prepare your end users to this.
Take a look on this: https://cookbook.fortinet.com/preventing-certificate-warnings/
NSE 8 #003249, FCT, CCSE, CompTIA CTT+
ok, will do and keep you informed.
thanks
Thank you Stanislav, it worked well.
how do this?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.