Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Gr1n3
New Contributor

How to block Chrome extensions with Fortigate 60E

Hello All,

 

I have a serious security issue and need your help to solve it.

I have a Fortigate 60E securing Internet access, I'm using Security profile to block unwanted websites and applications and it's working fine except for Chrome extensions. I found that some users are using Hoxx and Windscribe extensions for chrome.

They are able to bypass our security rules and connect to some sites that are blocked by Company's policy.

Could you please help me finding a solution for that.

 

Thanks and kind regards,

Gr1n3

1 Solution
stanislav_timofeev
New Contributor II

Hi.

To block this you may simply create Application Control profile with these apps blocked (or "Proxy" category at all) and apply it on your lan-to-wan firewall policy. 

Fortinet already has signatures for these applications.

https://fortiguard.com/appcontrol/42312/hoxx-vpn

[link]https://fortiguard.com/appcontrol/43625/windscribe[/link]

 

NSE 8 #003249, FCT, CCSE, CompTIA CTT+

View solution in original post

NSE 8 #003249, FCT, CCSE, CompTIA CTT+
8 REPLIES 8
stanislav_timofeev
New Contributor II

Hi.

To block this you may simply create Application Control profile with these apps blocked (or "Proxy" category at all) and apply it on your lan-to-wan firewall policy. 

Fortinet already has signatures for these applications.

https://fortiguard.com/appcontrol/42312/hoxx-vpn

[link]https://fortiguard.com/appcontrol/43625/windscribe[/link]

 

NSE 8 #003249, FCT, CCSE, CompTIA CTT+

NSE 8 #003249, FCT, CCSE, CompTIA CTT+
Gr1n3

Hi Stanislav,

Thank you for your reply, as I said earlier, I already added the two signature to the Security profil => application Control => Add signature. by doing this the hoxx and windscribe desktop application were blocked successfully however the chrome extensions are still working :(

Kind regards,

Gr1n3 

stanislav_timofeev

Do you have deep ssl inspection enabled? 

NSE 8 #003249, FCT, CCSE, CompTIA CTT+

NSE 8 #003249, FCT, CCSE, CompTIA CTT+
Gr1n3

I have the "Certificat-Inspection" enabled not "Deep-inspection"

Should I turn it to "deep-inspection", will this affect my current config by blocking any kind of traffic that is aready allowed and working fine?

Thanks for your reply,

Gr1n3

stanislav_timofeev

So it seems to be a root cause. With deep inspection enabled FG should be able to block mentioned extensions.

If you enable it - it will not block traffic itself, but you need to prepare your end users to this. 

Take a look on this: https://cookbook.fortinet.com/preventing-certificate-warnings/ 

NSE 8 #003249, FCT, CCSE, CompTIA CTT+

NSE 8 #003249, FCT, CCSE, CompTIA CTT+
Gr1n3

ok, will do and keep you informed.

thanks

Gr1n3
New Contributor

Thank you Stanislav, it worked well.

mohamed-abdo

how do this?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors