Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How to block Soft Ether VPN client



I am using FortiGate 90D firewall with Current Running Firmware: FGT90D-5.00-build271. I am using a policy #1 where all internal office traffic is passing to WAN1(INTERNET), I have activated web filter profile (which is working fine) and application control on policy #1. In application control i have blocked the Soft Ether VPN application but its not working.


many people in my office are using the same software to connect the blocked sites. need help.



Hussnain Ali Javed

New Contributor III

Hi buntha,

excuse me I'm new with Fortigate. where should i use these commands?

New Contributor


Please create custom application than action you can block or reset it's base on you want.

Best Regard,

Yin Buntha


New Contributor III


Your solution working to block SofEther.

By choosing P2P (SoftEther inside that App Control) from FortiGate only won't block it.

I excpecting FortiNet fixing their SoftEther filter.

Because if I use your way, I need to create 5 App Signature instead of 1.

BTW thank you for your solution.

Going to test Open Proxy after this



will this work on chrome's dot-vpn add-on?

New Contributor III


I'll try your chrome dot-vpn in CheckPoint

So far I have been successfully block these in CheckPoint in Unetlab


-Opera Turbo

-Chrome add-ons Browsec

-Chrome add-ons ZenMate



I don't have FortiGate 80C/CM subsciption, so I can't test much on those.

I am expecting FortiGate do the same as CheckPoint does which give 15d fully functional+subcription with their  Fortigate vm.

Currently Fortigate only give vm trial but can't update definition.

If not mistaken, if I enable IPS, firewall function will be down.

I try so much to fix those problem, by doing these.

-email to FortiGate Indonesia Channel Manager. No respond at all

-ask thru Linkedin to head of FortiGate Europe. No respond


If FortiGate can't compete with CheckPoint. Why cheap product like Mikrotik can block those

Top Kudoed Authors