Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FooZ
New Contributor

[ISDB] Block external VPN services as source

Dear community,

 

We're trying to block people using VPN services to reach our internal portal. More and more people are using VPN at home (even without knowing it, with VPN included in antivirus) and we're interested in a way to block VPN service as source when trying to connect our internal portal for our staff member.

 

The main problems with VPN service is that the connection can be established from anywhere in the world where regulation isn't compliant with internal policies and the second issue is that a lot of VPN services install a root CA on the client. And you can't be sure what the purpose of this.

 

It's possible to block main VPN services like NordVPN, UltraSurf, ExpressVPN with the FortiGate and the IP Reputation Database? Someone knows what the purpose of the "Proxy-Proxy.Server" IPs list?

 

Thanks for the help.

1 REPLY 1
mauromosc
New Contributor

Hi, Fooz,

 

Have you tried to apply to the policy for your VPN an application Control Profile blocking this kind of VPN services? Look for the openVPN applications.

 

Regards,

Mauro.

Top Kudoed Authors