I have problems to block the Ultrasurf.
In the FortiAnalyzer log shows that is blocking, but the application works without problem.
In profile of application control has already put him in 1st place, but it still works.
Does anyone have any suggestions?
The following suggestions originally came to me from tech support when I inquired about Ultrasurf months ago:
1. Are you sure it' s not blocked? The Fortigate will usually let Ultrasurf get access to the initial Google search page but subsequent traffic will be blocked.
2. If Ultrasurf has already been installed before it was initially blocked by the firewall, it might have downloaded the proxy lists it needs to bypass the firewall. These lists change rapidly -- eventually the traffic will be blocked since the Fortigate blocks subsequent downloads of the file.
3. You also need to block Freegate.Searching prior to the Ultrasurf9.6+ signature.
If the above don' t help, you should probably open a support ticket. Fortinet monitors Ultrasurf pretty closely and tries to update the signatures as quickly as possible. Sometimes there are delays with the new Ultrasurf updates, though.
Fortigate 600C 5.0.12, 111C 5.0.2
He is connecting successfully and i can open other pages besides the goole.
The firewall was already installed when i found the UltraSurf on the network.
I blocked all the proxy category, but also tried to put the Freegate.Searching before UltraSurf and neither worked.
2.Apply this application sensor in the UTM profile which is being used on the firewall policy from internal to external. This application sensor must also be applied to the firewall policy managing client>to DNS server traffic.
NB:-To successfully block Ultrasurf traffic there must be a UTM profile with the firewall policy managing the client to DNS Server traffic.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.