Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rede
New Contributor

Created on ‎05-07-2012 06:36 AM

Ultrasurf

Good morning, I have problems to block the Ultrasurf. In the FortiAnalyzer log shows that is blocking, but the application works without problem. In profile of application control has already put him in 1st place, but it still works. Does anyone have any suggestions?
4277
0 Kudos
6 REPLIES 6
billp
Contributor

Created on ‎05-07-2012 08:57 AM

The following suggestions originally came to me from tech support when I inquired about Ultrasurf months ago: 1. Are you sure it' s not blocked? The Fortigate will usually let Ultrasurf get access to the initial Google search page but subsequent traffic will be blocked. 2. If Ultrasurf has already been installed before it was initially blocked by the firewall, it might have downloaded the proxy lists it needs to bypass the firewall. These lists change rapidly -- eventually the traffic will be blocked since the Fortigate blocks subsequent downloads of the file. 3. You also need to block Freegate.Searching prior to the Ultrasurf9.6+ signature. If the above don' t help, you should probably open a support ticket. Fortinet monitors Ultrasurf pretty closely and tries to update the signatures as quickly as possible. Sometimes there are delays with the new Ultrasurf updates, though.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

1594
0 Kudos
Rede
New Contributor
In response to billp

Created on ‎05-07-2012 10:54 AM

Hello, He is connecting successfully and i can open other pages besides the goole. The firewall was already installed when i found the UltraSurf on the network. I blocked all the proxy category, but also tried to put the Freegate.Searching before UltraSurf and neither worked.
1624
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎05-07-2012 10:57 AM

Have a look at this: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD32701&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=32400066&stateId=0%200%2032398911

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

1624
0 Kudos
Rede
New Contributor
In response to Carl_Wallmark

Created on ‎05-07-2012 11:30 AM

I had done this test, but still working. I put UltraSurf 9.6 + and above it put the Freegate.Searching.
1594
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎05-07-2012 11:34 AM

did you also apply it to the DNS traffic:
2.Apply this application sensor in the UTM profile which is being used on the firewall policy from internal to external. This application sensor must also be applied to the firewall policy managing client>to DNS server traffic. NB:-To successfully block Ultrasurf traffic there must be a UTM profile with the firewall policy managing the client to DNS Server traffic.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

1594
0 Kudos
Rede
New Contributor
In response to Carl_Wallmark

Created on ‎05-07-2012 12:45 PM

I did the way you showed me, but without success. The machines on my network query my internal DNS server only.
1594
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.