How Application Control Block VPNGATE-Client ?

Author
buntha
Bronze Member
  • Total Posts : 34
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/03/23 00:48:23
  • Status: offline
2015/05/28 19:21:13 (permalink)
0

How Application Control Block VPNGATE-Client ?

Dear Everyone!!!
I have problem with my client use vpn proxy "vpn gate" to connect to other proxy avoid our proxy.
so how application control can be block it ?? because i don't see name this application in our APP-Category.
Please see Image Attach.
Thank

Attached Image(s)

#1

6 Replies Related Threads

    YtseJam
    Silver Member
    • Total Posts : 71
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/09/23 20:44:30
    • Status: offline
    Re: How Application Control Block VPNGATE-Client ? 2015/05/28 22:56:23 (permalink)
    0
    Hi buntha,
     
    Good day, you need to create a custom application signature for VPNGATE-Client. 
    You can refer to this for the syntax. 
    http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/Security.009.09.html 
     
    or you may submit your application here:
    http://www.fortiguard.com/encyclopedia/applications/appform.html 
     
     

     

    post edited by YtseJam - 2015/05/28 23:41:50
    #2
    YtseJam
    Silver Member
    • Total Posts : 71
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/09/23 20:44:30
    • Status: offline
    Re: How Application Control Block VPNGATE-Client ? 2015/05/28 23:55:10 (permalink)
    0
    Based from your attached screenshot, app name is "SoftEther". You can check it on your application signatures.

    Attached Image(s)

    #3
    Irfan Pathan
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2012/08/13 04:51:23
    • Location: Indore (India)
    • Status: offline
    Re: How Application Control Block VPNGATE-Client ? 2015/05/29 00:17:04 (permalink)
    0
    Dear All...
    You can block tunneling services. Create New policy and block tunneling services.
    see attached screenshot.
     
    -Irfan Pathan
     

    Attached Image(s)

    #4
    Irfan Pathan
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2012/08/13 04:51:23
    • Location: Indore (India)
    • Status: offline
    Re: How Application Control Block VPNGATE-Client ? 2015/05/29 00:19:11 (permalink)
    0
    If you asked about SoftEther then: 
    SoftEther VPN uses HTTPS protocol in order to establish a VPN tunnel. HTTPS (HTTP over SSL) protocol uses the 443 of TCP/IP port as destination. This port is well-know and almost all firewalls, proxy servers and NATs can pass the packet which are consisted in HTTPS protocol. 
     
    1. Go to Policies & objects > SSL/SSH Inpection > select your profile > Enable full ssl inspection. 
    This ssl profile uses deep inspection. End users will likely see certificate warnings unless the certificate is installed in their browser.
    2. In your Application sensor add signature "SoftEther" and set action to "reset". 
     
    -Irfan Pathan
    #5
    buntha
    Bronze Member
    • Total Posts : 34
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/03/23 00:48:23
    • Status: offline
    Re: How Application Control Block VPNGATE-Client ? 2015/05/29 22:02:27 (permalink)
    0
    Dear all!!!
    Thank  for you best answers for Application Softether i am already block, but still can out of proxy fortigate, and after i apply policy to block tuning but still can access out of proxy fortigate the same, if i block with deep scan ssh/ssl inspection this is rise for me to install Certificate all pc in my Company more than 300 pcs os did you have other way to block from ssl/ssh inspection.
    You know ask Softether vpn-gate some can connect some cannot connect. Please see vpn country connected by this link http://www.vpngate.net/en/
    Then thank so much for your advices.
    Best Regard,
    Yin Buntha
     
     
    #6
    buntha
    Bronze Member
    • Total Posts : 34
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/03/23 00:48:23
    • Status: offline
    Re: How Application Control Block VPNGATE-Client ? 2015/06/23 00:24:45 (permalink)
    0
    Dear Everyone!!!
    I am still cannot block Ethersoft"VPN Gate" i am enabled deep scan ss/ssh inspection then app control click on ethersoft to reset or block but cannot block this application so have other way to block it.
    Please help, see attach bellow!!! 
    #7
    Jump to:
    © 2021 APG vNext Commercial Version 5.5