Dear All... You can block tunneling services. Create New policy and block tunneling services.

see attached screenshot.

-Irfan Pathan

If you asked about SoftEther then:  SoftEther VPN uses HTTPS protocol in order to establish a VPN tunnel. HTTPS (HTTP over SSL) protocol uses the 443 of TCP/IP port as destination. This port is well-know and almost all firewalls, proxy servers and NATs can pass the packet which are consisted in HTTPS protocol.    1. Go to Policies & objects > SSL/SSH Inpection > select your profile > Enable full ssl inspection.  This ssl profile uses deep inspection. End users will likely see certificate warnings unless the certificate is installed in their browser. 2. In your Application sensor add signature "SoftEther" and set action to "reset".    -Irfan Pathan

Dear all!!!

Thank  for you best answers for Application Softether i am already block, but still can out of proxy fortigate, and after i apply policy to block tuning but still can access out of proxy fortigate the same, if i block with deep scan ssh/ssl inspection this is rise for me to install Certificate all pc in my Company more than 300 pcs os did you have other way to block from ssl/ssh inspection.

You know ask Softether vpn-gate some can connect some cannot connect. Please see vpn country connected by this link [link]http://www.vpngate.net/en/[/link]

Then thank so much for your advices.

Best Regard,

Yin Buntha

Dear Everyone!!!

I am still cannot block Ethersoft"VPN Gate" i am enabled deep scan ss/ssh inspection then app control click on ethersoft to reset or block but cannot block this application so have other way to block it.

Please help, see attach bellow!!!