Hot!OpenVPN seen as Hotspot.Shield

Author
KPS
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/08 05:40:39
  • Status: offline
2017/05/19 08:01:25 (permalink) 5.4
0

OpenVPN seen as Hotspot.Shield

Hi!
 
I am using Fortigate 5.4.4 systems, but there is a problem with the application control:
 
If I am running openVPN through a Fortigate, the connections are dropped from time to time, because the app changes from openVPN to Hotspot.Shield (which is blocked by a rule).
 
Is there any possibility to avoid this behaviour without disabling the app-ruleset?
 
Thank you and best wishes,
KPS
#1

4 Replies Related Threads

    hmtay_FTNT
    Gold Member
    • Total Posts : 178
    • Scores: 22
    • Reward points: 0
    • Joined: 2017/02/22 11:02:10
    • Status: online
    Re: OpenVPN seen as Hotspot.Shield 2017/05/19 20:01:12 (permalink)
    0
    Hello KPS,
     
    Can you get a packet capture for me? I will check it and if it's a False Positive, we will fix the signature. You can send me the file through a PM.
     
    HoMing
    #2
    KPS
    New Member
    • Total Posts : 19
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/08 05:40:39
    • Status: offline
    Re: OpenVPN seen as Hotspot.Shield 2017/05/19 23:24:24 (permalink)
    0
    Hi HoMing!
     
    Thank you for your answer!
     
    Can you give me a hint on how to capture these packages? The problem is, that the stream is seen ass app "OpenVPN" correctly, but after some idle-time, the classification changes from "OpenVPN" to "Hotspot.Shield". If I configure the sniffer-filter with the layer-4 filter "udp port 1194", I have tons of data on which the classification changes at some point.
     
    Is there any possibility to capture packages and filter on "application=Hotspot.Shield"?
     
    Thank you
    Regards,
    KPS
    #3
    hmtay_FTNT
    Gold Member
    • Total Posts : 178
    • Scores: 22
    • Reward points: 0
    • Joined: 2017/02/22 11:02:10
    • Status: online
    Re: OpenVPN seen as Hotspot.Shield 2017/05/20 06:35:27 (permalink)
    0
    Hello KPS,
     
    Can you send me the Application Logs and Forward Traffic Logs so I can take a look at it first? We can then decide how to filter the sniffer to catch the packets.
     
    HoMing
    #4
    hmtay_FTNT
    Gold Member
    • Total Posts : 178
    • Scores: 22
    • Reward points: 0
    • Joined: 2017/02/22 11:02:10
    • Status: online
    Re: OpenVPN seen as Hotspot.Shield 2017/06/05 10:59:23 (permalink)
    0
    I am updating the discussion here for future reference. I modified one of the Hotspot.Shield signatures to fix the false positive. 
    #5
    Jump to:
    © 2017 APG vNext Commercial Version 5.5