Blocking Ultrasurf

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this recipe, you will use antivirus scanning and application control to block network users from downloading and using Ultrasurf. As mentioned in a recent SysAdmin Note, Ultrasurf is an application that is used to bypass firewalls and browse the Internet anonymously.

In order to complete the final part of this recipe, download Ultrasurf before any security scanning is applied to your Internet traffic.

1. Enabling AntiVirus and Application Control

Go to System > Config > Features and make sure both AntiVirus and Application Control are enabled. If necessary, Apply your changes.

 

2. Editing the default Application Control profile

Go to Security Profiles > Application Control and edit the default profile. Under Applications Override, select Add Signatures.

Search for ultrasurf. Select the signatures, then select Use Selected Signatures.


 

The signatures will be added to the list, with Action set to block. You will also need to block the signature Freegate.Searching.

If you want to include all proxy applications, you can also choose to block the entire Proxy category.

 

3. Adding AntiVirus and Application Control profiles to a security policy

Go to Policy & Objects > Policy > IPv4 and edit the policy that allows connections from the internal network to the Internet.

Under Security Profiles, enable both AntiVirus and Application Control and set both to use to default profiles. Set SSL/SSH Inspection to deep-inspection.

 

4. Updating your AntiVirus and IPS definitions  

Because Ultrasurf is constantly changing, it is recommended to update your AntiVirus and IPS definitions regularly, so that you can continue later versions of the application.

To set up regular updates, go to System > Config > FortiGuard and expand AV & IPS Download Options. Select an appropriate time for definitions to be downloaded.

You can also manually push an update by selecting Update Now.

 

5. Results

Attempt to browse to ultrasurf.us. The page will not load.

On your FortiGate, go to Log & Report > Traffic Log > Forward Traffic and filter for Destination IP: 65.49.14.131 (the IP of ultrasurf.us). Traffic to this destination was blocked by the FortiGate.

 

Attempt to download the Ultrasurf files from a third-party website, such as Download.com

The download will be blocked.

 

Attempt to use the copy of Ultrasurf you downloaded on your computer before starting this recipe. You will be unable to contact a server.

On your FortiGate, go to System > FortiView > Applications > 5 minutes, you will see that the FortiGate has blocked Ultrasurf.

 

For further reading, check out AntiVirus and Application control in the FortiOS 5.2 Handbook.

Victoria Martin

Victoria Martin

Technical Writer at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
Using the deep-inspection profile may cause certificate errors. For information about avoiding this, see Preventing certificate warnings.
This result may vary based on which browser is being used. In the example, Firefox version 40.0.3 was used.
You may have to exit Ultrasurf in order to connect to your FortiGate.