FN SECURE: Blocking Ultrasurf with a Sonicwall Application Firewall

Call Us For Workshops Or Seminars.. In Your University, Colleges, or Schools.
Email Us At : vicky@globallyunique.in

Blocking Ultrasurf with a Sonicwall Application Firewall


 Organizations under pressure to keep students and employees from bypassing internet filters using client technologies, like UltraSurf are in a perpetual game of cat and mouse. A network admin I know used these steps to block it on his Sonicwall:

Ultrasurf uses “140300000101″ for SSL ehlo messages. If you can block this signature with the your firewall you can block ultrasurf. To do this follow these steps:

  1. Create a custom object in Firewall/Application Object section. Lets say the name of the object is “Ultra”
  2. Application object type must be “Custom object”
  3. Match Type must be “Exact Match”
  4. Input Representation must be “Hexadecimal”
  5. Then add Content “140300000101″
Then go to Object Policy/Application Firewall Policy Settings:
  1. Policy name: write whatever you want
  2. Policy type “Custom Policy”
  3. Adress Source “Any”, Destionation “Any”
  4. Service Source “Any”, Destionation “Any”
  5. Exclusion Adrsss “None”
  6. Application Object “Ultra Object” **Select the object which you write in the first section
  7. Action “Reset/Drop”
  8. Users/Group Included “All”, Excluded “None”
  9. Schedule “Always On”
  10. Enable loging “Check”
  11. Redundancy Filters “Use Global settings checked”.
  12. Connection Side “Client Side”.
  13. Direction “Basic” Both
  14. Dont forget to enable the Application Firewall feature. This is a bit easier to do on a Palo Alto firewall since the application is already identified natively by the box, you just have to block it in one of your threat profile policies.
       "No more Orkuting,no more facebook sorry to students

Leave a Reply

Save this Page

Download as PDF